Spruce Developer Update #15
At Spruce, we’re letting users control their identity and data across the web. Here’s the latest from our development efforts:
Sign-In with Ethereum
Sign-In with Ethereum is a new form of authentication that enables users to control their digital identity with their Ethereum account and ENS profile instead of relying on a traditional intermediary.
- We’ve implemented an OpenID Connect Identity Provider Server in Rust. This was done in order to better serve adopters that wanted to consolidate the Sign-In with Ethereum workflow to a single service that could be used to access their entire ecosystem using OpenID Connect to forward the user authentication.
- Work on a Discourse plugin is underway, enabling any self-hosted Discourse forum to include Sign-In with Ethereum as an authentication method.
- We’ve released Rust and Elixir libraries for Sign-In with Ethereum, complete with relevant crates and hex packages (currently for experimental use only as the API stabilizes).
- We are currently working on both a Rails and Sinatra example for the Ruby library, and are also implementing advanced support for Ruby on Rails installations complete with reversible changes to the user data models, or support through OmniAuth if it is installed.
Kepler
Kepler is a decentralized storage network organized around data overlays called Orbits. Kepler allows users to Securely share their digital credentials, private files, and sensitive media to blockchain accounts, all using your Web3 wallet.
We are currently testing an example dapp that uses Sign-In with Ethereum to authenticate with Kepler, leverages session keys, and provides an interface for submitting and retrieving files. With this, anyone with an Ethereum account can also store files privately. After launching the dapp and connecting an Ethereum wallet, the dapp enables the creation of a new Orbit via a Sign-In with Ethereum request to authenticate.
By signing the message, the user is requesting Kepler to create and host an orbit with your Ethereum account being the sole controller. After that, another request appears to delegate access to a session key, which allows you to interact with the dapp for the duration of the session without signing any further messages.
As Kepler matures, it will augment dapps with custom functionality that can fully leverage trusted off-chain storage and computation brought by the user after they Sign-In with Ethereum.
SpruceID
SpruceID is a decentralized identity toolkit that provides everything you need for signing, sharing, and verifying trusted information.
DIDKit
- Improved documentation (ssi#357, ssi#359, didkit#238, didkit#243).
- Added support for did:tz:kt1 (ssi#363).
- Fixed downstream build error (ssi#365).
- Improved JW VC/VP compatibility (ssi#353).
- Added Verifiable Driver's License Vocabulary context file (ssi#361).
- Released ssi-contexts v0.1.2 crate (ssi#368).
- Fixed EcdsaSecp256k1RecoverySignature2020 hashing (ssi#351, ssi#367).
- (In progress) Aleo linked data signature suite and DID resolution (ssi#348, ssi#360).
Standards and Community
- The EIP-4361: Sign-In with Ethereum draft has been accepted and merged as an EIP (EIPs#4361).
- We’ve contributed did:key RSA test vectors to the W3C CCG (did-method-key#41).
- W3C CCG Security Vocabulary improvements (#128).
- W3C CCG IRC Bot improvements (cgbot#2).
- DIF EcdsaSecp256k1RecoverySignature2020 specification maintenance (#21, #23, #24, #25).
Spruce lets users control their data across the web. Through SpruceID and Kepler, Spruce provides an ecosystem of open source tools for developers that let users collect their data in one place that they control, and show their cards however they want. If you're curious about integrating Spruce's technology into your project, come chat with us in our Discord: