Decentralizing Auth (a.k.a. Goodbye OAuth2)

🚧 This is a work in progress 🚧

Decentralized Identifiers (DIDs) - did:key for decentralized identifiers fully controlled by end users via the Web Crypto API in modern browsers

User Controlled Authorization Network - UCAN for granular permissions managed by end users without centralized access controls

Our next project is to build either a library or a reference implementation for decentralized authentication (authn) using the did:key method and the Web Crypto API and distributed authorization (authz) using UCAN. The aim is to provide a robust authn/authz solution that does not rely on centralized infrastructure (i.e., no OAuth2, OpenID Connect, centralized access control lists, Auth servers, etc.).

Imagine registering with and then signing into a web service with a private key stored securely in your browser (better user experience and more secure than username/password). And then imagine giving full or partial access to your account in that web service to someone else simply by assigning those rights to their private key (granular control of permissions without the complexity of a centralized access control list - end users decide exactly what level of access to grant). This is the magic of coupling DIDs and UCAN.

We will write more about it here as it takes shape. Right now we’re still pretty deep in the research phase.