Let's extend drltc's proposal just adding a couple of steps on top of it:
1. User goes over identity verification process, at the end she receives an email with a link (or just link on a webpage) like this:
bts://account/create?provider=btsregprovider.com&id=123456789ABCD (let's call it referral link)
2. User downloads the client and clicks on the link above
3. Client opens up and shows dialog where a user can enter an account name and clicks Register button (provider is selected automatically)
Further it's the same process as in drltc's proposal.
but here is some clarification:
valzav's proposal actually kind of turns my proposal inside out -- instead of running the client and then being linked to a provider website, you start at the provider website and then get linked to the client.
- The user installs the client. One step in the installation process is registering the client with the web browser as a handler for bts:// URL's.
- The user goes to the provider in their browser, does CAPTCHA or whatever anti-sybil measures the provider decides are appropriate.
- When the provider is satisfied the user should be allowed to register, they issue a unique code and provider-controlled callback URL.
- Specifically, the user clicks on a bts:// URL containing the unique code and callback URL.
- The web browser will launch the client with the URL as a command line parameter.
- The client then issues an HTTP(S) request to the callback URL with the unique code, desired account name and public key. (This is fairly safe from a security standpoint as the HTTP request is a RESTful API call, not a webpage that's going to be displayed which opens the door to much mischief.)
- The provider can use the unique code to link the callback to the previous successful registration.
- Provided the unique code is legitimate, the provider registers the account on the blockchain.
As a side note:
- We need to have the client registered as a bts:// URL handler on all supported platforms
- If the client is already running, we need to pass the bts:// URL to the client and exit on all supported platforms
- We should have some way for the user to enter a bts:// link manually if the bts:// URL handler doesn't work on their platform (e.g. it seems unlikely the bts:// link functionality will be flawless out of the box for people building from source on tons of different Linux distros)
- We should have a simple working demo which providers can extend with pretty CSS, branding, and their own verification system.
Overall I approve.