I'm building a simple website to explore how I would store Bitshares asset balances for user accounts. Taking typical Bitcoin websites as examples; as a user, you are issued a Bitcoin Address and can send Bitcoins to that address. The website 'owns' the private key to that Bitcoin Address within it's wallet, and can therefore spend the balance of any Bitcoins sent to that address. It's analogous to an account number and pretty simple from a user's perspective (ignoring the amalgam of characters that constitute a Bitcoin address).
However, I'm not clear how to replicate similarly simple behaviour in Bitshares. It seems there are two possible approaches;
1) Create a single 'company' account on the Bitshares blockchain and issue the customer with the name of the account along with a custom 'memo' identifier that allows routing of their funds within the context of the website. This approach was used on Bter and is thwart with the possibility of user-error because the memo field is ostensibly free-text without validation. If the user inputs a wrong character (which they will definitely do) when they are trying to deposit funds, the whole automated process breaks down (and someone supporting the website would need to manually identify and route the funds).
or;
2) Create a unique account on the Bitshares blockchain for each user registering on the website and issue the customer with the name of the account. The account's private keys are held locally by the website and the user uses the name as a unique identifier to route their funds. This seems like an approach that is more user friendly, but raises the possibility of
- A) cluttering the bitshares blockchain
- B) users attempting to register the same account name outside of the website (E.g. through the bitshares client) and being denied because the name is taken by the website
- C) identification of accounts tied to the website by third parties; for example - if new accounts were prefixed 'MYWEBSITE-' (nasty privacy violation)
In the case of B and C, is there a way to stealth-ify accounts? Perhaps through the issuance of an Address (in the same vain as Bitcoin) rather than a friendly account name; and is there a way to prevent or hide account names to avoid identification and relation of accounts back to the website?
I'd really appreciate some input on the available options to solving this problem.