BitShares Forum
Main => Technical Support => Topic started by: questionsquestions on March 02, 2016, 11:08:16 pm
-
I'm building a simple website to explore how I would store Bitshares asset balances for user accounts. Taking typical Bitcoin websites as examples; as a user, you are issued a Bitcoin Address and can send Bitcoins to that address. The website 'owns' the private key to that Bitcoin Address within it's wallet, and can therefore spend the balance of any Bitcoins sent to that address. It's analogous to an account number and pretty simple from a user's perspective (ignoring the amalgam of characters that constitute a Bitcoin address).
However, I'm not clear how to replicate similarly simple behaviour in Bitshares. It seems there are two possible approaches;
1) Create a single 'company' account on the Bitshares blockchain and issue the customer with the name of the account along with a custom 'memo' identifier that allows routing of their funds within the context of the website. This approach was used on Bter and is thwart with the possibility of user-error because the memo field is ostensibly free-text without validation. If the user inputs a wrong character (which they will definitely do) when they are trying to deposit funds, the whole automated process breaks down (and someone supporting the website would need to manually identify and route the funds).
or;
2) Create a unique account on the Bitshares blockchain for each user registering on the website and issue the customer with the name of the account. The account's private keys are held locally by the website and the user uses the name as a unique identifier to route their funds. This seems like an approach that is more user friendly, but raises the possibility of
- A) cluttering the bitshares blockchain
- B) users attempting to register the same account name outside of the website (E.g. through the bitshares client) and being denied because the name is taken by the website
- C) identification of accounts tied to the website by third parties; for example - if new accounts were prefixed 'MYWEBSITE-' (nasty privacy violation)
In the case of B and C, is there a way to stealth-ify accounts? Perhaps through the issuance of an Address (in the same vain as Bitcoin) rather than a friendly account name; and is there a way to prevent or hide account names to avoid identification and relation of accounts back to the website?
I'd really appreciate some input on the available options to solving this problem.
-
I'm building a simple website to explore how I would store Bitshares asset balances for user accounts. Taking typical Bitcoin websites as examples; as a user, you are issued a Bitcoin Address and can send Bitcoins to that address. The website 'owns' the private key to that Bitcoin Address within it's wallet, and can therefore spend the balance of any Bitcoins sent to that address. It's analogous to an account number and pretty simple from a user's perspective (ignoring the amalgam of characters that constitute a Bitcoin address).
However, I'm not clear how to replicate similarly simple behaviour in Bitshares. It seems there are two possible approaches;
1) Create a single 'company' account on the Bitshares blockchain and issue the customer with the name of the account along with a custom 'memo' identifier that allows routing of their funds within the context of the website. This approach was used on Bter and is thwart with the possibility of user-error because the memo field is ostensibly free-text without validation. If the user inputs a wrong character (which they will definitely do) when they are trying to deposit funds, the whole automated process breaks down (and someone supporting the website would need to manually identify and route the funds).
or;
2) Create a unique account on the Bitshares blockchain for each user registering on the website and issue the customer with the name of the account. The account's private keys are held locally by the website and the user uses the name as a unique identifier to route their funds. This seems like an approach that is more user friendly, but raises the possibility of
- A) cluttering the bitshares blockchain
- B) users attempting to register the same account name outside of the website (E.g. through the bitshares client) and being denied because the name is taken by the website
- C) identification of accounts tied to the website by third parties; for example - if new accounts were prefixed 'MYWEBSITE-' (nasty privacy violation)
In the case of B and C, is there a way to stealth-ify accounts? Perhaps through the issuance of an Address (in the same vain as Bitcoin) rather than a friendly account name; and is there a way to prevent or hide account names to avoid identification and relation of accounts back to the website?
I'd really appreciate some input on the available options to solving this problem.
The idea of BitShares is to let end user decide on its account name with
him alone holding the keys to spend funds.
HOWEVER, a registered user can give ADDITIONAL spending permissions to a
webpage by adding the web pages public key to the users active
authority.
http://docs.bitshares.eu/bitshares/user/account-permissions.html
That way, the webpage AND the user have access to those funds via two
different keys! This also has the advantage that customers can opt-out
if they want to keep the account name but no longer use your service.
Not sure if the above answers your question.
-
Thanks for your response, but not really the answer I was looking for. Consider that I want to replicate the same experience as - for example - an exchange like Bitfinex. If I deposit my Bitcoin funds to a Bitcoin Address provided by Bitfinex, they are controlled absolutely by Bitfinex. There is no shared ownership of the account, requirements for user interaction (Above sending funds to the destination address), or potential for misdirection of funds thanks to the checks built into the Bitcoin Address number calculation. I want to be able to replicate that same functionality and there doesn't seem to be a way to do this in Bitshares, or am I mistaken?
-
If I'm understanding you correctly, option (1) is the way to go.
I think most gateways/exchanges using BitShares use the memo field and a uniquely-generated deposit id to route funds to the right place. It's possible to mistype the memo, but don't most people copy-paste?
Also, it's possible to provide a convenience link that automatically takes the user to the web wallet with the account name and memo pre-filled.
-
I think most gateways/exchanges using BitShares use the memo field and a uniquely-generated deposit id to route funds to the right place. It's possible to mistype the memo, but don't most people copy-paste?
That's the problem though. It's freetext. There is literally no way to validate it. Bitcoin Addresses have a built-in checksum that prevents (well, makes it difficult) to enter a wrong number (Destination address for the funds). If a customer does enter the wrong number into the Bitshares 'memo' field (for example; copy & pasting the wrong text length) and submits the transaction, support staff would need to get involved to reroute the funds at the point at which the customer complains their account hasn't been credited. This just isn't an acceptable user experience and will end up happening more often than not.
Also, it's possible to provide a convenience link that automatically takes the user to the web wallet with the account name and memo pre-filled.
How would you do this?
Thanks!
-
Having used the memo route on our exchange for quite some time I can tell you that people don't really mess up the memo, since they know it is there money they are messing with. Only once did I ever have to look at a transaction and credit it manually because of a bad memo.
-
https:// bitshares.openledger.info/#/transfer?from=&to=XXXX&asset=BTS&amount=1000&memo=XXXX
-
https:// bitshares.openledger.info/#/transfer?from=&to=XXXX&asset=BTS&amount=1000&memo=XXXX
Thanks!
Having used the memo route on our exchange for quite some time I can tell you that people don't really mess up the memo, since they know it is there money they are messing with. Only once did I ever have to look at a transaction and credit it manually because of a bad memo.
But I suspect the numbers using Bitshares on your exchange are pretty small and of those few, they are generally reasonably technically competent. The average person isn't (read: mainstream) and will make mistakes (even clever people make mistakes). Unvalidated input fields are always a bad idea where users are involved and an Apple esque user experience is key to any products mainstream adoption.
It's a pity there isn't either the ability to attach some form of validation to the memo field or the ability to create 'aliases' within the Bitshares eco-system that effectively encapsulate a destination account and a memo in a pre-combined package - E.g. some Base58 encoded alias such as "1BTSA1s[morechars]" resolves to Account Name: "TimmysBitsharesAccount" with Memo: "Abc213" . That would certainly address the problem. Perhaps that's a feature that could be requested as a possibility for inclusion?
-
https:// bitshares.openledger.info/#/transfer?from=&to=XXXX&asset=BTS&amount=1000&memo=XXXX
Thanks!
Having used the memo route on our exchange for quite some time I can tell you that people don't really mess up the memo, since they know it is there money they are messing with. Only once did I ever have to look at a transaction and credit it manually because of a bad memo.
But I suspect the numbers using Bitshares on your exchange are pretty small and of those few, they are generally reasonably technically competent. The average person isn't (read: mainstream) and will make mistakes (even clever people make mistakes). Unvalidated input fields are always a bad idea where users are involved and an Apple esque user experience is key to any products mainstream adoption.
It's a pity there isn't either the ability to attach some form of validation to the memo field or the ability to create 'aliases' within the Bitshares eco-system that effectively encapsulate a destination account and a memo in a pre-combined package - E.g. some Base58 encoded alias such as "1BTSA1s[morechars]" resolves to Account Name: "TimmysBitsharesAccount" with Memo: "Abc213" . That would certainly address the problem. Perhaps that's a feature that could be requested as a possibility for inclusion?
Make your own GUI, make the memo field and to field readonly (or hidden)
-
2) Create a unique account on the Bitshares blockchain for each user registering on the website and issue the customer with the name of the account. The account's private keys are held locally by the website and the user uses the name as a unique identifier to route their funds. This seems like an approach that is more user friendly, but raises the possibility of
- A) cluttering the bitshares blockchain
- B) users attempting to register the same account name outside of the website (E.g. through the bitshares client) and being denied because the name is taken by the website
- C) identification of accounts tied to the website by third parties; for example - if new accounts were prefixed 'MYWEBSITE-' (nasty privacy violation)
One other possible way:
D) Your website create a customer code for each customer and register their customer code in the blockchain.
-
Make your own GUI, make the memo field and to field readonly (or hidden)
What do you mean? How does that work if I'm sending funds from - for example - the Bitshares Android Wallet?
One other possible way:
D) Your website create a customer code for each customer and register their customer code in the blockchain.
That's very interesting and a distinct possibility. Do you have any documentation/api method pages you could point me to?
-
One other possible way:
D) Your website create a customer code for each customer and register their customer code in the blockchain.
That's very interesting and a distinct possibility. Do you have any documentation/api method pages you could point me to?
Your website maintains a database mapping of your customers' name and their customer code. Either manually or automate the registration of the customer code as a bts account in the blockchain. You can prefix it like abcCustomerCode assuming abc is the abbrievated form of your company name. You own all the accounts' private keys. The maintenance and conttrol of your customer information is on your website. This is a simple solution that may achieve what you need.
-
Make your own GUI, make the memo field and to field readonly (or hidden)
What do you mean? How does that work if I'm sending funds from - for example - the Bitshares Android Wallet?
Show a barcode on your site, user scan the barcode with the Bitshares Android Wallet.