Author Topic: Applications idea  (Read 1901 times)

0 Members and 1 Guest are viewing this topic.

Xeldal

  • Guest
 +5% I like this alot!! and think it will ultimately be essential.  Not every user needs a super dac in their pocket.   

I'm hoping there is some secure way, not requiring delegates to vet the safety of each add-on.  Running a delegate is currently pretty simple but evaluating a 3rd party add-on for security is a whole-nother ballgame. Either way though it shouldn't matter, as this can obviously be outsource to others better suited to evaluate the code.

Anyone can currently grab the source code and add-on whatever they want and offer it to others, so making that process easier/safer makes sense.  Making a streamlined, "safer" way to do this.

Ultimately its a matter of personal responsibility on what a user adds-on to his client.  I can see an advanced option for "disregard delegate requirement".  or " allow unofficial repositories"  and that's perfectly reasonable.

These addons would surely be evaluated by security experts and the number of delegates 'supporting' any addon would give the user a rough idea of how safe it is to use. 

I like the idea of ; if it requires access to some portion of the client then it requires some number of delegates approval. 
« Last Edit: November 21, 2014, 10:39:47 pm by Xeldal »

Offline wasthatawolf


Offline Agent86

  • Sr. Member
  • ****
  • Posts: 471
  • BTSX: agent86
    • View Profile
I think there are advantages of having different options or add-ins for clients depending on what people are interested in.  However I wouldn't have delegates get involved with publishing which software to trust.  I think their job is complicated enough without this type of responsibility.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Yes yes yes ... lets have in wallet apps .. pls do it!!

Offline valzav

  • Sr. Member
  • ****
  • Posts: 294
    • View Profile
If we allow third-party applications inside BitShares client/wallet, a lot of things that require centralized services would be much easier to implement and make user friendly . Some examples:
- whoever runs a gateway (RealBTC<->IOUBTC) could publish an application, so users interested in this gateway could install an application be able to convert BTC to IOUs not leaving the client.
- faucet can run referral program, so users could use its application to redeem referral program's coupons or generate new coupons to share with friends right inside the BitShares client.
- escrow agent can have its own application specific to the service it provides.
- and many others more simple use cases, like advanced block explorers, market charts, and a lot more.

Another advantage - this allows us make the client as light as possible, by default it would contain only basic wallet functionality needed to register account and transfer funds, everything needed for more advanced users can be installed as applications, for example market GUI can be an extra app.

Later when ethereum-like scripting language is implemented, the same applications infrastructure could be used to interact with blockchain DAPPs.

And some technical details how this can be implemented.
A trusted party is needed to make this possible, first of all there should be some repository of applications, second, applications would have access to private keys, so there is a big security issue. I suggest delegates to be this party responsible for apps: delegates publish their list of trusted applications, the same way delegates now publish price feeds and toolkit version. List of applications can be publish json format, each application entry can contain download URL, API URL (if app is supposed to communicate with centralized service), checksum and the version number (if version changed the client will automatically update the application).
Technically, an application is Angular.js module - just a package comprised of html and js files. BitShares client downloads it, verifies checksum and signatures and plugs it in as Angular module.
There might be different rules for different kinds of application, e.g. if application doesn't require access to wallet_* rpc calls, it may require only one delegate to publish it, applications that require access to wallet_ calls may be required 10 or more delegates to publish feeds. To revoke an application, delegates just need to stop publishing it - BitShares client will mark it as revoked in the applications repository. DPOS shines again giving BitShares a huge advantage over competing platforms.