ZmnSCPxj [ARCHIVE] on Nostr: 📅 Original date posted:2019-01-27 📝 Original message: Good morning Joao, > > ...
📅 Original date posted:2019-01-27
📝 Original message:
Good morning Joao,
>
> Eventually I could use something like SQRL or BitID which enable some level of anonymity. But now the user would have to keep an app for login and another for payments. He is expected to have both apps to use the service and keep both private keys secure. Both would use QR codes which makes for a lot of confusion and a terrible user experience. Of course I would have to eventually code the email/password anyway as a fall back.
>
> Contrast this scenario with this one which is basically identical to the one in the video:
> 1 - User goes to the ebook store.
> 2 - User selects the book he wants and scan a LN invoice.
> 3 - Wallet shows payment info and asks if user wants to provide his identity.
> 4 - User confirms payment and identity in the same action.
>
> There was no need for the user to create an account or to log in to the service. And no need for the store to keep any private data, just a unique userID that is only valid for that particular store.
Why is not the proof-of-payment sufficient?
Service generates a secret, user pays for the secret, proof of knowledge of secret authorizes use of the book.
In short, use the payment preimage as "unique userID".
You also automatically ensure that userIDs are usable only if paid for.
Regards,
ZmnSCPxj
📝 Original message:
Good morning Joao,
>
> Eventually I could use something like SQRL or BitID which enable some level of anonymity. But now the user would have to keep an app for login and another for payments. He is expected to have both apps to use the service and keep both private keys secure. Both would use QR codes which makes for a lot of confusion and a terrible user experience. Of course I would have to eventually code the email/password anyway as a fall back.
>
> Contrast this scenario with this one which is basically identical to the one in the video:
> 1 - User goes to the ebook store.
> 2 - User selects the book he wants and scan a LN invoice.
> 3 - Wallet shows payment info and asks if user wants to provide his identity.
> 4 - User confirms payment and identity in the same action.
>
> There was no need for the user to create an account or to log in to the service. And no need for the store to keep any private data, just a unique userID that is only valid for that particular store.
Why is not the proof-of-payment sufficient?
Service generates a secret, user pays for the secret, proof of knowledge of secret authorizes use of the book.
In short, use the payment preimage as "unique userID".
You also automatically ensure that userIDs are usable only if paid for.
Regards,
ZmnSCPxj