译文/Translated:
过去这周在华盛顿举办的B1June活动中,我们宣布即将推出的EOSIO 2更新,我们希望能够给EOSIO™带来更好性能,同时也给它最新的Web验证标准支持。EOSIO 2,EOSIO的下一代版本,将会让大众使用区块链应用更加容易。
我们保持着通过EOSIO Labs™实现开放创新的精神,现发布的WebAuthn范例应用展示我们将怎么利用WebAuthn支持EOSIO。
本次EOSIO Labs发布的版承袭了我们最新版本的焦点:密钥和密码管理,简化EOSIO认证生态系统。从声明-验证安全模式到通用认证库以及最新的iOS和Chrome扩展认证器参考应用,我们都致力于探索EOSIO上无缝、安全的未来
通过WebAuthn的支持保证EOSIO区块链应用安全
WebAuthn是最新的万维网联盟(W3C)标准,全球很多大科技公司已经接受并率先使用,其中就包括Yubico、谷歌和微软,该标准可以确保几大浏览器和平台支持下的认证过程。
就我们所知,EOSIO是第一个接受WebAuthn标准的区块链协议。我们是W3C批准的新的安全标准,我们很高兴能够在区块链社区率先使用它。
在EOSIO中引入这个标准让我们在EOSIO上的区块链应用进行安、无缝的交易签名的时候可以更加安全和无缝。用户不用担心私钥,他们能够使用他们选择的标准硬件认证器(而不是Chrome扩展或应用)签署交易,如刚刚宣布推出的EOSIO YubiKey和内置平台认证器,比如指纹传感器和其它生物识别方法
获得更多信息,请点击https://webauthn.guide
WebAuthn范例Web应用–EOSIO YubiKey支持
范例应用只能用来展示,不应该以当前形式部署在任何生产环境中。其目的是展示基于EOSIO的私密区块链上的应用可以如何为用户产生兼容于WebAuthn的密钥、并要求用户利用该密钥签名,从而签署交易。Eosjs,eosjs的WebAuthn签名提供者,和内置的浏览器Web认证API能简化该过程。浏览器要求用户使用安全密钥或内置平台认证器进行认证。
尽管用户可以自己选择认证器或支持WebAuthn的生物识别密钥,我们还是荣幸地宣布Block.one将会和Yubico合作为EOSIO用户和开发者提供EOSIO冠名的YubiKeys,让他们能利用区块链应用。您可以在EOSIO网站上的Build on EOSIO专栏看到EOSIO YubiKeys的销售情况。
EOSIO上的WebAuthn现存的缺陷
因为这是EOSIO Labs发布的范例Web应用,所以里面还有很多缺陷,我们希望能够在把该标准完全引入生产环境之前能够解决这些问题。关于这些问题的更多细节,您可以访问WebAuthn范例Web应用在GitHub的代码库。
更重要的是,现在用户使用WebAuthn的时候,李嘉图合约无法显示。因此,当WebAuthn和EOSIO结合使用时候,用户应该谨慎使用WebAuthn,且仅限于终端用户已经信任的私链和应用中。
在它能够正式走出EOSIO Labs,正式被发布之前,我们还会继续测试和加强WebAuthn对EOSIO的支持。我们相信,这些问题的答案很可能都在活跃且积极的EOSIO社区中。我们希望这次的开源版本能够鼓励EOSIO的开发者共同探索这个网络安全标准会如何影响到EOSIO上的区块链和应用未来的认证方式。
If you have questions, suggestions, ideas, etc., get involved. We invite you to log issues or submit Pull Requests against this repo.
如果您还有任何问题、建议、想法,我们都欢迎您能记录问题或在这些repo下面提起Pull Request请求。
联系我们
如果您愿意给我们反馈并想和我们团队并肩让EOSIO软件更进一步,您给可以给我们的开发者关系小组发邮件:developers@block.one.
您还可以在我们新的网站上订阅我们,从而获得未来最新资讯。我们很高兴你能够不断为EOSIO开发者改善该软件的可用性,同时,我们也在为区块链技术的大规模使用奠定了基础。
所有标有商标™和®的产品和公司名皆为其所有者持有。使用这些名字并不代表我司与其存在任何从属关系,也不代表我司对其认可。
免责声明:Block.one是作为EOSIO社区的一员志愿对其做出贡献,但是并不能保证软件的整体性能和应用的性能。我们不代表、保证、确保或执行这里描述的任何版本、GitHub上发布的文件、EOSIO软件或者先前提到的,不管是明确说明或者暗示的,任何文件的发布,包括但不限于承诺书、商业性、为某个目的的实用性、不侵权性等。在任何情况下,我们都不对任何说法、损失或责任负责、不管是涉及合约、侵权或被侵权的情事件,不管这是因为软件或文件或使用或软件和文件中涉及的其它事宜导致,还是和这些情况相关,我们都不对此负责。测试结果或者性能数据都是有指示性的,不可能反应所有情况下的性能。任何关于第三方的引用、第三方产品、资源和服务都不是Block.one背书和支持的。您因为使用或依赖这些资源产生的任何问题,我们不负责,也不承认所有责任。第三方产品可能在任何时间被升级、改变或暂停,所以这里提供的信息可能会过时或不准确。任何使用本软件提供的关于第三放软件、产品和服务的个体应该建议这些第三方提供执照有效期、免责声明和免责条款。Block.one, EOSIO, EOSIO Labs, EOS, heptahedron和相应的图标都是Block.one的商标。这里提到的其它商标都是他们相应持有人的产权。请注意本文件表达的仅仅是Block.one的设想,并非任何保证,Block.one的方向发生任何变化的时候,其中的所有部分也应当相应变化。我们把这称为“前瞻性声明”,其中包括了本文所指的所有声明,而不是关于历史事实的陈述,如关于Block.one的发展、表现预期、未来特点、商业策略、计划、前景、发展和目标。上述声明仅仅是预计,反映的是Block.one当下的观点和关于未来事件的预期,上述声明基于假设,会受风险、不确定性和随时变动的影响。我们在快速变化的环境中运营。新的风险随时会出现。考虑到这些风险和不确定性,请您注意不要完全依赖这些前瞻性声明。可能导致实际结果、表现和情况和这些前瞻性声明产生巨大差异的因素包括但不限于:市场波动性;资本、金融和人事长期充足与否;产品接受度;任何新产品或科技的商业成功;竞争;政府调控和法律;整体经济、市场和商业环境。Block.one发布的所有声明仅适用于其发布的时间,Block.one没有任何责任,也明确表示不承担任何责任,更新或修改其前瞻性说明,不管是因为出现新信息、后续事件还是其它情况。这里包括技术、金融、投资、法律或其它方面的建议,不管是从广义上的还是涉及到任何特定的情况和用途。在应用或者利用本文所提到的内容之前咨询相关领域的专家。
原文/Original:
This past weekend in Washington, DC at the B1June event, we announced EOSIO 2 updates on the horizon, which we hope will bring enhanced performance and support for the latest web authentication standards to EOSIO™. EOSIO 2, the next major version of EOSIO, will make using blockchain applications even easier for the masses.
Continuing in the spirit of open innovation through EOSIO Labs™, we have released a WebAuthn Example App to demonstrate how we intend to implement WebAuthn support for EOSIO.
This EOSIO Labs release follows suit of our recent releases focused on key and password management streamlining the EOSIO authenticator ecosystem. From the Assert Manifest Security Model to the Universal Authenticator Library, and our most recent release of iOS and Chrome Extension Authenticator Reference Applications, we are dedicated to exploring the future of seamless security on EOSIO.
Securing EOSIO blockchain applications with WebAuthn Support
WebAuthn is a new World Wide Web Consortium (W3C) standard accepted and pioneered globally by many major technology companies like Yubico, Google, and Microsoft, that enables secure authentication supported by all leading browsers and platforms.
To our knowledge, EOSIO is the first blockchain protocol to adopt the WebAuthn standard. As a new security standard approved by the W3C, we are excited to be pioneering its adoption within the blockchain community.
Bringing this standard to EOSIO opens up the possibility of more secure and seamless transaction signing for blockchain applications built on EOSIO. Rather than worrying about private keys, users will be able to sign transactions using their choice of standard hardware authenticators (rather than Chrome extensions or applications) such as the newly announced EOSIO YubiKey and built-in platform authenticators like fingerprint sensors and other biometrics.
More information about WebAuthn can be found at https://webauthn.guide.
WebAuthn Example Web App for EOSIO YubiKey Support
This example app is meant purely for demonstration purposes and should not be deployed in its current form into any production environments. It is meant to illustrate how an application running on a private EOSIO based blockchain could generate WebAuthn-compatible keys for users and request signatures from users with those keys to sign transactions.
This is facilitated by eosjs, a WebAuthn Signature Provider for eosjs, and the built-in browser Web Authentication API. The browser prompts the user to authenticate with their security key or built-in platform authenticator.
While users will have their choice of authenticator or biometric key that supports WebAuthn, we are excited to have announced that Block.one will be working with Yubico to provide EOSIO branded YubiKeys for EOSIO users and developers to use with blockchain applications. More information about the sale of EOSIO YubiKeys is available on the Build on EOSIO section of the EOSIO Website.
Existing Limitations to WebAuthn on EOSIO
As this is an example web app being released under EOSIO Labs, there are still a number of limitations we hope to work through before bringing this standard to full support in production environments. You can read more detail about these limitations in the WebAuthn Example Web App GitHub repository.
Most importantly, there is currently no way to display Ricardian contracts to users when using WebAuthn. For this reason, WebAuthn, when used in conjunction with EOSIO, should be used with caution and only on private chains and applications already trusted by the end user.
We will continue working to test and enhance WebAuthn support for EOSIO before its official release outside of EOSIO Labs. We believe that the answers to many of these limitations lie with the active and engaged EOSIO community. We hope that this open source release will inspire EOSIO developers to explore how this web security standard will impact the future of authentication on EOSIO based blockchains and applications.
If you have questions, suggestions, ideas, etc., get involved. We invite you to log issues or submit Pull Requests against this repo.
Stay Connected
If you are interested in providing feedback and working more closely with our team to improve EOSIO for developers, you can send our developer relations team an email at developers@block.one.
You can also keep up to date with future announcements by subscribing to our mailing list on the new EOSIO website. We are excited to be regularly improving the usability of the software for EOSIO developers as we continue to lay a foundation for the mass adoption of blockchain technology.
All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
Disclaimer: Block.one makes its contribution on a voluntary basis as a member of the EOSIO community and is not responsible for ensuring the overall performance of the software or any related applications. We make no representation, warranty, guarantee or undertaking in respect of the releases described here, the related GitHub release, the EOSIO software or any related documentation, whether expressed or implied, including but not limited to the warranties or merchantability, fitness for a particular purpose and non infringement. In no event shall we be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or documentation or the use or other dealings in the software or documentation. Any test results or performance figures are indicative and will not reflect performance under all conditions. Any reference to any third party or third-party product, resource or service is not an endorsement or recommendation by Block.one. We are not responsible, and disclaim any and all responsibility and liability, for your use of or reliance on any of these resources. Third-party resources may be updated, changed or terminated at any time, so the information here may be out of date or inaccurate. Any person using or offering this software in connection with providing software, goods or services to third parties shall advise such third parties of these license terms, disclaimers and exclusions of liability. Block.one, EOSIO, EOSIO Labs, EOS, the heptahedron and associated logos are trademarks of Block.one. Other trademarks referenced herein are the property of their respective owners. Please note that the statements herein are an expression of Block.one’s vision, not a guarantee of anything, and all aspects of it are subject to change in all respects at Block.one’s sole discretion. We call these “forward looking statements”, which includes statements in this document, other than statements of historical facts, such as statements regarding EOSIO’s development, expected performance, and future features, or our business strategy, plans, prospects, developments and objectives. These statements are only predictions and reflect Block.one’s current beliefs and expectations with respect to future events; they are based on assumptions and are subject to risk, uncertainties and change at any time. We operate in a rapidly changing environment. New risks emerge from time to time. Given these risks and uncertainties, you are cautioned not to rely on these forward-looking statements. Actual results, performance or events may differ materially from what is predicted in the forward-looking statements. Some of the factors that could cause actual results, performance or events to differ materially from the forward-looking statements include, without limitation: market volatility; continued availability of capital, financing and personnel; product acceptance; the commercial success of any new products or technologies; competition; government regulation and laws; and general economic, market or business conditions. All statements are valid only as of the date of first posting and Block.one is under no obligation to, and expressly disclaims any obligation to, update or alter any statements, whether as a result of new information, subsequent events or otherwise. Nothing herein constitutes technological, financial, investment, legal or other advice, either in general or with regard to any particular situation or implementation. Please consult with experts in appropriate areas before implementing or utilizing anything contained in this document.
原文链接/Original URL:
