. . .
Improving the EOSIO™ software suite is an ongoing endeavor and requires a holistic approach given the diverse roles of system-wide participants. The EOSIO Strategic Vision outlines four major points of focus: Scalability, Developers, Users, and Enterprise. This entry in the Strategic Vision series addresses blockchain users and improvements we are making to the EOSIO software suite to support them.
Reducing friction for users of blockchain applications will go a long way towards supporting mass adoption. Users need access to secure, simple, and familiar interfaces in order to confidently use blockchain systems. Towards that effort, strides have been made by our team to develop and propose security standards for interactions between authenticators and applications built on EOSIO based blockchains like advances recently released in the Ricardian Template Toolkit.
The following topics of focus are detailed in pillar 3 of the EOSIO Strategic Vision:
A Consistent Front End
Phishing, bait and switch, and other types of attacks use false pretenses to trick users into making otherwise unacceptable agreements, without revealing the true nature of what users are agreeing to. To stifle these malicious efforts our team is continually advancing support for Ricardian Contracts and a toolkit for validating onchain image rendering, text, and attachments, that clearly indicates the terms a user is agreeing to when they sign a transaction. By giving developers templates to put clear terms and conditions alongside transaction signing, it makes it easy for users to know exactly what they are agreeing to. These added transparency measures will provide users security and confidence as they navigate straight-forward interfaces.
Enabling WebAuthn Support
Private key and password management can be worrisome and present major attack vectors if sensitive data is stored on an insecure system. Hardware authenticators are a step towards siloing passwords and/or private keys from harm’s way. WebAuthn is a new World Wide Web Consortium (W3C) standard providing secure authentication support for all leading browsers and platforms pioneered by major technology companies including Yubico, Google, and Microsoft. Adopting the WebAuthn standard because it makes it possible to incorporate hardware devices into existing authenticator architectures. These include the newly released EOSIO supported YubiKey, built-in authenticators such as fingerprint sensors, and other biometric confirmation tools.
Enhanced Resource Management
At present, users are required to own or lease sufficient tokens to cover CPU and NET resources needed to execute transactions. New functionality allows developers to have a greater degree of autonomy over how billing for CPU and Network usage is processed. The proposal for this tool is outlined in the Specification Repository. Once enabled, the EOSIO blockchain will only charge the first authorizer of a transaction for related CPU and Network costs. This allows application developers to set a criteria for specific transactions and cover any associated user costs. By covering customer fees, developers can help to alleviate any adoption barriers related to transaction cost.
Decentralized File System
Today application business logic is encapsulated as smart contracts and associated data is stored on the blockchain. However, application user interfaces are still built and hosted off-chain, representing single points of failure for decentralized applications and a capacity for censorship. We are exploring ways of enabling on-chain storage of the application user interfaces, perhaps in a separate lower cost resource that can enable applications to finally become truly decentralized and therefore effectively censorship resistant as well.
EOSIO Specification Repository
The community effort towards building stable, efficient, and scalable EOSIO blockchains remains ongoing and we will continue to provide support and resources. We are continuing to implement various facets of the EOSIO Strategic Vision and during this crucial stage the feedback we receive from researchers, application developers, and other members of the community makes an impact. This effort is spearheaded by the Specification Repository, an EOSIO Labs™ initiative to support greater synergy amongst stakeholders in our growing ecosystem. If interested in getting involved, please review the specifications drafted and provide feedback directly in GitHub as we work through the implementation of these features in EOSIO.
Users are among the most vital participants of the EOSIO blockchain ecosystem, and Block.one is committed to incorporating community suggestions and feedback. User input helps to inform and improve our open source toolkits, ultimately creating a more robust, secure, and engaging experience for everyone. If you would like to offer feedback and work more closely with our team to improve EOSIO for developers, you can send our developer relations team an email at firstname.lastname@example.org.
Get updates on future announcements and release notes by subscribing to our mailing list today on the new EOSIO website.
. . .
Important Note: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations, and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.