OAuth
OAuth (Open Authorization) is the standard protocol for authentication and authorization used by many sites.
OAuth is used by many companies such as Google, PayPal, Facebook, etc., which allows users to share their PII with third-party applications or websites.
How is OAuth related to OZKi?
OZKi's design is orthogonal to OAuth. The PII provider can choose any authentication or access protocol it wishes to use, including OAuth, and the OZKi proof system works independently. The OZKi-BOT demo app showcases the proof of payment with PayPal and proof of login with Google, and in both cases, the PII providers use OAuth.
The high-level view of the OAuth is illustrated by this image (source: Wikipedia):
To access the PII, the user still needs to authenticate directly to the PII's auth server, as illustrated above (arrows 1 to 4). The glue between OAuth and OKZi is the OZKi oracle service, which takes the role of being the third-party app of OAuth. The oracle service pulls the PII from its provider on the user's behalf using the access token (arrows 5 and 6).
The primary function of the oracle is to digitally sign the pulled PII data so that the user will not be able to tamper with it. The signed data must follow a format that can be processed by the circom proof function, which validates the signature at the beginning of the function. See the programming guideline page for the detailed call sequence between an oracle and the external authorization server.
Note that the oracle service is a concept that we borrowed from the Web3 world. The oracle service implementation should have the following characteristics:
Neutral, independent, and transparent (must-have) The oracle should be run by an organization that is different and independent from the server (i.e.: OZKi-BOT). The source codes should also be made public for security audit purposes.
Decentralized and trustless (ideal) To increase the public trust, the oracle ideally should be running as a decentralized and trustless service, and the natural place for this is the blockchain.
Last updated
