Features
OZKi enables the development of web components for various proof-based logic, which protects user privacy.
Proof-based Authorization
The core idea of proof-based authorization flow is to prevent or minimize the user's PII sent to the server. In the traditional PII flow, the user typically sends the PII to the server, where the server checks if the PII meets certain conditions. In this model, the PII often gets stored somewhere, which eventually can leak over time due to various reasons such as data breaches, illegal monetization of user data, insider's job, etc.
In contrast, the proof-based authorization flow performs the constraint checks by running the proof function in the user's private space. In this approach, the PII stays inside the user's personal space (like the browser), and the server does not receive the PII but rather the proof if the PII meets the constraints. Because the PII never gets revealed to the server, it is not possible to leak the PII on the server side.
One of the main features you can implement using OZKi is the proof-based authorization flow which can be used as an alternative to the usual login or sign-in process. The OZKi Toolkit comes with demo proof functions for the following three authorization flows:
All the features listed above are implemented in the OZKi Bot demo application.
OZKi Bot's Use of Proof-based Authorization
The OZKi Bot is a fictitious game company that has the following two seemingly contradictory requirements:
Only paid users can use its service. OZKi-Bot is not a free service. Users must pay for the subscription via PayPal.
Its server follows the ID-less design. OZKi Bot has strict requirements to protect the users' privacy by not using nor storing any of their PII on its server.
It would be very challenging, if not impossible, to implement both of the above requirements using the standard software engineering approach. Fortunately this can be solved using proof-based authorization.
Last updated