Tech Deep Dive
Karat is developing a new Web3 standard of authentication and authorization called W3Auth. This new standard allows users to sign in with Ethereum, host their data on Karat Network, and maintain complete ownership and control over their data.
In the web2 World, OAuth 2.0 is used in almost every application. It is an open standard protocol used for authorization and delegated access control. It allows a client application to access a user's resources on a separate web application, without the need for the user's credentials to be shared with the client application. OAuth 2.0 is widely used by web and mobile applications to access resources hosted on third-party web applications. Whenever you see a login screen that allows you to sign in through Gmail, Facebook, or Twitter, OAuth 2.0 is the standard of authentication being used.
Auth in Web3
Compared to the traditional OAuth 2.0 flow, the W3Auth flow implemented by Karat Network is completely on-chain, providing greater transparency and control over user data. While OAuth 2.0 relies on a centralized authorization server to grant access to resources on behalf of the user, the W3Auth flow utilizes decentralized identity standards and smart contracts to ensure that user data is owned and controlled by the user. This eliminates the need for a trusted third party and creates a trustless environment where users can confidently authorize access to their data. Additionally, Karat Network's approach incentivizes users to participate in the network by earning rewards for providing access to their data, creating a more collaborative and beneficial ecosystem.
The W3Auth flow involves the following steps:
- User Authentication: The user authenticates their identity by signing in with their preferred Ethereum wallet, such as MetaMask or WalletConnect. The user's wallet address serves as their unique identifier.
- Upload data to Karat Network: The user's data is encrypted using MPC technology and uploaded to decentralized storage solutions, such as Ceramic. The smart contract on Karat Network controls access to the user's data based on permissions granted by the user.
- Data Authorization: When a user visits a dApp, the dApp can request access to the user's data. The user can authorize access to their data by providing permission to the requesting party. This permission is stored on the blockchain and is transparent and auditable.
- Rewards: Users can earn rewards for participating in the network by providing access to their data. These rewards can be in the form of Karat tokens or other incentives.
Validators are eligible to request users’ data.