[randomhodler84]

The whole not needing an a&a database part? That’s the onchain part. You don’t need to track authz as it’s just real-time lookups on blockchain state.

Rather than maintain and protect a local set of usernames and hashes, you let anyone in who can present signature and address. Then server side you check that address has some NFT. Done. No hashes or usernames or anything.

[smachiz]

How is that actually better? Like, what part of that makes it faster/cheaper/better?

[randomhodler84]

Let’s say I’m a saas vendor that has some web product, it doesn’t need user profiles as such, just gated access. Without need to take credit card payments, one can sell a token that provides access, and know that the api to query its status is going to be stable and eternal. It simplifies a particular use case that I think works.

[UncleEntity]

Couldn’t they just give them a public/private key combo and solve the exact same problem without maintaining a blockchain?

[randomhodler84]

They don’t need the generate it, the user supplies it with the client side web3 wallet. They don’t need to maintain a blockchain, they can use various portable apis to query it.

[whatisweb3]

Blockchain solves the double spend problem here, without reliance on a central clearing house.

[threeseed]

You don't need to handle authorisation.

OAuth or one of many services e.g. Auth0, AWS Cognito, Okta can provide a managed service for you.

This isn't a problem Web3 is uniquely solving.

[randomhodler84]

Ok now how do I do it with storage in some eternal way that doesn’t required a trusted third party. And not having to maintain any kind of session or user state mapping between my app and the oauth2 or saml provider.

Ya know, about 14 years ago something happened where we could maintain these eternal data structures with rules around state mutation. Humanity is only learning the power of such structures a decade later. There are very much unique problems being solved here and you are missing the dark forest for the legacy trees.

[finfinfin]

So how does the service authenticate the user?

User installs a browser extension (wallet) that is created by a third party that they have to trust unconditionally?

Is that what the promised land of zero trust is about? Trusting a 3rd party with all your finances?

[TimJRobinson]

The user can read the source code of a wallet and they know it's never going to change on them or have a service block them, and there are many options available which they can switch between at any time.

It's about user empowerment and not letting other entities have any control over any aspect of it.

[finfinfin]

Who is your theoretical empowered user? A CS major?