It was confirmed this week Onename has raised $1.5 million in seed funding. On Wednesday, the company announced on their blog they would be open-sourcing a set of tools including a suite to utilize their in-development Openname Auth, a protocol for decentralized and password-less authentication. These set of tools work with their already open source protocol upon which Onename is built on called Openname, which in turn is built upon Namecoin.
Namecoin is the first Bitcoin fork, in which the blockchain serves as a distributed JSON store. The lead developer Khalahan Henkh stated in an interview with Coinabul earlier this year:
"Namecoin is more than a safe DNS system, it also allows any type of data to be stored in the blockchain."
Data stored on the Namecoin blockchain is registered with namespace identifiers using a transaction denoted with a special set of opcodes called OP_NAME_FIRSTUPDATE and OP_NAME_UPDATE. The OP_NAME_FIRSTUPDATE transaction destroys a small amount of Namecoin, currently 0.01 NMC, as part of a network fee, in exchange for storing data to the Namecoin blockchain. The address specified as the receiver of this transaction becomes the controller of the registered information. Openname introduced a new namespace u/, which stores information about a user against a name registered on the Namecoin Blockchain.
Onename states their primary focus is on application authentication using the identity system they've built upon Namecoin. Cofounder Ryan Shea stated:
"We want to be able to provide software to all the bitcoin companies and help them work with a common protocol around identity."
In 2013 a serious flaw was discovered by Michael Gronage which allowed for an address that was not the controller of a name to issue an OP_NAME_UPDATE on that name. Although Namecoin developers quickly patched the issue, and the exploit was only used once as part of Gronage experimenting with the issue, it would have allowed for any entity to maliciously modify a Onename user's information. If another vulnerability with this same severity arises again, Onename's authentication system would be rendered completely untrustworthy.
Onename's authentication method depends on many layers of software, while the open source Web of Trust developed by nanotube serves as an identification method secured with GPG and/or Bitcoin addresses.