How It Works - Epistery

ServiceHost

A web site or other internet hosted service can install the Epistery plugin. The plugin is activated from the main code with:

import {Epistery} from 'epistery'
import express from 'express';

const app = express();
const epistery = await Epistery.connect();
await epistery.attach(app)

app.use((req,res)=>{
  const domainConfig = req.app.locals.epistery.domain;
})
                        

Epistery binds to the request object to attach services behind /.well-known/epistery. The root response is a JSON object that projects the service address and capabilities. The hostname is the namespace for epistery. It will automatically generate a wallet and default configuration for each domain (strict, including subdomain) identified in the request.

Note: A wallet is generated for each domain hosting the epistery plugin. The configuration file is found in $HOME/.epistery/domain.name/config.ini. The configuration can be customized with alternate keys or key agents such as an HSM. Rootz provides tools for advanced key handling.

Agent

Agents are essentially the accredited market makers. The system runs on gas. These are the transaction fees paid to the mining network maintaining the blockchain. To enable frictionless transactions, the agent provides the gas and batching to control cost.

ServiceHosts will decide which agents suit their purpose, register for accreditation and install the necessary contract handler into the plugin.

Key Responsibilities

Provide gas for blockchain transactions
Batch transactions to control costs
Maintain CreditRegistry for the network
Underwrite contracts with gas
Bridge credits to real-world value

ClientBrowser

Epistery provides a client side script that uses the browser's localStorage to hold or reference the signing wallet that represents the end user. LocalStorage is a W3C standard supported by all major browsers. It is strictly isolated to the domain that wrote into it. That means data stored in the browser by site A is invisible and inaccessible to site B. With a browser wallet, the end user is a unique anonymous address that is unlikely to act in any other context than when running the same website.

Why have a signing key at all?

Who cares that an anonymous ephemeral identity did something? It is a matter of transactional integrity. If all parties sign a transaction we can at least be certain that the facts written into the transaction are facts as known and signed. While the only fact might be that the transaction happened between two unknown parties, that may be enough. But the opportunity to embellish the transaction and employ simple clauses becomes imminently available when the baseline mechanics of certainty are always employed.

Example: Human Verification

For example, a ServiceHost could route a browser to a service that confirms you are human. You would present your address from site A (invisible to the test site) and the test site would write an attribute to your address. Henceforth, Site A would trust the identity to act human.

The Skeptics Corner

For people steeped in blockchain

All the different business models made available will be obvious and familiar, but the lax attitude to key safety is anathema. A blockchain wallet in a cookie? Are you insane? All blockchain value is ultimately tied into the private keys that can instruct the value to move or act.

It's a matter of scale and incentive. When we are dealing with tiny fragments of commerce, such as a page view or a 'like', the security is not the point, particularly when the incentive to cheat is designed to be minimal. Part of the reason for constructing a CreditsRegistry for agents is to ensure that value in the system must pass through a point of control that has to maintain reputation to maintain access to the market.

For average web users

This sounds like either pixie dust or a scam. There is no way a random user is going to trust any kind of transaction with some random website without an intermediary. If you say that's possible, this is probably some crypto scam... ah, yup, blockchain. Pass.

Most crucial technologies that underpin society found early explosive growth and innovation on the fringes of legality. Blockchain is still growing up. It is not a fraud, it is the technology that broke the conceptual laws of physics by allowing a digital thing, like a number, to be a singular thing, like a rock. It has the power to be the trusted intermediary. It governs by math alone. Contracts are codes, identities are cryptographic keys.

But never mind, because the average web user will not see the Epistery. Much of the business of the web is simply tracking engagement. Epistery enables that to continue, but to move the power into the hands of the participants. By acknowledging that an end user has agency, even if represented by an invisible wallet identity known only to the current web site, that user can assert control with complete anonymity. It's not a matter of asking permission from a provider, you just take over your keys and remove any custodial partners who may have been keeping the identity backed up and topped off.

Mechanics