muneeb-ali
commented
7 years ago @jcnelson please add some of the bigger things that are getting merged in this release when you get a chance (not high-priority).
Closed muneeb-ali closed 7 years ago
muneeb-ali
commented
7 years ago @jcnelson please add some of the bigger things that are getting merged in this release when you get a chance (not high-priority).
jcnelson
commented
7 years ago New REST API.
This release of Blockstack introduces a new RESTful interface, which will become the basis for building decentralized applications.
The RESTful API fulfills the same responsibilities as a traditional Web app back-end. Front-end code can use it to do things like create user accounts, query user profiles, load static resources, and read and write user data. The programming model is otherwise the same as it is for normal Web apps.
Despite this similarity, the REST API brings several powerful features to apps behind the scenes that are not present in the current Web.
No passwords required. All authentication happens with public-key cryptography. The sign-in experience for users is like signing in with Facebook or Google, except the blockchain (not a centralized corporation) is the shared trusted party. At the same time, developers do not need to worry about asking for passwords, storing them securely, or coding ways for users to recover them.
No hosting required. The application does not need to store any user data, but users and developers get the same programming model and convenience of having a centralized app database. To save data, the front-end only needs to upload data to the user's local Blockstack node via its REST API. The Blockstack node takes care of making it discoverable and replicating it to the user's storage providers. To load it again, the front-end only needs to request it by path from the local Blockstack node (just like how it's done on the traditional Web); the local node will discover and read it from the user's storage servers automatically.
End-to-End Content Authenticity. Any app resource or piece of user data loaded through the REST interface is automatically verified against the origin's public key. The content is guaranteed to come from the person who wrote it, so it doesn't matter which host served it. This is a more powerful guarantee than TLS can offer, and Blockstack provides it by default (so users and developers don't have to muck with certificates).
API Permissions. Just like how mobile applications need to ask permission at install-time to access various APIs on the phone, all Blockstack applications need to ask permission to access various API endpoints. This happens when the user creates an account with an application. For example, a Dropbox-like application would need to ask permission to use the storage API, but not the name-registration API. Users can also preemptively revoke permissions on existing accounts.
User introspection. In the traditional Web, users have to go re-enter the same profile information over and over again for each app they use. With Blockstack, that information only has to be entered once (like with Gravatar or Facebook); applications (with permission) can query it automatically when the user makes an account with them. In addition, users have the freedom to make different unlinkable personas for different sets of apps in order to selectively disclose information.
jcnelson
commented
7 years ago jcnelson
commented
7 years ago @muneeb-ali are you satisfied with the release notes? Can I close this issue?
blockstack-devops
commented
2 weeks ago This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
I'm starting a list of release notes for Blockstack 0.14.1. Please add things by leaving a comment and I'll edit this post to include the items. I will then expand on the features/updates and give more details.
The release notes only cover high-level details. For details on individual issues please see the milestone for 0.14.1.