First demonstration of a eApp/DApp integration - Decentralized Identity Management



Introduction

I'm presenting here the development and usage of an eApp (email Application) build with our technology EAC (Email Active Content) connected to a DApp (Smart Contract Ethereum App) as backoffice to manage the sharing of personal identity data. But this this pattern can be use for any personal data we want first to be the only owner & to be able to control carefully with who we want to share this information. We can imagine to use this pattern for :
  • Sharing medical information
  • Sharing a grade transcript
  • Bank statement
  • etc ...
Tanks to the Blockchain and more specifically Ethereum one this become very easy to implement and thanks to EAC Technology it also becomes  very easy to use (for both developer and end user. Sharing become as simple as sending an email but with a very high level of security.

This article will present all aspects of this new way to build secured & shareable Apps !


DeMONSTRATION OF AN EApp using a DAPP - Identity management


--==== DISCLAIMER ====--

This is article intend to demonstration a simple implementation of eApps/DApp interaction, it's far from being secure implementation and it's absolutely not the purpose. AppInMail will provide in the futur a strong implementation of Identity contract linked to an email adresse, but here it's just a basic example. DON'T USE IT FOR ANY PRODUCTION & ALL WHAT YOU DO WITH THIS DEMONSTRATION IS AT EXCLUSIVELY YOUR OWN RISK.

======================================================


set up the ENVIRONMENT 


To experiment by yourself all what you need is an AppInMail account & access to our Email client ProMail. The only way to start a new account in AppInMail is to receive an Email using EAC Technology, to do so we've created the first community email called Mission AppInMail, you can receive it from the page : https://at.appinmail.io/4ZLMUwdlNJPQscdYs4CyUV and by clicking on Start the journey.

Figure 1 : Start AppInMail Journey

You will then receive on your mail box two emails (Check your AntiSpam in case you get nothing) from :
  • noreply@appinmail.io : It's the email to inform an account is open for you, you should use the link to change the self-generated password to put yours.
  • aim.boost@appinmail.io : This one is the community email (Mission AppInMail), by following the instruction provided in the picture upper you can see it directly in your email client.
But to develop eApps what we need is to access to ProMail, then simply go to promail.appinmail.io if everything is ok you should have this :

Figure 2 : ProMail - EAC Native Email Client


ProMail is a very advanced Email client that support EAC Technology but also a complete solution to build Plug-In for it, here some documentation of the available API & objects : https://goo.gl/7WMZWm

To access to this environnement you should click first on SETTINGS :

Figure 3 : ProMail functions bar

And then to plug-in :

Figure 4 : ProMail settings page

You will already find 2 existing plug-in, but we will add an 3rd one to implement our eApp/DApp.

Figure 5 : ProMail Plugs-In page

Install our eapp/Dapp


You will find the file to install the plug-in here https://github.com/EAC-Technology/IdentityDemo : 
  • IdentityDemo.xml : It's the packaged plug-in directly installable by using Add new Plug-In, you will then be able to edit or run this plug-in.
  • The other files : They are all the plug-in in separate files easy to use with repository system like GitHub, to manipulate it there is py script here https://github.com/VDOMBoxGroup/plugin2fs
After the installation completed you will be able to see the plug-in in the list :

Figure 6 : IdentityDemo Plug-In installed




The sample identity contract we are going to use is available here : https://github.com/EAC-Technology/Identity

This contract is simple storage of some key identity values with ACL. 

Let's use the plug-in to run examples.

This example is running on TESTNET network, it consists of first creating an ETH address then set some permissions to allow an other user to see some of the identity data & finally to send by email to this user a document and see how the identity informations are displayed according to the permissions.

In real life this case can be for a user to give access a shop to some of his data to deliver a parcel, then the shop doesn't have any information in his database, it is just allowed to have access to the data it needs.

Here we will start by creating an ETH Address (this is only in the case of this demo, later AppInMail infrastructure will provide automatically to any new user an ETH @ linked to the email).

Figure 7 : IdentityDemo MENU Icon


To run some functions of this plug-in, we need to click on the plugin button in the menu bar, then a sub-menu appear with the button IdentityDemo. When one click on it a menu with the differents functions (corresponding to some macro in the plug-in development environnement) will be accessible.

Figure 8 : All functions possibles



To setup the profile we will use MyProfile as it has never been set up, the system will ask to create a ETH address :

Figure 8 : Windows to create an account


By clicking on create, we will create a new wallet & send 2 Ethers to it, here the procedure :


Figure 9 : Windows to create an account

The figure 9 show the new adress created & the pending process of the transaction, the logs of ProMail https://promail.appinmail.io/logs  

Figure 10 : Logs 

Logs shows the interaction with the Blockchain and we can see the transaction, now we are going to https://ropsten.etherscan.io/address/0x067700fdc409f2b55e7c558c305432ceb8690a32 to see what happen on the Blockchain.

Figure 11 : Etherscan request on the ETH Address 

And we can see the transaction has been done and the new account created got 2 ETH that will be useful now to perform some of the operation we want to do with our new account.

We will now publish the identity contract seen upper & fulfill data in. To do so, I clicked on NEXT after the creation of my account & got this windows.


Figure 12 : Simple windows to fulfill my identity data.

By clicking on [OK] I sent the transaction to the Blockchain that consist of creating my contract with the initial value, we can track on Etherscan what is happening :



Figure 13 : Contract creation on the Blockchain


Now data are stored in the Blockchain & I can access from ProMail but from any place in the world without accessing to any AppInMail API. My identity has been pushed to a decentralized network.

If I click again on the function MyProfile :


Figure 14 : Recall from Blockchain.

Now we will demonstrate how I can use this Identity to deliver inside a EAC Email only the content I want to. I will first send an email & the target user will have absolutely no access right, then the information displayed will be empty. Then I will upgrade the right and see the consequence on the exact same email.

To be able to make this demonstration, I of course need a new accout, so, I will use my Gmail account with the ETH address :  0x3bae9bf79cd57ebed274ccb0591d200ccf63e36b

Unlike other Email Client ProMail have the capacity to use specific Email Composer define as a Macro in a Plug-In


Figure 15 : Let's choose the ShareProfile Email composer.


Here under ProMail logo we have the composer selector and we have choosen ShareProfile that will run inside ProMail a specific mail composer that will send an EAC Email with a pre-selected rights. 

Because here we are at the very first implementation of the integration of Blockchain in AppInMail we are obliged to add the ETH Address, but later this will not be needed anymore, only the email address will.


Figure 16 : Share Profile Composer.

This composer is very minimalistic, it send a very basic email with just the data to display. Now let see the result in my Gmail mailbox :


Figure 17 : Email sent to my GMail account

This email is not a standard one, it's a very basic eApp that read from the Blockchain the data of the sender according to my access rights as I've no right nothing is displayed, from my ProMail I will now change the access right for this user & save it in the Blockchain.

To do so, I'm clicking on Permission and set only Read Last Name & Read Birthday like it can be seen here :


Figure 18 : Setting 2 properties

Setting 2 attributes in this implementations is 2 call to contract functions, then we can see on Etherscan the realization of it :



Figure 19 : Blockchain has processed 2 transactions


Now if we refresh the email in my GMail inbox you will see the modifications :


Figure 20 : Email updated with new rights !

As you can understand this is a very simple example, but the possibilities of this two technologies are just endless, a complete new world of decentralized application is possible making true a global digital economy !!

Digging in the implementation

ProMail is part of the game of modular product called ProSuite : http://prosuite.fr all this products are designed to be expandable, it means it's possible to develop Plug-In for them, here a guide about it : https://goo.gl/Gq6Ai6

We have developed a specific language for it called VScript (VDOM Script), to make it easy to learn for the maximum users the language in its syntax and behavior is very near from VB Script. Then to write a Plug-In for ProMail is more or less the same than to develop a macro in Excel or other Microsoft's product.

Here you will find a description of ProMail Object Model : https://goo.gl/7WMZWm

This article is about building an eApp that communicate with a DApp (Smart Contract), we will not dig much in the eApp development, here some documentation about building eApp https://goo.gl/wBgiam

We are now going to see how to communicate from a VScript plug-in to the Blockchain

Blockchain protocole in VSCript

VScript is a language compiled by our own transpiler (https://en.wikipedia.org/wiki/Source-to-source_compiler) to Python, this transpiler is part of the VDOM Runtime (you can see the source code here https://github.com/VDOMBoxGroup/runtime2.0/tree/master/sources/vscript) the technology used to develop either ProMail & Email Active Content.

In ProMail VScript extensions a specific wrapper has been designed to access to web3.py (https://github.com/pipermerriam/web3.py) objects.Then to implement a client that perform RPC to a node you need to create a new web3client object like this :

set myclient = new web3client

What we will do now is to describe the code used in differents operations performed in the macros of teh plug-in. Most of what we will present here is not generic & must not be used for production purpose, it's given as an example to use the VScript implementation of Web3.py to access to the Blockchain !

CREATE a new account for the user in Myprofile macro

What we are discussing in this paragraph are related to the macro MyProfile, the figure 21 present the code editor in the Plug-In environnement of ProMail.

Figure 21 : Code editor of the Macro MyProfile 

When the user has not yet initialized his own account on the Blockchain we need to create one for him.

The client will then connect to a node (there is one running in the AppInMail infrastructure)  by setting some values, like this

myclient.host = client_host
myclient.port = client_port

we will now create the account by using a given password & transfer 2 ether from the main AppInMail account, to do so we will use an other instance wallet of the client to connect to the AppInMail account.

acc = myclient.create_account(client_password)
save_account(acc)
set wallet = new web3client
wallet.host = client_host
wallet.port = client_portwallet.account =mainwallet
wallet.unlock_account(mainpassword)
tid = wallet.send_ether(acc, 2)

The method create_account return the public key of the account.

DEploy the identity contract for this new user


abi = "[{""inputs"": [], ""constant"": true, ""name""...
code = "606060405234156200001057600080fd5b60405162001...


We assume the contract has been already compiled & we have the compiled code in the variable code (we are using for this demo this contract : https://github.com/EAC-Technology/Identity/blob/master/identity.sol ) and the abi structure is stored in the variable abi.

args = xml_dialog.get_answer
...
param = Array
Redim param(7)
user = appinmail.currentuser()
param(0) = user("guid")
param(1) = args("firstname")
param(2) = args("lastname")
param(3) = args("email")
param(4) = args("phone")
param(5) = cint(split(args("birthday"), ".")(2))
param(6) = cint(split(args("birthday"), ".")(1))
param(7) = cint(split(args("birthday"), ".")(0))

tid = myclient.deploy_contract(abi, code, param)


While deploying the contract the constructor is passed with the initial values of the user identity input like it can be seen in the Figure 14 upper. the special object xml_dialog with the method get_answer return the values input by the user in the form. The variable param is an array mapping the index to the value structure of the constructor.

READ the data stored in the Blockchain

As now we have stored the data in the Blockchain we can read it, the identity.sol contract define an ACL (Access Control List) to be able to read this data except if it's the owner who read it. The identity of the reader is define by the client access to the node (account & password). Here we have generic function to read the data from the Blockchain, it use a function for each peace of data to read.

To call a function of the contract it's needed only to use the method contract_call this procedure is free of gaz, only saving data on the Blockchain use Gaz.

function read_profile(client)
 d = new dictionary
 d("firstName") = client.contract_call(abi, contract_id, "getFirstName")
 d("lastName") = client.contract_call(abi, contract_id, "getLastName")
 d("email") = client.contract_call(abi, contract_id, "getEmail")
 d("phone") = client.contract_call(abi, contract_id, "getPhone")
 birthday = client.contract_call(abi, contract_id, "getBirthday")
 d("birthday") = birthday(2) & "." & birthday(1) & "." & birthday(0)
 read_profile = d
end function

The function return a dictionary of the data stored in the Blockchain.



SET PERMISSIONS

We will now see how to define permission to allow or not an other user to see our data. One Macro is especially done for this : Permissions. We will not dig into all aspects of it, we will concentrate on the interaction with the Blockchain.

function set_permission(param, id, currentValue, newValue)
  param(1) = id
  if currentValue <> newValue then
    if newValue then
      myclient.contract_call(abi, contract_id, "grantAccess", param, 0, true)
    else
      myclient.contract_call(abi, contract_id, "revokeAccess", param, 0, true)
    end if
  end if

end function

As we can see it's a simple wrapper over the function grantAccess & revokeAccess of the Smart Contract. To call this function we use on the instance of the web3 client the method contract_call.

The method accept this list of parameters :

  • abiApplication Binary Interface is the interface of the contract.
  • contract_id : it's the address of the contract.
  • contract_function : What is the function called on this contract.
  • function_parameters : An array of value that represent the parameters of the function.
  • ETH_amount : How many Ether are sent to the contract, in case of it's needed.
  • Transaction : Is it a transaction or a call, it means is the operation will change the state of the contract or not, if yes it will cost some Gaz. In this implementation the Gaz is internally calculated.

Sharing the data stored in the Smart contract in an EAC Email

We will now study the email macro ShareProfile, unlike the other macro this one is not added as a button in the plug-in bar, but it's part of the email composer, this is define in the parameters of the macro.


Figure 22 : Macro properties

We can see here the Location dropbox, the value Mail composer configure the place from where the macro will be lauch.



Figure 23 : Mail composer location

This dropdown allows the user to select what kind of email he wants to send. In our case, it's an email to share some of his personal data with someone else.



TO BE CONTINUED ...


2 commentaires:

Failles de sécurités dans les Emails actuels - Les solutions apportées par la technologie EAC.

Les failles de l'email actuel La nécessité d'avoir des emails plus dynamiques et plus en adéquation avec les usages actuels ...