Discussion: Using Dotlicense for Subscription SaaS / Web Apps

[cryppadotta]

I think Dotlicense could be used in a web context for SaaS apps. If you used a Metamask/signing-based login then you could use that proof of ownership to verify an active subscription.

For example, see meta-auth for a Metamask-based login with Node middleware. (Note: I haven't tried meta-auth and I can't vouch for it's security, but I think it's an interesting idea.)

This could work with Dotlicense like this:

1. The user has paid for a subscription-token on-chain
2. For a user to log in they sign a challenge, proving they own the given address (and the webserver sets a cookie so that this only has to be done as often as you would log in normally)
3. The webserver now knows the identity of the user, as well as the user's ETH address. This means the webserver can check on-chain if the user's subscription is valid and unlock features accordingly.

As of writing, I haven't built any of the supporting Web UI libraries nor the Node middleware, but once we have Dotlicense working, it should be straightforward to do this.

[nickoneill]

I'm pretty confident in this direction. As I outlined the other day in telegram, this uses eth-sig-util to do ecrecover on the signature to get the public key -> address. https://github.com/MetaMask/eth-sig-util/blob/master/index.js#L102