Yeah, I voted “Modify” as you would need to modify the voting options.
Just “Pass to phase-3” and “Make No Changes” would be good (obviously if it’s rejected, you can always modify it and ask a new vote).
Oh 
I though that “Make no change” means “This proposal is good, don’t change it, I accept it”
I’m not sure how but I missed this sentence " poll indicates the result Make no changes, the proposal will not pass to Phase 3." and somehow assumed it meant the opposite.
So what would be the ideal set of options?
No problems I think you can just put it to vote again with “Pass to phase-3” and “Make No Changes”.
yes / no usually works well. keep it simple.
2 Likes
Can i have access to that login mode repo for the project i started ?
1 Like
Cryptoauth is not yet open source (will be by the end of the year), but you don’t need to set it up yourself. I can generate client Id and secret for you and you can integrate cryptoauth like you would do with “login with google”
1 Like
I would vote yes if it was Open Source
1 Like
In an ecosystem that is largely embracing open-source, having a closed-source middleware does not make too much sense to me. Especially because it’s an authentication middleware, I don’t think it should be opaque and just trusted to be secure.
The OAuth specs are famously vague and leave a lot of room for errors.
How do OAuth authentication vulnerabilities?
[…] One of the other key issues with OAuth is the general lack of built-in security features. The security relies almost entirely on developers using the right combination of configuration options and implementing their own additional security measures on top, such as robust input validation.
source
1 Like
For a login implementation, I’m also not too hesitant on accepting it, just because its closed source and a login system would be an integral part of the PoH framework.
Is there any way to change this proposal so that the final product is Open Source?
Eg: by turning it into an external module that CryptoAuth imports instead of embbeding it the core code?
I know this would depend on CryptoAuth’s architecture, but it’s just an example looking for ways to solve the closed source matter…
3 Likes
I am curious about the future path for the project as well.
@xunkulapchvatal.eth can you please elaborate on this statement. Why was it closed to start with? What is the path to becoming OSS? Why the end of the year and not now?
Thanks 
4 Likes
Hi, yes, So it’s closed source because I’m in the middle of extracting it from monorepo I’ve created two year ago when I started building it together with ethmail and other projects. I’m also cleaning it up from hardcoded values etc. The goal is to have it open source and available for anyone to deploy of their own stack, but it will take some time.
I’ve set myself a dealine to release it as open source by the end of the year.
One more reason for it being closed right now is that managing inflow of requests/PR/questions would take some of my available time (I can work on cryptoauth and ethmail only on weekends right now) and it’s just easier to not do it at this time.
Re. the oAuth implementation, I’m using GitHub - ory/hydra: OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid. for the “protocol” layer (no way I’m going to implement this part myself) and focus on delivering signature validation, wallet support and good UX.
1 Like
If you have limited time, are you the one who is going to work on the login implementation?
Also, I’d suggest that this implementation is started only CryptoAuth goes Open Source.
Also, this path would more sense to me. On my perspective, it would be more beneficial to PoH than the CryptoAuth login on its own. This would make a difference for developments that want to integrate PoH or build around it, without having to rely on Crypto Auth only.
3 Likes
Yes, and no. I have a frontend developer who would help me on the UI and I would be focused on backend changes.
2 Likes
Ok, the signalling proposal passed. As I understand HIP-5 this thread should be updated with Phase-3 tag (and with proper metadata), and I should create binding proposal on snapshot.
What would be good set of vote options for binding proposal?
I think they should reflect concerns mentioned earlier in this thread
It is also a good idea to wait a bit with the final vote to give people time to give feedback on your Phase-3 version of the proposal.
Yeah, I think a commitment to having the system Open Source would be nice to answer the concerns.
The binding options can be “Accept” and “Make no change”.
3 Likes
@clesaege would you be able to edit this post with phase-3 tag and metadata? I’m not sure all people are aware that it passed signalling
What is going on with this? We need this to happen for the marketplace…