In brief
- Lightning Labs released specs for its LSAT protocol standard today.
- The protocol would allow receipts on Lightning Payments to serve as credentials for online services
- Lightning Labs believes this could be a more seamless and privacy-preserving way to engage in online commerce.
What if you could log on to any of your favorite websites and services without an email, a username, or a password? What if, instead of entering your personal information to join a social media platform, all you’d need to do is send a one-time micropayment and keep the receipt?
This is the future Lightning Labs envisions with the Lightning Service Authentication Token (LSAT for short), at least in regards to how developers share access to infrastructure and services. The Lightning Network-focused startup just released the specifications for the standard, which Lightning Labs CTO Olaoluwa Osuntokun teased during his presentation at last October’s inaugural Lightning Conference.
An LSAT is essentially a ticket/receipt that serves as an ID/credential for an online service. The tickets are encoded with information that tells the website what information the user is cleared to access. They are minted using a mix of the old and the new: the HTTPS error code 402 (“Payment Required”) and Bitcoin’s Lightning Network, a secondary network for faster and cheaper payments. The error code provides the basis for a “paywall,” while the Lightning Network provides the means of payment and the ticket, which is proof of authentication.
Under the LSAT scheme, users could pay for a service and receive a receipt for the purchase, which they can then use to prove their identity for future logins—no password or username required. Osuntokun told Decrypt LSATs may be “useful for service providers that expose an end API to the user” for certain services like renting storage and disk space or access rights to data indices.
According to Osuntokun’s post, the benefit here is in the flexibility LSAT provides. You could create tokens with expiration dates to create limited access, for example, or you could even charge customers using metered payments which only invoice when a condition has been met (e.g., a developer paying for hosting capacity by the gigabyte).
“You get a bearer credential, which encodes what/how you can access the service,” Osuntokun said, before providing an example. “I could buy one of these tokens, then give you a restricted version that only lets you upload 1MB a day on [Wednesday]."
as a follow up on my talk on LSAT (Lightning Service Authentication Token) at @LNconf (slides here: https://t.co/WFsxJFQx0x)
here's a demo @gugol whipped up that uses @LightningJoule (+cURL) to demonstrate how tokens can be integrated websites/APIs for auth/payment
code 🔜 pic.twitter.com/FXusOUrjpm
— Olaoluwa Osuntokun (@roasbeef) November 1, 2019
In essence, this authentication works kind of like cookies: bits of data that keep track of what you do on certain websites that are stored on your computer. These cookies are held as reference points (e.g., for login information) for the website and are retrieved when needed. For LSAT, the payment receipt is stored for reference to grant access to online services.
Lightning Labs is calling any and all intrepid Bitcoin Lightning Network devs to test its new toy and build on what it calls the “Lightning-native web.” Lightning Labs has open-sourced Aperture, its own iteration of the LSAT protocol standard. Lightning Labs doesn’t just want developers to see LSAT through its lens only, though; the startup is also encouraging developers to step up and build using the standard.
“The LSAT protocol gives us a glimpse into a Lightning-Native web that is more global, private and extensible,” Lightning Labs’ announcement reads. “We encourage the community to review our recently published specification and also give Aperture a spin as well. We look forward to all the amazing things developers will build with this new standard and our supporting tooling!”