This is Coil's implementation of the Web Monetization W3C Proposed Standard.
Coil's extension source code has been transferred to the ILF in the Web Monetization Projects Github Repo.
The key part of Coil's Web Monetization implementation is the Redeemer service.
The redeemer service can be used to improve privacy by protecting the user's identity from
Coil's servers when ILP micropayments are made. It allows users to redeem
anonymous tokens for authorization for Coil's connector.
A scheme (based on the first version of privacypass) can be performed in the extension where the extension generates a set of random tokens. We'll call these anonymous userIds. The extension will then hash and blind each of these anonymous userIds and submit them to the redeemer service. When these are submitted the user is authenticated as themselves, but because of the blinding the redeemer will not know what the anonymous userIds are.
For each of the blinded anonymous userIds, the redeemer service will increment the user's spent balance in redis by some amount (probably a minute's worth of traffic, or $0.006). If the user is close to their maximum amount then the request will fail. If the increment is successful then the redeemer will sign the blinded anonymous userId with a signing key which is unique to the current month. The signature is returned.
Now the user unblinds the signature. The result is that they have a signed anonymous userId, but Coil's servers don't know the owner of that anonymous userId. The extension will likely keep a hoard of anonymous userIds on hand to be used for Web Monetization. We don't want to use them immediately because we want to prevent timing attacks where you can correlate signing of a blinded anonymous user Id to the actual usage of it.
When the user visits a web monetized site, they submit an anonymous userId to the redeemer service (not blinded) along with the unblinded signature. The redeemer service verifies the signature to check that it had signed it. It ensures that the key used was either this month's signing key or last month's, so that the anonymous userIds are not valid forever. If the verification succeeds then the redeemer service returns a BTP token that the user can use.
The user connects to the connector with the BTP token as usual, except instead of their userId it's using their anonymous userId. The anonymous userId has a maximum aggregate balance of $0.006, the same amount which was added to the user's spent balance when they created the anonymous userId. Once the anonymous userId is used up, they throw it away and connect again with the next one.
- Client generates 10 random tokens (called anonymous
userIds). - Client hashes and blinds the 10 anonymous
userIds. - Client posts blinded
userIds to<issuer>/issuer/issue. - Issuer spends 1 minute of balance for each blinded
userIdreceived. - Issuer returns the signatures of the blinded
userIds.
- Client unblinds one of the signatures.
- Client sends signed anonymous
userIdto the Redeemer. - Redeemer returns a BTP token valid for 1 minute of payment.
- When the BTP token runs out of money, repeat.
The complete Web Monetization Service provided by Coil involves more than just the redeemer service. We have created a sequence diagram to show how all our services work together to provide Web Monetization.
It's suggested that you Download this diagram locally for better viewing or to load the source into Excalidraw
Excalidraw Source File: Web Mon Excalidraw
These have been included as examples of some of the services needed as part of Coil's Web Monetization Implementation.
The services directory contains:
cbsChallenge Bypass ServerconnectorSample ILP ConnectorredeemerRedeemerredeemer-privacy-workerCloudFlare Workerspsp-serverSPSP Server The SPSP server is an example service that does payouts of streaming payments via ILP.
The packages directory contains:
redisThe redis package used byredeemerHandles controlling the bucket throughput for Web MonetizationmetricsCoil specific package used to report metrics to monitoring services to ensure uptime NOTE: This package is not included in this repository