Add MAYBE.md, update task list.
[?]
Jan 18, 2016, 3:06 AM
373LXH2XPXZJYSC4NJGWC7ZX3MBAPNMRQFKOWNB7T2XUHUKSZY2ACDependencies
- [2]
AVDFWICBMore musings for the TASKS file. - [3]
MGOF7IUFUpdate TASKS list to reflect completed projects. - [4]
EZQG2APBUpdate task list. - [5]
A6HKMINBAttempting to improve JSON handling. - [6]
MB5SHULBAdd route for accepting an invitation with an existing account - [*]
AXKKXBWNInitial attempt at writing down my ideas for a company based on trust.
Change contents
- file addition: MAYBE.md[8.2]
Maybe!======This is a place to document crazy ideas of things that we couldimplement. It is intended to serve as a source of inspirationto people joining the fixpoint aftok.Big Ideas---------### Plan for merges as well as forks.It's fully to be expected that some aftoks will splinter. But it'sequally possible that separate aftoks might want to join forces!The payout algorithm could take into account independent projecthistories in a way that allows payments to be allocated fairlyirrespective of how projects of split and recombined.### Build an integrated hosting platform.The idea here is to build something like Heroku, or a Docker hostingservice, with additional support for users to make things likesubscription-based services trivial to build. Hosted, secured accountmanagement seems like something really useful for people buildingnew applications.Smaller Ideas-------------### Library Features* Timeline* Secure the event log via inclusion of periodic hashes of the loginto a public blockchain?* User* Add public keys that can be used to sign requests. How does this interactwith certificate-based auth from browsers? Require openpgpjs?### Webapp / API Features* Login* Evaluate OpenID and jwt.io* User Creation* Require user to provide the PGP public key that will be used to authenticate requests* Authentication* Require bodies of all requests to be PGP-signed; this would take the place ofother authentication. - edit in TASKS.md at line 33
* Come up with a user-friendly and reliable way to ensure that usersdon't make errors in their BTC addresses. Maybe use very smallconfirmation transactions, as is done when establishing ACH accessto checking accounts? - replacement in TASKS.md at line 57
* Previously, I had thought it would be easiest for payments to be made directly toa per-aftok BTC address, and a subsequent transaction used to then distributethat transaction to the participants. However, I now think it makes more sense topresent the payer with a transaction to complete and sign that sends funds directlyfrom their wallet to the participants, as a multiparty txn requiring signaturesof both the aftok server (which would sign in advance) and the payer. This avoidsthe central server even momentarily having control of any funds.* Use the BIP-70 Bitcoin Payment Protocol to create payment requests.* Record requested payments - edit in TASKS.md at line 66
* Read history of payments and provide reconciliation and recordkeepingfunctionality.* Record BTC/USD (and other currencies) exchange rate at time of transactionto aid in recordkeeping requirements of U.S. tax law. Since BTC is treatedas property rather than currency, one must track the basis price in orderto correctly report capital gains, in much the same fasion as is done forstock. - edit in TASKS.md at line 81[4.3394]→[4.283:326](∅→∅),[4.339]→[4.326:339](∅→∅),[4.326]→[4.326:339](∅→∅),[4.339]→[3.1:72](∅→∅),[3.72]→[4.483:767](∅→∅),[4.483]→[4.483:767](∅→∅),[4.767]→[3.73:124](∅→∅),[3.124]→[4.820:931](∅→∅),[4.820]→[4.820:931](∅→∅),[4.931]→[3.125:209](∅→∅),[3.209]→[4.1014:1075](∅→∅),[4.1014]→[4.1014:1075](∅→∅)
Future Work===========Library-------* Timeline* Secure the event log via inclusion of periodic hashes of the loginto the public blockchain?* User* Add public keys that can be used to sign requests. How does this interactwith certificate-based auth from browsers? Require openpgpjs?* Payouts* History of payouts (read from blockchain?)Webserver---------* Login* Evaluate OpenID and jwt.io* User Creation* Require user to provide the PGP public key that will be used to authenticate requests* Authentication* Require bodies of all requests to be PGP-signed; this would take the place ofother authentication.Payouts Service---------------