xGov 178 is a proposal to build SIWA - Sign In With Algorand. For Web3 builders who work with Next.JS it is essential that we have a standardized security protocol. For Web3 builders who work with EVM or who plan on building multi-chain applications, it is essential that Algorand have a security protocol that is on-par/tightly integrated with EIP-4361, the best-practices security protocol and library that is the basis of SIWE - Sign In With Ethereum.
Rationale:
I’m building a cloud hosting provider for Web3 called Xspace. We currently support account login with Github, Google, and Optimism via SIWE. Xspace is a Next.js application and we use next-auth (now auth.js) for secure login. I want to add support for login with Algorand as well. But security is a top priority and I want to make sure that the Algorand login protocol adheres as closely as possible to EIP-4361. Instead of just building this for Xspace, I want to build a standardized, best-practices security library for the ecosystem. SIWA - Sign In With Algorand) will integrate seamlessly with SIWE, next-auth, and other security providers.
I’ll be expanding more on the design and methodology in the next 1-2 days, but just wanted to get the basic outline for this out there. Expect this post to be updated quite a bit more. Next I’ll be sharing a technical overview of the approach I’ll be tackling. Check back for updates here!