It would be great if Internet Identity is opened up for use by any web application outside of IC, which can be great marketing for IC. Plugins, documentation, etc can be developed to make integration easy for web devopers. I asked a question on r/dfinity about this and I got a promising response, only that this needs to be added in the roadmap somewhere:
" There is no inherent technical reason why Internet Identity could not be used by existing web applications – Internet Identity does not block that in any way. That said, the formats we use are pretty specific to the Internet Computer, so this certainly needs a bit of custom work on the side of the relying party/consuming service:
- The assertion issued by Internet Identity is a canister signature (as defined in this section of the IC interface specification). Validating that assertion requires verifying a BLS signature and checking some paths in a Merkle tree, as described in the interface specification section on canister signatures. That’s all not rocket science, but it’s also not standard functionality available in everyday crypto libraries.
- The assertion binds to a public key – in first approximation you may think about it as the Internet Identity canister issuing a certificate on a public key provided by the front-end application. This public key is then used for the actual authentication toward the IC – or potentially some server. In the case of the IC, that means signing ingress messages. For other web applications, this may mean signing a challenge provided by the server with that public key.
If there is a community effort to support Internet Identity as an authentication method in traditional web applications, we will happily provide more detailed descriptions, pointers to code in our implementation, etc."
Also, looking at the document internet-identity/internet-identity-spec.adoc at main · dfinity/internet-identity · GitHub
I see “Frontend application can be served by canisters or by websites that are not hosted on the Internet Computer.”
For the various steps detailed out in the document under the section “Client authentication protocol”, is there sample code that shows how this is implemented on a frontend application that websites that are not hosted on the Internet Computer?