Tim Bouma on Nostr: The penny is dropping for me: I’m realizing that nostr can be the simple inter-app ...
The penny is dropping for me: I’m realizing that nostr can be the simple inter-app protocol that enables authentication between any two npubs that have agreed to communicate via a set of relays.
In building #nostr #safebox, I have also built a protocol which I am calling #nauth (no authentication), which allows any two npubs to negotiate how to communicate with one another. The invocation is typically a QR code that contains all of the #nauth parameters. The recipient inspects the #nauth, then decides to reply via the auth relay. If all is copacetic, they can transmit data via the transmittal relays.
The beauty of the #nauth protocol, is that there is no authentication provider or authorization server in between. This is #OAuth, that enabled global platforms to evolve, but does not get you out of the centralization trap. With #nauth this is not a problem because the relays have a limited role; they cannot see the data, control no password or keys, and can be switched out at a moment’s notice.
Suffice it to say, I am pretty excited about this inter-app protocol as I believe it will change how we use trusted services on the internet!
Hi level block diagram of #nostr #safebox
The #acorn component is the hidden guts that has all of the magic. The web app and cli are just clients. All interactions, aside from the initial QR codes for credential offers and verifications are mediated through nostr relays via NIP-17-like giftwrapped messages. Impossible for eavesdroppers to get in between the credential offers, presentation and verification interactions.
Published at
2025-05-04 20:36:15Event JSON
{
"id": "21974bacb31b58bc81b782314e3cfe3e753fdd949ee0230e73baddda0e26a405",
"pubkey": "06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c",
"created_at": 1746390975,
"kind": 1,
"tags": [
[
"p",
"06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c"
],
[
"t",
"nostr"
],
[
"t",
"safebox"
],
[
"t",
"nauth"
],
[
"t",
"nauth"
],
[
"t",
"nauth"
],
[
"t",
"nauth"
],
[
"t",
"oauth"
],
[
"t",
"nauth"
]
],
"content": "The penny is dropping for me: I’m realizing that nostr can be the simple inter-app protocol that enables authentication between any two npubs that have agreed to communicate via a set of relays.\n\nIn building #nostr #safebox, I have also built a protocol which I am calling #nauth (no authentication), which allows any two npubs to negotiate how to communicate with one another. The invocation is typically a QR code that contains all of the #nauth parameters. The recipient inspects the #nauth, then decides to reply via the auth relay. If all is copacetic, they can transmit data via the transmittal relays.\n\nThe beauty of the #nauth protocol, is that there is no authentication provider or authorization server in between. This is #OAuth, that enabled global platforms to evolve, but does not get you out of the centralization trap. With #nauth this is not a problem because the relays have a limited role; they cannot see the data, control no password or keys, and can be switched out at a moment’s notice.\n\nSuffice it to say, I am pretty excited about this inter-app protocol as I believe it will change how we use trusted services on the internet!\n\nnostr:note1ccruvurk5ckq4gaxts0lpjkg2lp9j5952t0s4pv3zle4terrqelqknzcxa",
"sig": "59e240a7c28a1b7b07077c3d43b26d3d2480501fd3fc0773144c798e05093524772c062701dad80f92490020c3bc163d0d2813e3ba6f24aeb76ae1bfe7c1a5ab"
}
