- From: Adrian Gropper <agropper@healthurl.com>
- Date: Wed, 13 Aug 2025 16:45:53 -0400
- To: Tim Bouma <trbouma@gmail.com>
- Cc: Melvin Carvalho <melvincarvalho@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8gGpbcuGW3vbWHT-UsQABREGw0bktMUwerAdf=Mcw3sDw@mail.gmail.com>
This is exactly what I was hoping to understand! - Thank you to Anders for pointing out the user experience and the role of P2P payments that may not be subject to KYC. - Thank you to Melvin for pointing out NWC as a potential, relatively simple answer to my question and the impact of stablecoins as a part of a scalable solution. - Thank you to Tim for pointing out why OAuth is not appropriate for the payments use-case and endorsing NWC. I have no investment in either TLS, NWC, or OAuth / UMA2. As a delegated authorization protocol GNAP, I think, solves many if not all of the security and implementation issues with OAuth and does accept VCs as part of a standardized request format. Given emerging standards for MCP, A2A, and P2P payments, what should be the role of Verifiable Credentials, if any? - Adrian On Tue, Aug 12, 2025 at 8:24 AM Tim Bouma <trbouma@gmail.com> wrote: > It’s what I learned from implementing Nostr Wallet Connect that prompted > me to write this post. I’ve been expanding the protocol to offer and share > records, which prompted me to review the family of protocols from OAuth2.0. > > I realized what was a great tradeoff decision in 2012, delegating security > to the TLS pipes, no longer holds. Too many seams and external > dependencies. I also concluded that there was no longer a need to have > separate entities for Client, Authorization Server, and Relying Party > because you could reduce the flow down to two equally capable > counterpartied. > > All said, OAuth is still fine for the current generation of solutions, but > now I am looking past this horizon where every party in an interaction > needs to be cryptographically assured from end to end. OAuth goes part way, > and there are some great enhancements, but no longer enough. > > As for payments, that was the starting point of my project. I am now > expanding into sharing of records with Nostr Wallet Connect. > > > https://open.substack.com/pub/trbouma/p/why-i-can-no-longer-support-oauth > <https://open.substack.com/pub/trbouma/p/why-i-can-no-longer-support-oauth?r=3r59&utm_medium=ios> > > On Tue, Aug 12, 2025 at 2:34 AM Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > >> >> >> út 12. 8. 2025 v 3:00 odesílatel Adrian Gropper <agropper@healthurl.com> >> napsal: >> >>> I'm so tired of Venmo. >>> >> >> Might be closer than you think. >> >> Now that we have did:nostr and BIP340 VCs it should be fairly >> straightforward to do payments. Here is an example use case: >> >> https://bitcoinmagazine.com/technical/nostr-wallet-connect-bitcoin-usb >> >> >>> >>> - Adrian >>> >>
Received on Wednesday, 13 August 2025 20:46:12 UTC