- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Wed, 7 Aug 2024 13:55:35 +0200
- To: public-nostr@w3.org
- Message-ID: <CAKaEYhLQWiYO8qKw9nrOyYuenegk=6pXjRqOo4Ct2EnYDB2GYw@mail.gmail.com>
Dear W3C Community, I wanted to bring to your attention an interesting protocol specification called NIP-98 (HTTP Auth for Nostr), which defines a method for authorizing HTTP requests using Nostr events. [1] Given the growing interest in decentralized technologies, I believe it could be valuable for the W3C to review NIP-98 and consider how it might align with existing web standards. This could potentially lead to broader interoperability and the adoption of secure, decentralized authentication methods. Key points about NIP-98: 1. It uses a `kind 27235` event (referencing RFC 7235) for authentication. 2. It leverages the `Authorization` HTTP header with a `Nostr` scheme. 3. It includes built-in protections against replay attacks and request tampering (currently a SHOULD/MAY). 4. It uses a `u` tag to reference a URI (currently a MUST). One area that could benefit from W3C expertise is the handling of multi-part uploads. There's an ongoing discussion in the Nostr community about reconciling NIP-98 with NIP-96 (which deals with file uploads) regarding payload authentication for multi-part form data. Input on best practices for such scenarios would be invaluable. There are currently adjacent implementations like Blossom [2] and my own proof-of-concept called NosDAV [3]. An issue with aligning Blossom with NIP-98 is that the website on an HTTP request is mandatory. However, Blossom (Blobs stored simply on media servers) does not have a website, as the blobs are content-addressable. How can we reconcile this? I think this approach could complement our existing work on web authentication and authorization standards. It might be a good idea to start a quick community group document and put it out for review. I look forward to hearing your thoughts on this. Thanks for your time and consideration! Best, Melvin [1] https://github.com/nostr-protocol/nips/blob/master/98.md [2] https://github.com/hzrd149/blossom [3] https://nosdav.com/spec/
Received on Wednesday, 7 August 2024 11:55:52 UTC