Cool. I have a (poor man’s) “Login with Nostr” prototype for Ruby using cookies for sessions.

Why does this matter? You can log into websites without sharing your private key, while still proving you have access to it. Impersonation is not possible.

Most Nostr sites today just load your pubkey and then ask to sign posts as you publish them - that’s fine too. The goal here is to only show content for that pubkey - so proof you hold the private keys are required sooner (basically just a normal login).