Nostr Web Client

That’s my gut feeling too. You only need SD-JWTS and ZKPs if you over-collection information in the first place. Authorities love them, because it gives them an excuse to over-collect with the false assurance they can give you a ZKP when you need (beg for) one.

mfostr 5mo ago

I can envision an offline, local-first P2P mesh network connecting NFC, Bluetooth, WiFi Direct, and LoRa, with Transport Bonding, built around assertion claims and attestations. Layered interoperability could ensure the user remains in control through distributed capabilities.

It might be a pipe dream, but I’d like to see a protocol of TEE enclaves using distributed Git checksum proofs, combined with Schema Negotiation between servers and clients. This would apply an orthogonal method for verifying trusted remote execution of an oblivious pseudo-random function exchange, one that maps up to a trust registry at the DNS level for maintaining NIP-05 usernames in a way that is distributed and private. Domains are currently subject to renewal issues so managing state changes with NIP-03 on OP_RETURN and an alternative routing mechanism might be an interesting approach. It would need to be managed by open-source developers of course.

These ideas have surfaced across several overlapping communities. After exploring Solid, Linked Data, OpenSocial, ActivityPub, FOAF, and Web5, I believe the simplicity of the Nostr protocol, with its relay model, is a step in the right direction. The openness of the community and the NIPs is a breath of fresh air.

The main question and fuzzy area that you mentioned is how to engage with some kind of presentation exchange with the current centralized system. Could there be interoperability bridges with mdoc/mDL, etc. https://docs.walt.id/community-stack/concepts/digital-credentials/mdoc-mdl-iso

Of course, the Verifiable Credentials community has been attempting it via DIF and other overlapping projects like OpenWallet etc. Do any of these communities have a chance?

Reply to this note

Please Login to reply.

Discussion

Tim Bouma 5mo ago

I was in the Verifiable Credentials community for years. I think the simplicity of Nostr has a better chance of success in the long run.

mfostr 5mo ago

I am leaning that direction as well, what are your thoughts on how to interoperate? What about mdoc/mDL? If this is the standard for issued IDs could it be used in a way that is more secure as long as it’s an ephemeral one way push with a schema negotiation between clients and relays via a trusted registry of privacy preserving endpoints.

I have been following the No Phone Home awareness.

https://blog.identity.foundation/no-phone-home/

and the privacy concerns of mDL

https://nophonehome.com/mdl-privacy-concerns/

mfostr 5mo ago

https://trbouma.substack.com/p/its-not-about-global-state-its-about

This is the way! We must protect local and prevent the tracking!

https://youtu.be/LaiN63o_BxA

Tim Bouma 5mo ago

I am a signatory of the No Phone Home. I’ve concluded that ‘credentials’ is no more than a digital implementation of a medieval model and we need to move to private decentralized record sharing and attestation. That is what I am trying to do with #nostr #safebox and attestations

mfostr 5mo ago

We are definitely on the same page. What is your vision of how it will work with issued IDs? Could it even work with mDL or is the standard not capable of passing attestations down to safebox to be handled offline? Is this concept in your crosshairs?

Tim Bouma 5mo ago

Taking a total greenfield approach. All the mDL stuff is too far gone and captured. Let it play out naturally. Looking for underserved communities than are willing to leapfrog.