Nostr Web Client

For my project #nostr #safebox I am developing an authentication protocol which I am calling #nauth. The reason I developed this new protocol is so that either party, name initiator and recipient can initiate the protocol. I wanted to address a situation where only one party might have the ability to scan a QR code, either the patient or the physician. The QR code is merely an out-of-band initiation method, it could be a text or whatever. So here goes,

1. Initiator prepares and sends a #nauth request consisting of:

a. Initiator npub

b. nonce

c. auth kind

d. auth relays

e. transmittal kind

f. transmittal relays

2. Recipient receives #nauth request (usually by scanning a QR code). The recipient inspects the #nauth request and returns another #nauth request as a NIP-59 gift wrapped message using the specified auth kind and auth relays

a. Recipient npub

b. nonce (should be the nonce provided)

c. auth kind (may be the same or different)

d. auth relays (may be the same or different)

e. transmittal kind (may be the same or different)

f. transmittal relays (may be the the same or different)

3. The initiator, upon receiving the #nauth , inspects to see if the nonce is ok, and that the parameters are satisfactory. If so, it may provide an acknowledgment via an out-of-band indication, or through the auth kind/ relays channel proposed.

4. All secure transmittals are sent as giftwrapped messages as kind=transmittal kinds. Any subsequent authentication control messages are sent as gift wrapped messages of kind=auth kind.

BTW, I have this all implemented in #nostr #safebox for #mednostr and it is working like a charm so far. With this scheme I have 99.99999% confidence that health data records are being transmitted with no third party surveillance or model training.

nostr:npub1healthsx3swcgtknff7zwpg8aj2q7h49zecul5rz490f6z2zp59qnfvp8p

Reply to this note

Please Login to reply.

Discussion

Matt 10mo ago

This is awesome work 👏

Zen 10mo ago

Does the nAuth scheme accomplish the same patterns of Single Sign On that OAuth has established? I've never done much work to understand the latter system, it's always seemed kind of bloated to me

Tim Bouma 10mo ago

Yeah, pretty much. The big difference is that you don’t need a centralized authorization server and the messages are relayed via npubs instead of a bunch of rest api calls and endpoints. I am now adding in scope to round out what OAuth does.

nosfabrica 10mo ago

SafeBox and #nauth is going to be an absolute game changer for medical records!

No more centralized hacks or YOUR data being shared or sold off without your consent...

Well done nostr:nprofile1qqsqddupn4l3cl65wggcyehd009g0pwuatsfudh28f90vewx68vrylqpr3mhxue69uhhyetvv9ujummsv4hxyctvv9hxxefwv9c8qtcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz7s3klxl 👏 let's keep pushing in the Challenge!

nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug nostr:nprofile1qqstsw3gkljwt5stm9svt7htvcjlj4ffze4chkcyt4pxxj30xkgeg5qprpmhxue69uhhwetvvdhk6efwdehhxarj9emkjmn9qyg8wumn8ghj7mn0wd68ytnhd9hx2qgcwaehxw309ac8yetdd96k6tnswf5k6ctv9ehx2aq95gptt nostr:nprofile1qqsxae3qmkt8jlwmuquu8yualhnn8rcy9vf2kwr22d6rwls93pz4lrspzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgjwaehxw309ac82unsd3jhqct89ejhxqgdwaehxw309ahx7uewd3hkcpfs4xy

nostr:nevent1qqsgjsvctm50zjddk9tf7esgs26dfg4h0u04e5fudwlpvnapudnr2espz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygqxk7qe6lcu0a28yyvzvmkhhj58shww4cy7xm4r5jhkvhrdrkpj0spsgqqqqqqslqcq7e