This is the user flow using their #nostr #safebox web app in the role of a verifier. In this example they are asking another user (off camera) to present their Nost Preferred Member Card for verification.
https://video.nostr.build/b4eab187eebfd33a1cd27cb1230c5b55ed5d5cbb7ff4c9798b99173eca1fff17.mp4
I am now %100 certain that I can build a permissionless, decentralized credential presentation and verification system.
In the example below, the only unencrypted channel is the visual invocation and acquisition of a #nauth presented as a QR code. Once acquired, the rest of the communication, including the request for, and presentation of a credential is done via negotiated encrypted channels.
The end user web apps (the UX front end of #safebox) only communicate to their own user; they do not directly communicate with one another. Actually, each app has no clue, nor cares where the other app is running. All inter-app communication is done in real-time using gift-wrapped encrypted messages.
It's the #nostr protocol that enables this. IMHO, the killer-app for #nostr is rather a killer-capability for every app tha wishes to securely communicate with any other app, so long as they have a #npub, and a pool of available relays.
