It’s a cool NIP that I need to read more about.
Basically what I tested was 100% local using Nostr browser extensions to sign an event using a server auth challenge. It’s more similar to NIP-42 however doesn’t need to be a relay, and doesn’t need websockets. It just uses a similar event payload over REST.
So I’d say fewer devices, less network dependent, more transitional sessions using cookies, etc. A simpler approach, but also less features.
You’re more focused on individual nsec protection rather than multi account authentication I take it?
Nostr has a decent way to go with key management - unless you are careful with your private key.
Things like rotating, expiring or migrating - or multi-sig keys, are all under development.
I just needed a simple enough way to add login to a website or web service, that didn’t allow impersonation. It may get replaced as things develop.
Pretty sure that was #[3] usecase for this NIP originally.
Personally I think a whole identity management layer could be built around it.
The current workflow of client > identity > relay is ass-backwards to me. Identity should be front and centre, we’re not utilising it anywhere near as well as we should be and as a result the onboarding process for newbies sucks.
