I am now %100 certain that I can build a permissionless, decentralized credential presentation and verification system.
In the example below, the only unencrypted channel is the visual invocation and acquisition of a #nauth presented as a QR code. Once acquired, the rest of the communication, including the request for, and presentation of a credential is done via negotiated encrypted channels.
The end user web apps (the UX front end of #safebox) only communicate to their own user; they do not directly communicate with one another. Actually, each app has no clue, nor cares where the other app is running. All inter-app communication is done in real-time using gift-wrapped encrypted messages.
It's the #nostr protocol that enables this. IMHO, the killer-app for #nostr is rather a killer-capability for every app tha wishes to securely communicate with any other app, so long as they have a #npub, and a pool of available relays.
Related Articles
