https://tim-bouma.npub.pro/tag/nauth/ https://tim-bouma.npub.pro/tag/nauth/rss/ episodic Wed, 04 Feb 2026 14:54:22 GMT Wed, 04 Feb 2026 14:54:22 GMT https://tim-bouma.npub.pro/tag/nauth/ https://raw.githubusercontent.com/trbouma/assets/main/profile_pic_crop.png Wed, 04 Feb 2026 14:54:22 GMT https://tim-bouma.npub.pro/post/note1rkgdj3yglq7wp8xx9vyhcpdcdmj3gkgqyrnkstaf60lvk2jlylysyjykmw/ https://tim-bouma.npub.pro/post/note1rkgdj3yglq7wp8xx9vyhcpdcdmj3gkgqyrnkstaf60lvk2jlylysyjykmw/ note1rkgdj3yglq7wp8xx9vyhcpdcdmj3gkgqyrnkstaf60lvk2jlylysyjykmw nostr note1rkgdj3yglq7wp8xx9vyhcpdcdmj3gkgqyrnkstaf60lvk2jlylysyjykmw npub1q6mcr8tlr3l4gus3sfnw6772s7zae6hqncmw5wj27ejud5wcxf7q0nx7d5 Sharing some more of my design and architectural thinking for #nostr #safebox.

The first diagram shows the main elements of the substrate capabilities, namely #Blossom, #Cashu, #Nostr, #Lightning, and #Bitcoin. Eventually all of this will be abstracted away from the users who only care about the safekeeping of their #Funds and #Record.

The primary coordinating protocol I am building for #safebox is called #nAuth (you can see the interaction diagram on the next image). #nAuth is built on NIP-17, NIP-44, NIP-59 and extends NIP-47 (Nostr Wallet Connect). I have extended NWC to offer and accept records between safeboxes, and to send and receive payments between safeboxes, so that they don't have to drop down #Lightning to settle payments - they are all cleared using the #Cashu mints.

In the end, my vision is very clear for #safebox (even though the engineering is hella complicated) - to give users the ability to safekeep and use their funds and records, to directly and privately transact with one another, and without necessary reliance on their app, device, or platform provider.

It will take some time - I am rooting out the single points of failure, roots of capture, and invisible gatekeepers, but I see a path to create a global, generic capability that anyone (including agents) can use without permission.

Onward!

]]> Sharing some more of my design and architectural thinking for #nostr #safebox.

The first diagram shows the main elements of the substrate capabilities, namely #Blossom, #Cashu, #Nostr, #Lightning, and #Bitcoin. Eventually all of this will be abstracted away from the users who only care about the safekeeping of their #Funds and #Record.

The primary coordinating protocol I am building for #safebox is called #nAuth (you can see the interaction diagram on the next image). #nAuth is built on NIP-17, NIP-44, NIP-59 and extends NIP-47 (Nostr Wallet Connect). I have extended NWC to offer and accept records between safeboxes, and to send and receive payments between safeboxes, so that they don't have to drop down #Lightning to settle payments - they are all cleared using the #Cashu mints.

In the end, my vision is very clear for #safebox (even though the engineering is hella complicated) - to give users the ability to safekeep and use their funds and records, to directly and privately transact with one another, and without necessary reliance on their app, device, or platform provider.

It will take some time - I am rooting out the single points of failure, roots of capture, and invisible gatekeepers, but I see a path to create a global, generic capability that anyone (including agents) can use without permission.

Onward!

]]> Sat, 31 Jan 2026 18:46:50 GMT https://tim-bouma.npub.pro/post/note1j92mt2rqj95c73hrgqegr5fh6yuxl8fa3s46jz23ql5qjvnluu0qpdzs94/ https://tim-bouma.npub.pro/post/note1j92mt2rqj95c73hrgqegr5fh6yuxl8fa3s46jz23ql5qjvnluu0qpdzs94/ note1j92mt2rqj95c73hrgqegr5fh6yuxl8fa3s46jz23ql5qjvnluu0qpdzs94 nAuth note1j92mt2rqj95c73hrgqegr5fh6yuxl8fa3s46jz23ql5qjvnluu0qpdzs94 npub1q6mcr8tlr3l4gus3sfnw6772s7zae6hqncmw5wj27ejud5wcxf7q0nx7d5 A key point here is that the #nauth protocol uses https/TLS as a publicly available road - not as the secure delivery vehicle as does #OAuth.

This is basically a state/agent-resistant protocol. Using relays as the secure transmittal backbone, it can punch through, route around anything.
A simple block diagram on how…

]]> A key point here is that the #nauth protocol uses https/TLS as a publicly available road - not as the secure delivery vehicle as does #OAuth.

This is basically a state/agent-resistant protocol. Using relays as the secure transmittal backbone, it can punch through, route around anything.
A simple block diagram on how…

]]> Sat, 31 Jan 2026 13:04:44 GMT https://tim-bouma.npub.pro/post/note102we5e4kvav0fcj3ct0mpawfhle0d7ekv6vwrstgumasyhwr9exsx4refw/ https://tim-bouma.npub.pro/post/note102we5e4kvav0fcj3ct0mpawfhle0d7ekv6vwrstgumasyhwr9exsx4refw/ note102we5e4kvav0fcj3ct0mpawfhle0d7ekv6vwrstgumasyhwr9exsx4refw nostr note102we5e4kvav0fcj3ct0mpawfhle0d7ekv6vwrstgumasyhwr9exsx4refw npub1q6mcr8tlr3l4gus3sfnw6772s7zae6hqncmw5wj27ejud5wcxf7q0nx7d5
A simple block diagram on how two instances of #nostr #safebox instances dynamically interact with one another. I have successfully de-coupled the interaction so that each user interacts with their https server only and all interactions are marshalled through relays. For example the QR that is scanned contains only the #nauth information required to create the channel - the npub, the relays to listen on etc.

What is really cool is that I can have a #nostr #safebox running as localhost, behind a firewall, and it can communicate seamlessly with any other nostr safebox on the planet, automatically. Throw in WebSockets, I have full-duplex dynamic interaction channels intermediated via relays. For fun, I might add in real-time chat (but not to replace White Noise )

Plus the added bonus - I decided to bite the bullet on integrating post-quantum algorithms, so no PQC-FUD.

The next major lift is integrating Blossom blob support. I have mapped out the approach and plan to add the same PQC-resistant scheme for encrypting the blobs.

Onward!

]]>
A simple block diagram on how two instances of #nostr #safebox instances dynamically interact with one another. I have successfully de-coupled the interaction so that each user interacts with their https server only and all interactions are marshalled through relays. For example the QR that is scanned contains only the #nauth information required to create the channel - the npub, the relays to listen on etc.

What is really cool is that I can have a #nostr #safebox running as localhost, behind a firewall, and it can communicate seamlessly with any other nostr safebox on the planet, automatically. Throw in WebSockets, I have full-duplex dynamic interaction channels intermediated via relays. For fun, I might add in real-time chat (but not to replace White Noise )

Plus the added bonus - I decided to bite the bullet on integrating post-quantum algorithms, so no PQC-FUD.

The next major lift is integrating Blossom blob support. I have mapped out the approach and plan to add the same PQC-resistant scheme for encrypting the blobs.

Onward!

]]> Sun, 18 Jan 2026 17:42:51 GMT https://tim-bouma.npub.pro/post/note12eq60yqewd5fekmq6xcgqdg4rhyjzx88znwpktr686dduru9w42skddxk6/ https://tim-bouma.npub.pro/post/note12eq60yqewd5fekmq6xcgqdg4rhyjzx88znwpktr686dduru9w42skddxk6/ note12eq60yqewd5fekmq6xcgqdg4rhyjzx88znwpktr686dduru9w42skddxk6 nAuth note12eq60yqewd5fekmq6xcgqdg4rhyjzx88znwpktr686dduru9w42skddxk6 npub1q6mcr8tlr3l4gus3sfnw6772s7zae6hqncmw5wj27ejud5wcxf7q0nx7d5 Nostr is the protocol that keeps on giving.

I’ve been following the debate in Open Identity Connect (OIDC) where bearer tokens can be used by anyone who intercepts them. Now there is a panic to further lock down the tokens.

With, #nauth , I don’t have to worry about this, because I effectively have what I am calling ‘channel-binding’. I have 100% assurance that whatever I send to another npub, only they can decrypt and used. No need to bind the bearer token for the purpose of transmitting between two parties.

#nostr #safebox

]]> Nostr is the protocol that keeps on giving.

I’ve been following the debate in Open Identity Connect (OIDC) where bearer tokens can be used by anyone who intercepts them. Now there is a panic to further lock down the tokens.

With, #nauth , I don’t have to worry about this, because I effectively have what I am calling ‘channel-binding’. I have 100% assurance that whatever I send to another npub, only they can decrypt and used. No need to bind the bearer token for the purpose of transmitting between two parties.

#nostr #safebox

]]>