Welcome to the repository for the HTTP Authentication Using Schnorr Signatures specification, developed by the W3C Nostr Community Group. This specification defines a decentralized and secure method for authenticating HTTP requests using Schnorr signatures.
🔗 Read the latest draft of the specification: https://nostrcg.github.io/http-schnorr-auth/
As decentralized applications gain momentum, there's a growing need for secure, user-centric authentication mechanisms that don't rely on centralized authorities. This specification leverages Schnorr signatures—widely used in cryptocurrencies like Bitcoin and Litecoin—to provide a seamless, secure, and privacy-preserving authentication protocol suitable for modern web applications.
Schnorr signatures are renowned for their simplicity, efficiency, and provable security. Their adoption in blockchain technologies underscores their robustness and suitability for decentralized systems. By integrating Schnorr signatures into HTTP authentication, we aim to bridge the gap between traditional web services and decentralized authentication methods.
- Single Sign-On (SSO): Authenticate across multiple services using a single cryptographic identity, eliminating passwords and enhancing user experience.
- Decentralized Authentication: Enable authentication in decentralized apps where traditional methods fall short, giving users control over their data.
- Blockchain Integration: Use existing cryptographic keys from blockchain networks to authenticate with web services securely.
To implement or experiment with the specification:
-
Read the Specification: Familiarize yourself with the protocol details by reading the latest draft.
-
Reference Implementations:
- C# ASP.NET Authentication Handler: NostrAuth.cs
- (More implementations coming soon!)
-
Implement the Protocol:
- Clients: Construct and sign authentication events using your private Schnorr keys.
- Servers: Validate incoming authentication events as per the specification guidelines.
We welcome contributions from the community! Here's how you can get involved:
-
Report Issues: Found a bug or have a feature request? Open an issue to let us know.
-
Submit Pull Requests: If you'd like to contribute code or documentation improvements, please:
- Fork the repository.
- Create a new branch for your feature or fix.
- Submit a pull request with a clear description of your changes.
-
Join the Discussion:
- Mailing List: Subscribe to the public-nostr mailing list for updates and discussions.
- GitHub Discussions: Engage with other contributors on GitHub Discussions.
Stay connected with the W3C Nostr Community Group:
- Website: https://www.w3.org/community/nostr/
- Meetings: Regular meetings are held to discuss progress and collaborate on the specification. Details are available on the community group's website.
- Contact: For any inquiries, reach out to the group's chair, Melvin Carvalho.
This work is licensed under the terms of the W3C Community Contributor License Agreement (CLA).
By contributing to this repository, you agree that your contributions are licensed under the CLA.
We extend our gratitude to all the contributors and community members who have supported the development of this specification. Your expertise and dedication are invaluable.