really cool! the problem with new standards though is that it's hard to adopt. what's your plan to adoption? because nobody will understand it if it's not in terms of things they already use/understand.
curious if this can somehow slot into oauth too, or this is impossible? I've been thinking about oauth proxies that alter the oauth scopes into more fine-grained ones, working on this. maybe this is the key to adoption.
Adoption is definitely the hardest "cryptographic" problem :D
You can think about this as a new auth token to add in your stack. It does not need to grow and take over the world overnight. We have seen how hard it is to change the status quo + how much it can adapt to new ideas (ex: SQL vs NoSQL)
For now I would imagine teams who need more flexibility in their auth stack to adopt this for new API
janwilmake|6 months ago
curious if this can somehow slot into oauth too, or this is impossible? I've been thinking about oauth proxies that alter the oauth scopes into more fine-grained ones, working on this. maybe this is the key to adoption.
positiveblue|6 months ago
You can think about this as a new auth token to add in your stack. It does not need to grow and take over the world overnight. We have seen how hard it is to change the status quo + how much it can adapt to new ideas (ex: SQL vs NoSQL)
For now I would imagine teams who need more flexibility in their auth stack to adopt this for new API
positiveblue|6 months ago
afiori|6 months ago
https://news.ycombinator.com/item?id=39204314
https://news.ycombinator.com/item?id=43499783
https://news.ycombinator.com/item?id=25233311
What are the differences?