The nice thing about this is that you can use multiple devices per account, and you never have to share a private key. This is different than my original idea, to offer to backup a private key on a server.
You can use one set of keys to grant access to a second set of keys. A use-case, for example:
I sign up on my computer, which means that in my browser I create a set of keys (public & private); the server knows that my DID (public key) is authorized. Then I use the private key on the computer to sign a second UCAN for my telephone. The pub knows how to follow this 'chain' of UCANs back to my original computer DID, which is marked as 'allowed' on the server.
Then later I go to a public library and want to use a computer there, and I can use my phone to create a new, temporary UCAN for the library computer. I think you would use a QR code to help link the library computer to the phone.
It seems like kind of a web design challenge to make it clear what's happening in this case.
The ssb auth is a little different because they are concerned with establishing a websocket connection, a stateful operation. Whereas if you just do it via http, you can validate a write request on a per-request basis.
Look at using UCANs for authentication.
The nice thing about this is that you can use multiple devices per account, and you never have to share a private key. This is different than my original idea, to offer to backup a private key on a server.
You can use one set of keys to grant access to a second set of keys. A use-case, for example:
I sign up on my computer, which means that in my browser I create a set of keys (public & private); the server knows that my DID (public key) is authorized. Then I use the private key on the computer to sign a second UCAN for my telephone. The pub knows how to follow this 'chain' of UCANs back to my original computer DID, which is marked as 'allowed' on the server.
Then later I go to a public library and want to use a computer there, and I can use my phone to create a new, temporary UCAN for the library computer. I think you would use a QR code to help link the library computer to the phone.
It seems like kind of a web design challenge to make it clear what's happening in this case.
see ssb also
The ssb auth is a little different because they are concerned with establishing a websocket connection, a stateful operation. Whereas if you just do it via http, you can validate a write request on a per-request basis.