OpenWebAuth is the authentication protocol utilized by Zot6; making use of Webfingers, HTTP Signatures and token generation for headless authentication. Projects like Hubzilla make use of it for authentication.
- Add yourself here… (see this for more details)
- Unclear on where the spec is actually defined
- Uses cryptography in the spec itself rather than keeping cryptography at the transport layer
- Relies on the site you're signing in to to accept the
owtquery parameter in every page, as opposed to confining the authentication code to a single URL that can redirect to the destination later
- Uses HTTP signatures but doesn't specify how the keys are discoverable, so it is unclear where to read to find that out