Jons Mostovojs @jonn@social.doma.dev

Ok well anyway, test your code, kids.

Here's a screenshot of sodium.js producing the same key as #doauth #Elixir server.

We are getting places with #doauth cryptography in browser.
Can't wait to polish the second prototype and start integrating it with services, looking at OIDC compliance, etc.

Finally, #doauth is sending stuff over HTTP!

A pretty big day.

With #doauth. it's really easy to make and validate claims, embedded into #verifiablecredentials

We're trying to prioritise #UX for people who want to use our software (as well as, when the time shall come to make frontends, #UX for the end users).

Good morning! Time to fix some #doauth tests I broke while implementing tofu logic.

Logic for #doauth's #tofu is implemented, tomorrow: #phoenix endpoint and maybe deployment to aaa.doma.dev for memes?

A road to #tofu: #doauth servers can almost register themselves, now let's self-sign!

Been a while since I've updated y'all about #doauth.

Well, we can insert credentials under transaction with a very nice interface: a keypair and a claim map.

Underneath, it's 99%-compliant with #verifiablecredentials and #decentralizedidentifiers standards, but on the surface it just gives programmers what they care about!

Here's how to insert a credential / claim in #doauth: https://git.sr.ht/~doma/do-auth/commit/d2a28de2e48dfd3c739b40633b280c4ab4814826#test/db_test.exs-1-4

Today #doauth has verified its first credential.

Going to clean up noisy logging output and push the code tomorrow.

#myelixirstatus

Today #doauth has issued its first credential in testing...

Big things are coming!

#myelixirstatus #ecto #elixir

Because you can't go far without json.

#doauth

Sunday evening #doauth programming.

My Sunday Feeling

#doauth

Oh yeah, baby, nice UX to insert stuff into the database.

Important bit is that we just supplied PK as a string and we let Ecto figure out how to fetch it...

I wish there was a cache layer so that I don't have to query stuff every time I make a changeset...

#doauth #myelixirstatus

A huge milestone for #doauth.

The architecture and data flow spec is encoded in #SQL.

While thinking about a way for #doauth users to control their identity, disclosing nothing by default AND high availability / replication, I came up with the notion of disclosure event logs.

After just a little bit of tinkering with the definition, it turned out that it's getting modelled with existing approach to credentials / claims really well.

I love that immediate positive feedback on design and architecture.

#doauth

I really like the fact that there is a very high theoretical ceiling for #doauth

Our colleagues from other companies that are working on modern identity-related products are already investigating usage of #ZKP to reduce correlation attack surfaces.

A rare occurrence when being in cryptocurrency business since 2013 pays off — I already understand quite some stuff about zero knowledge cryptographic systems, so it won't be too hard to catch up! 🏃

I'm really bummed out by the fact that #elixir doesn't come with a property-based test engine.

Since propex is unstable right now, I write plain stupid unit tests and hate every moment of this bullshit.

#myelixirstatus #elixir #doauth

URI implementation: one of the few reasons why you might want to have optional values.

#doauth #did

Joe Armstrong advocated usage of file system to persist key-value mappings, and databases to store data that we need aggregate queries over.

I feel like for #doauth file storage is straight up sufficient, but I'm too afraid to not use #postrgresql with #ecto, because I'll be laughed at or something.