Much of the work in our project centers around open protocols.
We use as much of what we find as is, but new ideas sometimes
call for new protocols, and the design of these is a bit of a
roller-coaster ride. KXOVER is an interesting example.
While developing our IdentityHub, the core facility
where users control their online identity and get
security and privacy in one go, we need to connect
a number of microservice. We made a few surprising
choices and smile on the benefits.
When it comes to secure authentication, the web
is in a much worse shape than email. But that's
not due to email; it is the web that habitually
ignores all the advances that are used everywhere
else! Since the web is important, we want to extend
HTTP with SASL, the general framework that works so
well for almost all the other protocols.