Ethan Heilman<p>Just dropped our paper on eprint: OpenPubkey. I welcome any questions/feedback replies</p><p><a href="https://hexagon.space/tags/OpenPubkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPubkey</span></a> adds user-held public keys into OpenID Connect without breaking compatibility. This means users can create digital signatures on the web that are associated with their ID Tokens. Fully signed APIs here we come.</p><p>Our protocol is so compatible with existing IDPs that not only have we been using it in production with Google, Okta, and Microsoft IDPs for over a year, but that IDPs can't even tell that OpenPubkey is being used!</p><p><a href="https://hexagon.space/tags/OIDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OIDC</span></a> <a href="https://hexagon.space/tags/JSON" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JSON</span></a> <a href="https://hexagon.space/tags/JWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWS</span></a> <a href="https://hexagon.space/tags/websec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>websec</span></a></p><p><a href="https://eprint.iacr.org/2023/296.pdf" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">eprint.iacr.org/2023/296.pdf</span><span class="invisible"></span></a></p>