You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the core binaries that run the passkeys would need to be motorised by Apple and Microsoft in order for them to run on devs and users systems. I was thinking of doing Notorisstion and then co-signing in a 2 steps process . But have no idea if this is workable .
would appreciate feedback :)
The text was updated successfully, but these errors were encountered:
Users passkey , then store passkey signature in nats , then create a nats user , then create a jwt and a cosign key … then sign any artefacts this users produces.
it’s a chain of trust that flows bs into the users passkey that is stored in their Tom chip . Yubikeys also .
Question
I use passkeys to identify orgs and users when they sign in to a golang system that I am working on .
the system produces artifacts into their GitHub or other git servers . These are binaries , WASM , text files.
I plan to produce an SBOM of these artefacts also as an artefact.
Others users can then use those artefacts at runtime in the system.
so I was wondering about using the passkey signature to sign their artefacts.
WASM is the main thing that is run by third parties , because it gives a measure of security ssndboxing . But the binaries also .
I plan to team this up with fish food , which is a golang package distribution system and make it real time with a pub sub overlay system.
https://github.com/tinned-fish/gofish
the core binaries that run the passkeys would need to be motorised by Apple and Microsoft in order for them to run on devs and users systems. I was thinking of doing Notorisstion and then co-signing in a 2 steps process . But have no idea if this is workable .
would appreciate feedback :)
The text was updated successfully, but these errors were encountered: