Show HN: Kliento, simpler machine authentication without API keys or JWTs
veraid.netKliento is a workload authentication protocol that brings the concept of Kubernetes- and GCP-style "service accounts" to the whole Internet in a vendor-neutral and decentralised way.
It uses DNSSEC to embed the full chain of trust in the credentials, so servers won't have to query external systems during verification. Think of them as short-lived JWTs that can be verified entirely offline by the server. This means that there are no long-lived secrets to protect, or public keys to configure or retrieve during verification.
We built the underlying technology, VeraId, for humanitarian purposes, but we lost the funding due to the recent foreign aid cuts. VeraId has been independently audited <https://veraid.net/about/#security-audit> and has an Internet-Draft: <https://datatracker.ietf.org/doc/html/draft-narea-domainauth...>.
I'm trying to figure out if I should continue to invest in this technology, so any feedback -- whether positive, negative or neutral -- will be much appreciated! Having worked at Auth0, I believe this could drastically simplify things on the client and server sides, but there's still a lot to do to realise that full potential and I'd like to gauge the extent to which folks might want to try it.
No comments yet.