Oddbean new post about | logout
 Also, in the client-server design, normally the frontend has to authorize with the backend to access a protected resource (the database).

On Nostr the database is public. The keys are what's private.

So in Ditto, despite using a traditional client-server design, it is actually the backend which needs to authorize with the frontend to access the keys.

Soapbox (frontend) has security measures and access controls to authorize the backend to use its keys. So the frontend actually grants an access token to the backend in this design.

I believe this is what @hodlbod was trying to say in our call earlier. 😂