NIP-DA: Permissioned Private Data Sharing (Scoped Data Grants)#2411
Open
JAFairweather wants to merge 1 commit into
Open
NIP-DA: Permissioned Private Data Sharing (Scoped Data Grants)#2411JAFairweather wants to merge 1 commit into
JAFairweather wants to merge 1 commit into
Conversation
JAFairweather
added a commit
to JAFairweather/nostr-scoped-data-grants
that referenced
this pull request
Jul 11, 2026
Nontact now lives at github.com/JAFairweather/nontact (extracted with history via subtree split; MIT). This repo is the protocol home: - Remove web/ and the `web` npm script; root index.html redirects to the hosted Nontact (jafairweather.github.io/nontact). - README gains an "Applications built on NIP-DA" section listing all four apps (Nontact, Nvelope, Notegate, Nvoy) with live URLs and repos; drop the old embedded Nontact section and the web/ files-table row. - seed.mjs guidance points at the Nontact repo. Lib-only smoke test stays green (11/11 local). SPEC.md untouched (under PR review at nostr-protocol/nips#2411). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This NIP defines permission-based sharing of private, live-updating personal
data (e.g. contact cards) between keyholders. Each user maintains one
encrypted, authoritative record per scope on relays; access is granted by
privately delivering the scope's symmetric key inside a NIP-59 gift wrap.
Relays store only ciphertext and never learn who granted access to whom.
The result: contact data with N self-maintained records instead of N²
rotting copies — updates are free, revocation is a key rotation, and the
address book becomes an emergent view.
Against the submission criteria:
spec — a JavaScript reference library (isomorphic Node/browser, powering a
working contact-manager client) and a Go CLI built on go-nostr. A
cross-implementation test runs both against public relays: each decrypts
the other's scopes via the other's grants, detects the other's key
rotations as staleness, and recovers the address book from the other's
Grant Index.
requires nothing beyond NIP-01 addressable-event semantics and is verified
working today against relay.damus.io, nos.lol, and relay.primal.net with
zero relay changes.
these kinds are unaffected.
liveness, no O(1) updates, and no revocation; NIP-51 private lists carry
no key material. This fills the gap between "public kind-0 profile" and
"DM someone a snapshot that rots."
Related proposals (surveyed before submitting; none covers this):
conversation streams with forward secrecy. This NIP solves authoritative,
addressable data records with live dereference; the problems are
orthogonal and the mechanisms don't substitute for each other.
group chat channels — the closest mechanical cousin, but aimed at
messaging; no addressable data sets, no generation counter, no
rotation-revocation semantics for a personal record.
organization-published records dual-decryptable by org and individual,
with member key delegation. Different topology: org→individual documents
vs. a self-maintained personal record granted to N parties.
self-encrypted contact storage — that's this NIP's Grant Index
receivedside, and evidence of the demand — but proposes no sharing mechanism at
all.
Reference implementations, tests, and a working client:
https://github.com/JAFairweather/nostr-scoped-data-grants
Kinds requested: 30440 (Scoped Data Set), 440 (Data Grant), 441 (Revocation
notice), 10440 (Grant Index) — unassigned at the time of this PR; happy to
renumber if there are conflicts or conventions I've missed.