Context

The W3C Linked Web Storage WG published four First Public Working Drafts of the LWS 1.0 Authentication Suite on 2026-04-23:

1. LWS 1.0 Authentication Suite: OpenID Connect
2. LWS 1.0 Authentication Suite: SAML 2.0
3. LWS 1.0 Authentication Suite: Self-signed Identity using Controlled Identifiers
4. LWS 1.0 Authentication Suite: Self-signed Identity using did:key

Status in JSS today

• 404 responses missing Accept-Patch/Accept-Put headers for PodOS compatibility #1 OpenID Connect — JSS has Solid-OIDC (DPoP) via src/auth/solid-oidc.js. Solid-OIDC is a profile of OIDC; need to read the new LWS10 OIDC draft and verify conformance / list any deltas.
• PATCH should create resources if they don't exist (Solid spec) #2 SAML 2.0 — net-new. Enterprise-flavored, not aligned with the current Solid ecosystem focus. Leave as scoped-out unless a concrete user asks.
• Bring login/registration to parity with NSS #3 CID (Controlled Identifiers) — JSS's did:nostr (src/auth/did-nostr.js) is the closest existing pattern: a key-controlled self-signed identity. CID generalizes the pattern across DID methods. A shared "self-signed identity" verifier could back both did:nostr and future CID-backed identifiers.
• Add did:nostr SSO and Schnorr (NIP-98) authentication #4 did:key — tracked in more detail in Support did:key Authentication (LWS10 Spec) #86. Structurally similar to did:nostr — an ed25519/p256/secp256k1 pubkey-based DID with self-signed JWTs. Mostly a new src/auth/did-key.js module mirroring did-nostr.js.

Suggested sequence

1. Read 404 responses missing Accept-Patch/Accept-Put headers for PodOS compatibility #1 and document any delta between current Solid-OIDC impl and the LWS10 OIDC profile.
2. Implement Add did:nostr SSO and Schnorr (NIP-98) authentication #4 via Support did:key Authentication (LWS10 Spec) #86 first (it's the most well-scoped and has the clearest analog in did:nostr).
3. Abstract a shared self-signed verifier from did:key + did:nostr implementations, then layer Bring login/registration to parity with NSS #3 CID on top.
4. Park PATCH should create resources if they don't exist (Solid spec) #2 (SAML) unless there is a specific deployment request.

Goal

JSS advertises conformance with LWS 1.0 Auth Suite once each sub-box is checked, with end-to-end tests demonstrating interop with at least one other LWS implementation per spec.

Related

• Support did:key Authentication (LWS10 Spec) #86 did:key authentication (detailed spec and plan)
• Add did:nostr SSO and Schnorr (NIP-98) authentication #4 did:nostr SSO + NIP-98 (closest existing CID analog)