Token Binding Protocol Negotiation TLS Extension support for Java 8
Qiuth transforms standard bearer API keys into proof-of-possession tokens, using multi-factor security layers like IP validation, TOTP, and certificate validation to prevent unauthorized access even if your key is leaked.
Token Binding Protocol Negotiation TLS Extension support for Java 10
Token Binding for Java: a library for processing/validating as well as creating/signing Token Binding message structures.
Token Binding Protocol Negotiation TLS Extension support for Java 9
Zero-Trust architecture for internal APIs: mutual TLS, JWT, and RFC 8705 certificate-bound (proof-of-possession) access tokens. FastAPI reference implementation with a central PDP, a vulnerable bearer baseline, attack demos and benchmarks.
An example API using Mutual TLS and Certificate-Bound Access Tokens (RFC8705)
Go framework for zero-knowledge login and sender-constrained access tokens. Implements interactive Schnorr ZK auth, short-lived JWTs bound to client DPoP keys (cnf.jkt), and ready-to-use middleware for DPoP + JWT verification. Includes reference auth server and demo API.
An API gateway plugin for verifying Certificate-Bound Access Tokens (RFC8705)
Browser-based BLS12-381 pairing cryptography — bilinear pairing explainer, BLS signature sign/verify with real @noble/curves arithmetic, signature aggregation visualizer (up to 100 signers → 1 proof), and rogue key attack demo. Powers Ethereum 2.0 and Zcash. Part of crypto-lab.
Proof of concept for Demonstrating Proof-of-Possession
Demonstration of Proof-of-Possession at the Application Layer study
A zero-dependency, production-ready Identity Provider (IdP) architectural simulation in TypeScript. Implements automated asymmetric key rotation, cryptographically bound access tokens via Demonstrating Proof-of-Possession (DPoP) standards, and an append-only Merkle Tree ledger to completely eliminate token theft, modification, and replay attacks.
Scenario: You have services running on customer networks that must connect to you securely. Uses JWT, HTTP Signatures, MicroProfile, Tribestream API Gateway
Add a description, image, and links to the proof-of-possession topic page so that developers can more easily learn about it.
To associate your repository with the proof-of-possession topic, visit your repo's landing page and select "manage topics."