Kliento is a workload authentication protocol that brings the concept of Kubernetes- and GCP-style "service accounts" to the whole Internet in a vendor-neutral and decentralised way.<p>It uses DNSSEC to embed the full chain of trust in the credentials, so servers won't have to query external systems during verification. Think of them as short-lived JWTs that can be verified entirely offline by the server. This means that there are no long-lived secrets to protect, or public keys to configure or retrieve during verification.<p>We built the underlying technology, VeraId, for humanitarian purposes, but we lost the funding due to the recent foreign aid cuts. VeraId has been independently audited <<a href="https://veraid.net/about/#security-audit" rel="nofollow">https://veraid.net/about/#security-audit</a>> and has an Internet-Draft: <<a href="https://datatracker.ietf.org/doc/html/draft-narea-domainauth-00" rel="nofollow">https://datatracker.ietf.org/doc/html/draft-narea-domainauth...</a>>.<p>I'm trying to figure out if I should continue to invest in this technology, so any feedback -- whether positive, negative or neutral -- will be much appreciated! Having worked at Auth0, I believe this could drastically simplify things on the client and server sides, but there's still a lot to do to realise that full potential and I'd like to gauge the extent to which folks might want to try it.