P3KI is built to integrate into a wide ranging set of existing environments.
Based on NOISE cryptographic protocol
Verifies delegable authentication
Verifies precise authorization
Establishes secured and authorization-tagged communication channel
Generates short and easy to phase PIN codes using NATO alphabet spelling helper
Enables in-the-field peering with previously unknown peers
Replay protection
Precise authorization
Multi-party signatures
Translates P3KI authorization into OIDC token
Suitable for last mile access to services not natively supporting P3KI
Based on Ory Hydra project
Promote existing X.509 certificates and keys to P3KI identities
Enable cross-PKI interaction and authorization without cross-signing and additional certificate issuing
Issue authorizations with classic client/server certificates (no CA certificate needed)