Cross-Site Signing
Problem Solution In the original window where the comment draft exists, there is an iframe which has loaded the identity provider hyper.media/hm/embed/auth. Internally it is polling the indexeddb for the containing origin's abilities. When they change, they are and communicated via postmessage so the publisher knows what sort of content can be signed in the iframe. When the comment is submitted, air.com passes in the unsigned comment blob to the identity provider iframe (again, via postmessage). The identity provider iframe will make sure the ability is present and valid. Then will sign it. It will pass the signed comment back to the air.com who requested it. At this point the signed comment needs to be saved to at least one server, and it can be sent to air.com or hyper.media, or both, whoever is willing to distribute it. For now, air.com will be the one responsible for saving and distributing the comment blob, which will result in a good UX because the comments will be refetched after saving to show the user the comment they just created. Why this is Secure Concerns
