nip-07 and #nip98 are slightly…
nip-07 and #nip98 are slightly different
There is a clean separation here between identification (who am i?) and authentication (verify who I am)
Why is it important? Identification with nip-07 can happen with complete privacy (no other system does this). And then the app can give you a logged in version. A read only experience.
When you want to write to the web, and create user generated content, you need something more than nip-07 and that's where NIP-98 comes in. It sends a signed header to the server proving who you are.
In that way the server knows to trust the content sent to it. passport-nostr lets any node server verify this header. This is also cleaner than JWT etc. because it doesnt mess with the query strings like when we had sessionIds in the 90s.
It's a good clean modular system, that scales, and is extensible. No one else has anything like this.