You need:
1. a key (either a deterministically derived child, or just the master depending on the privacy required)
2. a process for receiving something to sign from Service
3. a process for transmitting the signature to Service

Seems like (2) and (3) should probably just use a relay that the Service suggests when giving you something to sign, perhaps reusing encrypted messaging/DMs.  

k00b

SN release: slashtags auth

Great to see auth working!

We've not yet implemented auth in nostr

Did you learn anything that could help us sketch together a design?