Create a persistent, host-app agnostic MRE register

[sorenhan]

The main purpose is

1. having a persistent app ID, which can be used for encrypting user IDs, and as a persistent reference to an MRE even if the MRE's URL changes.
2. (less important) get a list of MREs that host apps can scan through

This needs to be agnostic to the host app, so it shouldn't be tied to AltspaceVR or any other service.

[eanders-ms]

Idea: It might be economical to implement this as a GitHub repo, and host a front end for it on GitHub pages. Similar to DefinitelyTyped:

• https://github.com/DefinitelyTyped/DefinitelyTyped
• https://microsoft.github.io/TypeSearch/

[stevenvergenz]

DNS already exists as an off-the-shelf server registry. Using the server name as app ID could satisfy purpose 1 with little to no extra engineering on our part. A couple detail points about this idea:

1. Tying server name to the user data would be dangerous if the developer is unaware of the connection. If they tried to migrate to a new server, and weren't the owner of their domain name (i.e. using default DNS like Azure provides), they would invalidate the database.
2. To prevent 1, we could automatically deny the user tracking permission if the client detects that the app is on a shared domain. This could be done either by a deny list (don't recommend this), or by requiring a DNS TXT record on the domain, which proves that the app owner is the domain owner, and can point it at a new server if the need arises.
3. Backward compatibility could be an issue here, since persistent user IDs are currently keyed to an Altspace registration ID. Perhaps the TXT record in 2 could contain an alternate salt for user IDs, which the client could use instead of the server name if provided.
4. This scheme would require the MRE developer to own a domain name, which is not free. If they didn't want to do that, they could always use a different registry instead, though the host app would have to know where and how to look up the app ID from that registry.

Pros vs. an MRE-only registry:

• Decentralized - Anyone can get persistent user IDs without interacting with Microsoft systems at all.

Cons:

• .NET does not have a DNS record lookup API, so a new dependency would need to be added for Unity host implementations.