Project Proposal: Focus on "Trusted Apps"

[jaxoncreed]

The Trusted Apps project would deliver a recommendation to handle app management on both the authentication and .acl level.

[jaxoncreed]

I would recommend that trusted apps moves away from the idea of an "app" and focuses more on the idea of a "delegated agent" to allow for any kind of agent (app, bot, iot device, actual human) to be given the ability to access a subset of user data.

[kjetilk]

Another really important design constraint is cachability. We look up the ACL for every request and so the performance of lookup is critical. Therefore, it must be easy to design an ACL cache around this, and it isn't with the current design.

[zenomt]

proposed solution to a large chunk of this problem: #48.