Closed geeogi closed 5 years ago
referencing also #46
@larrysalibra
I've put together a doc with some quick sketches of how I think about authentication scoring:
Apologies for my drawing skills.
Re gaia, as mentioned in #58, going forward, we won't be treating apps that use gaia and in additional to 3rd party storage differently. There will only be 3 scores - uses gaia, doesn't use gaia or broken.
Our goal here is to reward developers that use gaia as a place to securely store the canonical copy of the data they generate using an an app and do it in a way where the developer never has access to encryption keys.
Initially, we're not going to be incredibly strict on this, but your best bet to be well-positioned for the future is to build your app in such a manner.
We'd like to see gaia used by all users regardless of how they sign in.
Hope that helps!
What happens if they use Blockstack Auth incorrectly? For example, by hard-coding a redirect to browser.blockstack.org instead of using the protocol handler?
What happens if they use Blockstack Auth incorrectly? For example, by hard-coding a redirect to browser.blockstack.org instead of using the protocol handler?
Using Blockstack Auth incorrectly results in a broken score.
Sounds like this is resolved. Moving to done.
@jeffdomke yep. Thanks @larrysalibra for the clear and detailed answer 👍
Hi there,
We at Zinc are keen to improve our understanding and implementation of Blockstack with respect to the user’s digital rights. I have a few questions regarding the criteria of the digital rights review. Hopefully this is the right place to ask. Many thanks in advance.
Blockstack auth
GAIA
Feedback