friedger
commented
5 years ago referencing also #46
Closed geeogi closed 5 years ago
friedger
commented
5 years ago referencing also #46
xanbots
commented
5 years ago @larrysalibra
larrysalibra
commented
5 years ago I've put together a doc with some quick sketches of how I think about authentication scoring:
Apologies for my drawing skills.
Re gaia, as mentioned in #58, going forward, we won't be treating apps that use gaia and in additional to 3rd party storage differently. There will only be 3 scores - uses gaia, doesn't use gaia or broken.
Our goal here is to reward developers that use gaia as a place to securely store the canonical copy of the data they generate using an an app and do it in a way where the developer never has access to encryption keys.
Initially, we're not going to be incredibly strict on this, but your best bet to be well-positioned for the future is to build your app in such a manner.
We'd like to see gaia used by all users regardless of how they sign in.
Hope that helps!
jcnelson
commented
5 years ago What happens if they use Blockstack Auth incorrectly? For example, by hard-coding a redirect to browser.blockstack.org instead of using the protocol handler?
larrysalibra
commented
5 years ago What happens if they use Blockstack Auth incorrectly? For example, by hard-coding a redirect to browser.blockstack.org instead of using the protocol handler?
Using Blockstack Auth incorrectly results in a broken score.
stackatron
commented
5 years ago Sounds like this is resolved. Moving to done.
geeogi
commented
5 years ago @jeffdomke yep. Thanks @larrysalibra for the clear and detailed answer 👍
Hi there,
We at Zinc are keen to improve our understanding and implementation of Blockstack with respect to the user’s digital rights. I have a few questions regarding the criteria of the digital rights review. Hopefully this is the right place to ask. Many thanks in advance.
Blockstack auth
GAIA
Feedback