Blebbit will initially resemble Discord, so all the use-cases therein for private data. Long-term the use-cases from giving users and communities the options to craft their own take on the blend of Discord, Reddit, FB Groups, etc…
For me, the ideal permission system for the protocol will be sufficiently rich enough that any app can have access to the same permissions, roles, groups, and spaces capabilities without the need to run their own permission systems and stores. There is also the Dual Write problem that would be ideal to solve at the PDS layer to avoid every app and developer having to, but I’m not sure that’s actually possible? ¯\_(ツ)_/¯
When I went to find a good permission system to use for Blebbit off-protocol, I settled on SpiceDB for a number of reasons. I’m now trying to take out off-protocol work and put it in the PDS as an experiment to inform the discussion.
If you want to dig into the details, checkout the Blebbit @atproto TS fork
4 Likes
I noticed this capability in Discord today, I think it represents a pattern more broadly useful
Thanks for writing this up!
I think Discord server is a special kind of instance that isn’t quite a group. This has exactly one owner.
Then, roles == groups. Permissions system is very extensive.
A channel and a thread both can have permissions, plus a few special things like voice channels and stages and such.
I disagree that roles == groups, they are compositional in the sense that groups are collections of subjects and roles are collections of permissions, much like in oauth, but more extensive. You then bind them them in pairs across a many-to-many relationship. Spaces or folders allow for nesting these things, and where content and rpc gets authorized, and the system walks that tree too for authorization. AppViews can have lexicon for stuff like channels and threads, and define default groups and roles that make sense for their AppView.
In this sense, a “Discord App” server could be a full account or maybe there are multiple Discords under one account using nested spaces. Same for groups or communities. A space could even be a composition of apps. I would imagine though, a common pattern for “Discord Spaces” would be a 1-1 group-role relation just for the simplicity of it all. There are also companies picking Discord over Slack now, and they typically have a much richer or robust group/role setup. That is another pattern I want to support.
I just did a big refactor of my permission system, still need to untangle the nsid stuff a bit and how it can support their dynamic nature. But maybe it is still comprehensible to people without context?
actually… group ?= role …you can do it both ways with the same permissions schema
or mix and match, going through a permissions consolidation process with a client and the move is from users/groups having permissions to using roles
I think generally, the 99%ers of ATProto will not want to give up features from their existing permission systems
1 Like
Created a little framework around this schema for easily simulating various use cases
(I’ll add a doc how you can build them too, will also be gather and implementing many myself)
1 Like
working on a slide deck for my stuff, how is this one-pager for “what are spaces?”
(context, someone who already has context of what we are working towards)
2 Likes
Looks interesting!
Two questions.
- Do you have any plans to support OAuth sign in?
- How are you planning to support he DM feature? (I’m looking for apps that want to experiment with my AT-SMS project)
OAuth is already handled by the PDS, I’m not doing anything with that directly. What I do still need to add is support for PDS-PDS proxying, like PDS-Service proxying so OAuth credentials are proxied into a token for the PDS with the spaces.
No plans for DMs in this area. I think there are three private data avenues, they’ll be built in parallel, and users will have choice in which system / experience they want. I’ll be talking about this in the full presentation.
- E2EE messaging
- E2EE data
- Permissioned Spaces (this work)
That being said, I imagine one could use permissioned spaces for DM like content. My plan for Blebbit is to leverage the eventual E2EE DM solution for DMs. Chat room content is a bit different, still figuring it out, tends to be a lot more volume/noise/transient, want a two-way websocket ideally too. But, in theory, you can put anything into a space, including blobs and encrypted data, so lots of possibilities!
2 Likes
wrt OAuth, I may be asking the wrong question, or presuming something I shouldn’t. When I click the @ ATProtocol in the upper right of the blebbit.app I see the following login prompt.
I assume since it is asking for my password, it is not using OAuth (I expect OAuth to send me to a bsky.social login page?)
oh, yea, that’s old code from March before I implemented OAuth for Blebbit in Authr
When I have enough of the PDS permissioned spaces implemented, I’m switching Blebbit over at which point it will get the OAuth treatment
1 Like
Link to a slide deck (still expect a few more changes)
