Blebbit will initially resemble Discord, so all the use-cases therein for private data. Long-term the use-cases from giving users and communities the options to craft their own take on the blend of Discord, Reddit, FB Groups, etc…
For me, the ideal permission system for the protocol will be sufficiently rich enough that any app can have access to the same permissions, roles, groups, and spaces capabilities without the need to run their own permission systems and stores. There is also the Dual Write problem that would be ideal to solve at the PDS layer to avoid every app and developer having to, but I’m not sure that’s actually possible? ¯\_(ツ)_/¯
When I went to find a good permission system to use for Blebbit off-protocol, I settled on SpiceDB for a number of reasons. I’m now trying to take out off-protocol work and put it in the PDS as an experiment to inform the discussion.
I disagree that roles == groups, they are compositional in the sense that groups are collections of subjects and roles are collections of permissions, much like in oauth, but more extensive. You then bind them them in pairs across a many-to-many relationship. Spaces or folders allow for nesting these things, and where content and rpc gets authorized, and the system walks that tree too for authorization. AppViews can have lexicon for stuff like channels and threads, and define default groups and roles that make sense for their AppView.
In this sense, a “Discord App” server could be a full account or maybe there are multiple Discords under one account using nested spaces. Same for groups or communities. A space could even be a composition of apps. I would imagine though, a common pattern for “Discord Spaces” would be a 1-1 group-role relation just for the simplicity of it all. There are also companies picking Discord over Slack now, and they typically have a much richer or robust group/role setup. That is another pattern I want to support.
I just did a big refactor of my permission system, still need to untangle the nsid stuff a bit and how it can support their dynamic nature. But maybe it is still comprehensible to people without context?
working on a slide deck for my stuff, how is this one-pager for “what are spaces?”
(context, someone who already has context of what we are working towards)
OAuth is already handled by the PDS, I’m not doing anything with that directly. What I do still need to add is support for PDS-PDS proxying, like PDS-Service proxying so OAuth credentials are proxied into a token for the PDS with the spaces.
No plans for DMs in this area. I think there are three private data avenues, they’ll be built in parallel, and users will have choice in which system / experience they want. I’ll be talking about this in the full presentation.
E2EE messaging
E2EE data
Permissioned Spaces (this work)
That being said, I imagine one could use permissioned spaces for DM like content. My plan for Blebbit is to leverage the eventual E2EE DM solution for DMs. Chat room content is a bit different, still figuring it out, tends to be a lot more volume/noise/transient, want a two-way websocket ideally too. But, in theory, you can put anything into a space, including blobs and encrypted data, so lots of possibilities!
wrt OAuth, I may be asking the wrong question, or presuming something I shouldn’t. When I click the @ ATProtocol in the upper right of the blebbit.app I see the following login prompt.
I assume since it is asking for my password, it is not using OAuth (I expect OAuth to send me to a bsky.social login page?)
Update! After a long trip down the rabbit hole, I’m coming back around to polish my PDS fork (create but no delete)
Biggest change, I was able to talk shop with a core dev on the SpiceDB team.
Strategy for schema management so that apps have complete freedom to define their own resource & permission “lexicons” (domain specific, not the atproto kind, but will be defined via records/lexicon)
Should be easier to align with & migrate my POC to whatever comes out of the discussions and changes to the protocol. I’m hopeful that whatever comes to the protocol will also support being powered by SpiceDB. (ReBAC / Zanzibar | CBA / Macaroons)
* based on my opinion and best understanding of where things are headed across many conversations and public posts
