The biggest complaint that I’ve heard about the permissioned data protocol design is that it feels like a totally separate thing from the existing public broadcast protocol. While many of the things that differentiate it (spaces, the repo data structure, the signature algo) I believe are critical to the overall design, using a separate uri scheme is not.
I’ve been wrestling with this one for a while now. But I’m currently leaning fairly strongly toward keeping the same at:// uri scheme as the public broadcast protocol.
My biggest problem is honestly narrative/branding. This might sound like a silly thing to focus on in protocol design, but I actually think it’s quite important and is where the worries of it feeling like a separate thing is coming from. Atproto, or “the atmosphere”, is supposed to be “the universal data network”. But in introducing a new URI scheme we’re kinda splintering the data space. Practically, this might not be the case (many things overlap & apps can easily use data from both protocols). But it still just doesn’t feel quite right to me. The at-uri is one of the Big Ideas of atproto. I think it’d be really unfortunate to dilute that idea.
I hope that by using the same scheme, it makes it clear that these two data protocols are ultimately part of the same system.
On a more practical note, uniting under one uri format makes more sense in the context of lexicons. I don’t think you want to have to redefine every lexicon for permissioned vs public use cases. And differentiating between possible sub formats like at-uri-public and at-uri-space in the event of wanting one in particular, (both subsets of the more generally used at-uri) seems more straight forward to me than defining a new space-uri format and having to fall back to uri when you want either.
So without further ado, my new proposal for the permissioned data uri structure is the following:
at://{spaceDid}/space/{spaceType}/{skey}/{authorDid}/{coll}/{rkey}
You’ll note it looks basically the same as the previous proposal except that there is one new segment, the literal space right after the space authority. This is clearly differentiable from the current common first path segment in at-uris which is an NSID and thus always has at least two .s in it. This pattern also opens up the possibility for identifying other atproto resources through at-uris, including labels and blobs.
This proposal goes against my previous argument in diary 5.
I gave three reasons:
-
- The resolution mechanism is pretty different for permissioned vs public data. Since URI resolution is informed by the scheme, we think it makes sense that the scheme is different.
- There are light security implications to the different URI formats. Permissioned data URIs should essentially never be viewed outside of the perimeter of their space. Bumping into one of these in the wild should look & feel different from a public URI.
- There is now a working group for AT Protocol at the IETF. One part of the charter is describing a URI scheme for the protocol. As we’re not (yet!) specifying the permissioned data protocol at the IETF, we want to avoid mixing up URI semantics with the working group’s work.
My current argument against the first is that at:// does not actually specify a sync mechanism. It identifies a piece of content in a data space. You could receive an atproto record on a thumbdrive and it may still be verified as “authentic”. In this sense, the resolution mechanism isn’t the most important thing. While the sync mechanisms vary between the public & permissioned protocols, the data space remains the same, and thus they should share a uri scheme.
I think the security implications are handled by the fact that permissioned data uris are much longer. That is a much simpler visual distinction than an extra letter in the scheme. I think this was always the weakest point, and I think the uri scheme is the wrong place to litigate this.
And on the IETF working group for atproto, I’ve had a couple of conversations with folks with much more experience at the IETF than I have that suggest this isn’t a big thing we should worry about. The IETF process, in some sense, is designed to handle exactly this. Companies do things with technologies in ecosystems, and as patterns emerge, they get specified through consensus at the IETF. There is some risk that the working group specifies a URI that breaks our permissioned data URIs. However that risk already exists for public data as well.
So let me know your thoughts!
In the mean time, I think I’ll probably update the proposal. Even if it’s in the proposal, it’s not set in stone yet. The proposal is just meant to capture the most up to date thoughts of where our heads are at.