Clarify requirement "Blockstack Auth" #100
Comments
@friedger auth is tested on all apps by NIL. If NIL tester can't login, the app is ineligible for App Mining.
My understanding is that this is already covered.
Can you be a little more exact. You're suggesting a new reviewer or that NIL should also review these pages? And can you please make this test a bit more binary? How would the tester test this? |
@jeffdomke This issue is about clarifying what it means to include blockstack auth, as required by the rules. My understanding is that NIL test whether auth works, not whether auth is used in a sufficient way (because there is no clear definition of what sufficient means) Possible tests (where numbers are random):
|
@larrysalibra please decide if this makes sense and is a relevant change to how you review. |
It would actually be helpful for us as a reviewer to have apps submit a statement when they register their apps as to if/how they use blockstack auth and gaia. We end up having to guess how they use gaia and then email to double check if we find that they're not using that we've missed something. This wouldn't need to be public to help us. Requiring this to be explained on the app's marketing website is interesting. Would like to hear what others think.
Gladys is the only app that I've come across that uses optional modules and our position has been that Blockstack needs to be enabled by default for users.
|
Re optional modules, OI ConvertCSV (and OI Shopping List) follow a similar
concept, and the early version of Blockcred as well.
It would be good to give more guidelines around this topic.
…On Tue, 21 May 2019, 17:34 Larry Salibra, ***@***.***> wrote:
require a description how blockstack is used in the app
either on the product page (e.g. used for product hunt) or
on the page/screen when logged out
It would actually be helpful for us as a reviewer to have apps submit a
statement when they register their apps as to if/how they use blockstack
auth and gaia. We end up having to guess how they use gaia and then email
to double check if we find that they're not using that we've missed
something. This wouldn't need to be public to help us.
Requiring this to be explained on the app's marketing website is
interesting. Would like to hear what others think.
Some apps use Blockstack only in optional modules, some don't
Some apps require additional steps like configuration or installation of
other apps before users can sign in with Blockstack, some don't
Gladys is the only app that I've come across that uses optional modules
and our position has been that Blockstack needs to be enabled by default
for users.
Some apps do not work at all when the user is not logged in, some do.
Not having to sign in seems to be great for users. If some of an app is
usable without identity, this seems pro-user privacy/usability to me.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#100>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AALBYWNXC2H2GLCWQKTHE4LPWQJBFANCNFSM4HJQDFYA>
.
|
@friedger The vast majority of apps use Blockstack Auth without requiring additional screens or steps. I don't think this gives us a lot of benefit at the moment. We can always look at this again in the future. @jeffdomke can you close this issue? |
@larrysalibra I am working on opencollective/opencollective#1749 and there is a discussion about how prominent blockstack login should be. The argument for hiding is that it is an experimental feature... |
@hstove This needs more attention as there is a decision on the forum by the team that using simple id is not eligible: https://forum.blockstack.org/t/simple-id-easier-blockstack-feature-survey/8476/22 The reasons for the decision should be reflected in an update of this issue and the rules in general! |
There are more apps now that do work in principle without using blockstack auth
|
Duplicate to #137 |
What is the problem you are seeing? Please describe.
Registered apps using Blockstack Auth in different ways:
The criteria for entering the app mining program are not defined clearly enough.
How is this problem misaligned with goals of app mining?
This could encourage development of apps that do not require blockstack auth at all or only for a small set of features.
What is the explicit recommendation you’re looking to propose?
Add the following requirements:
This encourages development of apps where identity plays an important role.
** Describe your long term considerations in proposing this change. Please include the ways you can predict this recommendation could go wrong and possible ways mitigate.**
A more clear definition of the requirement will focus efforts on improving registered apps rather than arguing about eligibility.
Additional context
#70
#7
The text was updated successfully, but these errors were encountered: