-
Notifications
You must be signed in to change notification settings - Fork 16
Digital rights reviewer: understanding the criteria #79
Comments
referencing also #46 |
I've put together a doc with some quick sketches of how I think about authentication scoring: Apologies for my drawing skills. Re gaia, as mentioned in #58, going forward, we won't be treating apps that use gaia and in additional to 3rd party storage differently. There will only be 3 scores - uses gaia, doesn't use gaia or broken. Our goal here is to reward developers that use gaia as a place to securely store the canonical copy of the data they generate using an an app and do it in a way where the developer never has access to encryption keys. Initially, we're not going to be incredibly strict on this, but your best bet to be well-positioned for the future is to build your app in such a manner. We'd like to see gaia used by all users regardless of how they sign in. Hope that helps! |
What happens if they use Blockstack Auth incorrectly? For example, by hard-coding a redirect to browser.blockstack.org instead of using the protocol handler? |
Using Blockstack Auth incorrectly results in a broken score. |
Sounds like this is resolved. Moving to done. |
@jeffdomke yep. Thanks @larrysalibra for the clear and detailed answer 👍 |
Hi there,
We at Zinc are keen to improve our understanding and implementation of Blockstack with respect to the user’s digital rights. I have a few questions regarding the criteria of the digital rights review. Hopefully this is the right place to ask. Many thanks in advance.
Blockstack auth
GAIA
Feedback
The text was updated successfully, but these errors were encountered: