Skip to content
This repository has been archived by the owner on Aug 1, 2023. It is now read-only.

Digital rights reviewer: understanding the criteria #79

Closed
5 of 6 tasks
geeogi opened this issue Mar 22, 2019 · 7 comments
Closed
5 of 6 tasks

Digital rights reviewer: understanding the criteria #79

geeogi opened this issue Mar 22, 2019 · 7 comments
Assignees
@larrysalibra

Comments

@geeogi
Copy link

geeogi commented Mar 22, 2019
edited
Loading

Hi there,

We at Zinc are keen to improve our understanding and implementation of Blockstack with respect to the user’s digital rights. I have a few questions regarding the criteria of the digital rights review. Hopefully this is the right place to ask. Many thanks in advance.

Blockstack auth

  • Does the blockstack auth in our app need to be compatible with all browsers? If not, which ones?
  • When Blockstack auth is offered as one of many options, what exactly differentiates between "secondary", "equal" and "primary" importance?

See PDF: Auth.Scoring.pdf

GAIA

  • To score 4/4, must GAIA be the sole storage for all users? Or just for those who authenticate with Blockstack?
  • To score 2/4, must GAIA be used for all users? Or just for those who authenticate with Blockstack?
  • To score 2/4, can GAIA be used in a write-only manner on the app?

See: #79 (comment)

Feedback

  • Is feedback offered on "broken" scores?

Feedback was given via comment in this thread: #60
@geeogi geeogi changed the title Digital rights reviewer: understanding criteria Digital rights reviewer: understanding the criteria Mar 22, 2019
@friedger
Copy link
Contributor

referencing also #46

@xanbots
Copy link
Contributor

xanbots commented Mar 26, 2019

@larrysalibra

@larrysalibra
Copy link

larrysalibra commented Mar 28, 2019
edited
Loading

I've put together a doc with some quick sketches of how I think about authentication scoring:

Auth Scoring.pdf

Apologies for my drawing skills.

Re gaia, as mentioned in #58, going forward, we won't be treating apps that use gaia and in additional to 3rd party storage differently. There will only be 3 scores - uses gaia, doesn't use gaia or broken.

Our goal here is to reward developers that use gaia as a place to securely store the canonical copy of the data they generate using an an app and do it in a way where the developer never has access to encryption keys.

Initially, we're not going to be incredibly strict on this, but your best bet to be well-positioned for the future is to build your app in such a manner.

We'd like to see gaia used by all users regardless of how they sign in.

Hope that helps!

@GinaAbrams GinaAbrams mentioned this issue Mar 28, 2019
Closed
@jcnelson
Copy link

What happens if they use Blockstack Auth incorrectly? For example, by hard-coding a redirect to browser.blockstack.org instead of using the protocol handler?

@larrysalibra
Copy link

What happens if they use Blockstack Auth incorrectly? For example, by hard-coding a redirect to browser.blockstack.org instead of using the protocol handler?

Using Blockstack Auth incorrectly results in a broken score.

@stackatron
Copy link

Sounds like this is resolved. Moving to done.

@geeogi
Copy link
Author

geeogi commented Apr 5, 2019

@jeffdomke yep. Thanks @larrysalibra for the clear and detailed answer 👍

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@larrysalibra larrysalibra

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jcnelson @larrysalibra @stackatron @friedger @GinaAbrams @xanbots @geeogi