Beaker: Spec Discussion: User identity, filesystem, object-store folders

Here's an example from the main API for "signing in" as a user:

// Request read access to the private contacts and full access to the public fritter posts
await navigator.session.request({
  resources: [{
    // Private contacts
    type: 'private:objects',
    schema: 'dat://walled.garden/contact.schema.json',
    permissions: ['read']
  }, {
    // Public fritter posts
    type: 'public:objects',
    schema: 'dat://fritter.hashbase.io/schemas/post.json',
    permissions: ['create', 'read', 'update', 'delete']
  }]
})

// Log the private contact filenames
var privContacts = navigator.session.getUrl('private:objects', 'dat://walled.garden/contact.schema.json')
var privdat = new DatArchive(privContacts.host)
console.log(await privdat.readdir(privContacts.pathname))

// Publish a new post
var pubPosts = navigator.session.getUrl('public:objects', 'dat://fritter.hashbase.io/schemas/post.json')
var pubdat = new DatArchive(pubPosts.host)
await pubdat.writeFile(`${pubPosts.pathname}/${Date.now()}.json`, JSON.stringify({
  type: 'text',
  text: 'Hello, world!'
}))

Basically what this is doing is, requesting to "login" to the user's account, and asking for access to the user's private contacts folder and public posts folder. The folders are identified by their schemas, and this example is using the hypothetical dat://walled.garden/contact.schema.json for the contacts and dat://fritter.hashbase.io/schemas/post.json for the posts.

Requesting a signin triggers this UI:

And the current signin is shown in the top right of the url bar for the given site:

I already opened issues for these, but I'll repost them here:

1. Concerns w/ Index.json – Index.json feels like the next .DS_Store
2. Consider folder extensions over Index.json types – Another way we could help distinguish between these special folders and normal folders
3. An Applications folder – A familiar alternative to the app:// scheme

It seems to me that the user identities are per site right now. I think I talked about this the last time we discussed profiles, but I think that it would be more intuitive if you had one user "signed-in" per window. I think it could be confusing to change users per tab. In the same way that modern browsers open a "guest window" or an "incognito window", I think you should open a "user window" as well. It's less to keep in your memory and less state churn while moving through the browser.

@webdesserts There's definitely an upside to that, but would it mean you're automatically "logged in" as that user when you visit other sites?

@pfrazee I would imagine that the site would still need to request permission to access your profile... so it might still act the same from the site's point of view, but the browser just wouldn't ask the user repeatedly which account they want to be signed in as. The user won't be aware of their "sign-in" status for any given site. They can just view which sites they've given profile permissions to and will occasionally see sites prompting to access their profile.

This may be something that is handled differently per browser. One browser could implement it per tab as you're suggesting, another browser could implement it per window, and something like chrome OS could have one user "signed in" for the entire computer.

Hmm, yeah that actually makes a lot of sense. You might be right about this.

Okay so here are some mockups for "window-wide" login rather than "side-wide". I had two different ideas on how the permissions-requests would work, so I mocked up both ideas.

Start page

There's a "current user" badge in the browsing chrome to the right of the URL bar.

Current user dropdown

Clicking on the badge (or on the start page's profile indicator) opens this dropdown. The two menu items ("View profile" and "Edit settings") will open those targets in new tabs, while the profile items across the bottom will create new windows logged in under those identities. The "new" item will put you into a new window with the new-user creation flow.

Site request permissions (v1)

A site that requests permissions via navigator.session.request() would get this dropdown.

The "v1" approach creates a little profile icon on the right of the URL bar. That icon persists, and lets you review the granted permissions when you click it. The icon would be a bright blue if you granted perms, and grayed out if you did not.

Site request permissions (v2)

A site that requests permissions via navigator.session.request() would get this dropdown.

The "v2" approach makes the permissions request part of the typical permissions-request flow, and attaches it to the site's "certificate icon" rather than creating a new icon in the right of the URL bar. This may fit more naturally since it's where all other permissions are requested, but it may not make the "logged in" state as obvious.

It's worth noting that the future "Web of Trust" ideas will add more detail to the "certificate," as per this mockup:

Right approach?

So, how does this overall concept feel, and how do we feel about the perms requests v1 or v2?

I like V2 best. It feels more natural and will pair well with the future "Web of Trust". Keeping everything relevant to privacy and permission in one location.

I’m with @Septimus in that I prefer V2, We already have peer count, local folder, http->dat swap, and general settings on the right side of the url bar. Probably best not to add too many actions over there.