"All-in-one" authorisation

[sgwilym]

What's the problem you want solved?

Earthstar uses several layers of authorisation and authentication:

1. Identity and share keypairs
2. Read and write capabilities
3. A plaintext password used to encrypt and decrypt the items above from storage

There will be polished apps that will need to offer fine-grained interfaces to all of the above. But there is another class of home-cooked app which should be easy to author (and use), where users create modest ad-hoc applications for small audiences.

Authoring robust user interfaces for the items listed above is non-trivial. An author has to create interfaces for creating or adding keypairs, importing capabilities, and configuring the password for the Peer. This presents a high barrier for the authors of would-be home-cooked software to climb.

Is there a solution you'd like to recommend?

It may be possible to reduce the amount of work an app author has by combining several authorisation artefacts (e.g. keypairs, caps) into a single token. The app author then only needs to implement the user interface for this single token.

To provide access to the app, there could be an API for generating this token from a given set of of keypairs and caps. The token could then be transmitted to the end user.

The end user would then only need to paste a single token into the app to gain access.

This could also form the basis of a system for applications to request per-app capabilities tied to a keypair specifically created for that app.