how to implement user identity within program with orbitb-db? ownership and granting/revoking writes? decentralized, no 3d-party services and no ipns?

Question

• orbitdb says it cant do it https://github.com/orbitdb/field-manual/blob/684c7a1aa427c9acfe4d73cd28d64880e072b086/01_Tutorial/06_Identity_Permission.md#on-security
• but users want to give/take writing permissions to dbs

how to implement user model without 3d-party services or ipns?

Answer 1

what to use for user identity?

• peer-id and private-key
• specifically - of ipfs node - a config json file that node generates
• running ipfs init /path/to/config allows to create same node with identity
• it is simple - no need for DIDs - it works as SSH keys

ownership

• program starts with discovery - users need to be able to discover dbs, like we can discover repos on github
• program creates a public orbitdb database anyone can write to
• users publish the dbs they want others to see to that list
• and - when the write they also write name of db
• if same name - how do we now that this db is actually from owner we expect? by peer-id
• every message on pubsub - and also orbidb write entries - have peer-id of who posted them
• so program shows name of db and peer-id of author - this way we know that that record in discovery db is exactly from that peer
• and - as long as config file with peer-id and private-key is not lost - that person owns that identity

how to add/revoke writes in orbitdb without re-creating new db with new id? without 3d party services or ipns?

• this is brilliant
• an owner - always an owner - wants to give/take permissions
• once owner creates db, program also creates a access-cotrol database - a list simply - with write permissions only to owner
• other peers clone owner's db - and program also clones access-control db
• program implements custom access-controller that reads from access-controller db and checks - is peer listed there? then they can write
• no third party anything needed - all is already done within orbitdb
• and that access controller list already decentralized and persistent and replicatable

is orbitdb id needed? is orbitb/keystore needed?

• no
• if program were to use ObritDBAccessController - where permissions are give by orbitdb id - then yes
• but it is useless - we can add or revoke
• and - as said above - the better solution is access-controll-peer-id-list-db that comes with each database
• and for that - custom access-controller is needed
• and since we have that - why would we make it use orbitdb identity when peer-id is much better - it is the identity of user, that they can persist and backup and they init ipfs from again
• one identity - ipfs node config json file with peer-id and private-key