The Permissions spec allows more granular permissions to be defined via OAuth scopes. Unauthorized writes are already handled at the PDS level, but I'd like to add guards for rpc permissions.
We should also add support for permission-set lexicons as part of this work.
Extra cool - add tools for dynamically building permission sets. For example, have procedure-type lexicons track what further permissions they require (e.g. xrpc.procedure("xyz.statusphere.setStatus", {}) requires rpc:xyz.statusphere.setStatus). Even better would be a dynamic permission set builder in the dashboard that allows the user to add lexicons and have a permission-set compiled from the prerequisites for each procedure-type lexicon. Combining this with #10 would be incredibly powerful, allowing admins to dynamically define permissions sets that are automatically updated when a procedure's script changes and keeping those permission sets sync'd to the network.
The Permissions spec allows more granular permissions to be defined via OAuth scopes. Unauthorized writes are already handled at the PDS level, but I'd like to add guards for
rpcpermissions.We should also add support for
permission-setlexicons as part of this work.Extra cool - add tools for dynamically building permission sets. For example, have
procedure-type lexicons track what further permissions they require (e.g.xrpc.procedure("xyz.statusphere.setStatus", {})requiresrpc:xyz.statusphere.setStatus). Even better would be a dynamic permission set builder in the dashboard that allows the user to add lexicons and have apermission-setcompiled from the prerequisites for eachprocedure-type lexicon. Combining this with #10 would be incredibly powerful, allowing admins to dynamically define permissions sets that are automatically updated when a procedure's script changes and keeping those permission sets sync'd to the network.