I think that from first principles you are maybe correct and we should maybe change it, just sharing history and that it has gone through iteration previously

as a seattlite and unicode appreciator, can't believe I didn't know about 🇱🇸

verifies signatures and binary structures so you don't need to juggle keys and CBOR. it's a cool tool, but you also don't *need* to use it specifically. we hope the same "offload" can be handled by tools like @slices.network@bsky.brid.gy

I think the place something like this would live is in a "big complex" version of the OAuth implementation guide OAuth Client Implementation | ...

... though SDK *writers* and folks doing things from scratch sure do. I know I've had friction with all the various endpoints. one issue is that the underlying protocol (OAuth) is pretty flexible and doesn't map to a locked-down OpenAPI schema (for example)

everybody should be able to get through their day safely without faustian privacy bargains and barrages of targeted ads and adversarial slop

it's also something i'd personally be interested in noodling on early next year. either as an exemplar side project, or could embed in the design process of another team (eg, collaborate with you on it)

basically I think this is the way forward but it is a bit complex and unaccessible to devs coming to in AT projects for the first time, because there isn't a role model project they can study/copy. I'm confident that you and the blacksky team can do it!

@laurenshof.online reading your most recent newsletter and thinking about Paul Otlet. recommend this book on early info cataloging and internationalist efforts if you haven't seen it; @robin.berjon.com@bsky.brid.gy you might like it also Cataloging the World » Paul Ot...

looking for feedback on these proposed permission sets for app.bsky.*, chat.bsky.*, and tools.ozone.* Early Permission Sets · bluesk...