Reading that - I'm really not sure that AT Protocol has a much better story there either.
(as I understand it) the data has to live in a PDS, PDS are keyed by accounts, so you are similarly stymied for collaborative projects? I guess AT Proto is still a real work in progress so maybe that story has improved since the last time I checked it out.
> But federated authorization is one of the things ActivityPub doesn't define, and leaves it to us to figure out.
this is the key bit, atproto has this. sidecar services like knot can use service authentication[0] for authenticated requests.
[0]: https://atproto.com/guides/auth
Yeah the problems they seemed to have were over collaborative data structures with permissions. You’re right about how atproto solves that, which means you’re using CRDTs if you need to collaborate. If that’s a fit mismatch, I’d tell people to just appoint api servers which wrap a repo and provide the needed semantics.
Yeah, capability for group permissions is a key part of the work happening on permissioned data in ATproto right now.
https://dholms.leaflet.pub/3meluqcwky22a
https://dholms.leaflet.pub/3mfrsbcn2gk2a
https://dholms.leaflet.pub/3mguviy6iks2a
https://dholms.leaflet.pub/3mhj6bcqats2o