πŸ†”Identity Overview

A little exploration of starbeam.one's Identity System

by Mike-E-angelo

There's a long-running joke with software developers about the two most difficult aspects of our field:

  1. Cache invalidation

  2. Naming things

I would posit there's a third: Identity.

In my 20+ years of experience, establishing an identity for a user in a given system is probably the most difficult part of designing a system. It is also one I tackle first when creating a new system.

Goals

For starbeam.one, I wanted to make a system that mitigated the risk of a mass bot farm being loaded up and invading the system. To me, this meant steering away from using the typical email + password system that has been around forever and has been exposed accordingly.

Problems with email + password

There are several general problems with using an email + password:

  1. The email address has value. If you hack a system and pull an email, you can use it for marketing, phishing, or selling it to the dark web.

  2. Passwords are difficult to remember and saddle your users with one more artifact to recall/manage.

  3. Most importantly, it is easy to create unlimited emails and passwords along with the accounts they represent.

Enter OAuth

Oauth is a recent-ish standard that was introduced in 2006 and introduces a much better way of identifying a user to an application. Instead of storing your username/email + password on starbeam.one, the identity is provided by another identity system -- one that the user knows and trusts -- and the user then uses this system to authorize applications with permissions to perform certain tasks on their behalf.

In order to use Oauth, an application must register itself with the referring identity provider, such as Twitter. This gives the provider a "thread" to pull in case the application is found to be non-compliant with the terms of service established by the provider.

How OAuth is Used on starbeam.one

User Identity Profile

Once you sign in with a supported identity provider, a starbeam.one user account profile is created around the information provided by the identity provider. This is a basic profile with the minimal amount of permissions required to get the following information:

  • Display Name

  • Image URL/Address

  • Description

By default, your user profile is synchronized with the first identity provider that you connect with and is refreshed each time you sign in with the associated identity provider.

Publishing Art

To publish art, a public identity with a verifiable URL is required. When publishing art on starbeam.one, you are required to be signed in under the identity you are publishing. This is a security feature and ensures that published art is done via an authenticated Oauth2 connection, one that is legitimate and valid.

Types of starbeam.one Identity

Public

A public identity is one that can be verified by a public URL/handle. This makes it easy to verify the art you purchase is from the same person you know, follow, and trust on the platform providing the identity. Because of this feature, only public identities can be used to introduce new products into starbeam.one markets.

Personal

Personal identities do not have an associated URL/handle and are therefore best suited for collectors.

User Accounts vs User Identities

When you first sign in and establish a provider identity with starbeam.one -- say, Twitter -- it creates a user account and associates the user identity with this new user account.

After the user account is created, further user identities can be associated with the user account, establishing a one-user-account-and-many-user-identities relationship. That is to say, you have one user account and many identities can be associated with this user account.

You can manage your identities at any time by visiting the following location:

User Profile

Your user profile has some key features worth mentioning and are discussed below.

User Number

Every user account created on starbeam.one has its own unique number. This number starts from #1 and increments by one every time a new account is created.

User Names (Handles)

Using Oauth doesn't mean that usernames (handles) are not used on starbeam.one. Much like the user number, handles are unique and serve as a human-friendly way to locate and identify a user within a system. They are also traditional and have an old-skool internet way of establishing identity or even a brand. Because of this, they are still supported on starbeam.one and you can update your handle here:

By default, your starbeam.one handle is the phrase starbeam.user.<number> where <number> is your starbeam.one user number. Note that the . is an unallowed character is creating a custom handle name, so once you change this handle you cannot go back. Some users like having this assigned handle as their user name, others prefer to have it similar to their Twitter handle. It is up to you how you would like to brand and identity yourself on starbeam.one.

Last updated