Shared Public Ids

My current understanding of how public ids works and will work is that basically a public id is like a domain name, but can also be used as a username for apps, containing a profile.

As a user, you can create many public ids connected to your account that you can use for websites, as “email” addresses etc.

What I see a need for is shared public ids.

Most companies have shared email addresses for taking orders, support or whatever.

Also how do you work multiple people together on a website?

Now when I use the Web Hosting Manager I see the option to create a public id.

If I create a public id and I also want my colleague to be able to edit or create services under that public id, I don’t see how to do that at the moment. Shouldn’t this be built into the Web Hosting Manager?

Perhaps the account that first creates a public id could be the owner of that public id and could then provide read or write access as needed to other accounts, but should also have the option to pull the access, for example if an employee quits and shouldn’t be able to update a company’s website anymore.


I love when you post because I get to learn something.

You picked up on a good point. Several weeks ago we found the limitation of not being able operate on mutable data structures between applications, so there’s a discussion going on about how best to allow applications to ask for authorization to mutate an MD.

What you are asking for, I’d like to experiment with in our current implementation.
I’m wondering if I could have you pass me a public signing key,, create a permission-set based on your signing key, and then add that permissions-set to our MD that we want to share


Aren’t MDs going to have multiple owners available (at the moment its set to one)

This would solve the issue so that you could have 1 of many IDs needed to operate on the MD or you could have M of N owners required.

This was the intention from the SD days. I can remember David saying that MDs at the moment have only one owner but will have multiple before launch.

The advantage of this is that if you have one of the owners leave the group then you can remove their ID from the owners field. But if you share IDs then its a lot more messy


Isn’t basically an owner just someone who has permission to change the permission of others? I’m not 100% sure of this though, there’s a ManagePermissions permission you can set and then in the RFC it says owners are allowed to mutate permissions, so I’m not exactly sure what’s the difference between adding a ManagePermissions permission and adding an owner.

If you want someone to just have read or write access, without wanting them to be an admin/owner, I would think you’d just want to share instead.

hunterlester said shared MDs is on the way now anyways and a public id should basically be an MD with typetag 15001 I think.


Yes, he did say that. Additionally, current MutableData layout allows multiple owners and there is a comment in the code that confirms this:

    /// Contains a set of owners which are allowed to mutate permissions.
    /// Currently limited to one owner to disallow multisig.
    owners: BTreeSet<PublicKey>,

All these elements are hints that one-day multi ownership will be implemented. But the problem is that without any signatures in the data object itself, I don’t see how this can be done.

Right now, the vaults can check that the issuer of the PUT is the owner and there are no more signatures than the ones needed to send messages. But I haven’t the faintest idea on how this could be extended to several owners, possibly managed by distinct client managers.


Maybe something like this:

Ed25519 use Schnorr signatures so is possible to combine different signatures in one. Of course we must resolve the procedure of multisigning.

I like this idea but may I amend it to have joint ownership of a file or files by two public IDs, kind of like how Google Docs works. Because if you have shared public IDs what happens when you want to revoke access to one or more users? Or what happens when you want to transfer ownership of a file from a joint account to a single account or a different joint account? Say the business dies but you want to keep the data in a personal account or a new business account. Or say you had a joint account with your spouse (some couples have joint bank and email accounts, I imagine they have trust issues) so what happens after they divorce? What happens when your busines partner screws you over? Seperation must also be considered along with joining.

So perhaps a better idea would be to create a public ID or piece of mutable data which is a place holder for two or more OTHER public IDs, a container of ownership privileges so to speak. In fact if you read up on the bitlaw thread I actually came up with something similar to this when we were discusing how to develop polycentric law.

I think this is more or less what the owner field discussed in one of the other posts would do.