I would be super interested in JWT-style access/refresh tokens. I only have the ‘old web’ as a reference. I want to make SaaS-possible (maybe not a good name…) with Holo, and this could result in hybrid-solutions like analytics/disqus/feedback/rating/chat/customer-service-widgets and probably loads more.

I think Google Analytics is a good reference. You register your domain > include JS > server/dna generates JS > Does a bunch of checks (UUID/IP/Domain?) > inject on domain/page > checks domain (?) > returns JWT and refresh token (super short TTL).

Haven’t looked into the above for a while, but it is the gist. Semi-secure…

I wonder if this would be possible with my limited understanding. How can ‘grandma’ register on a distributed facebook through Holo and have an access/refresh/capability-token to write to her source chain/DHT from the public space?