User identification - jhhl/AUMI-Together GitHub Wiki

User Identification

There are several approaches to using AUMI Together:

  • Single Use, internet. Internet services include access to more instruments and setups.
  • Single Use, no internet. setups and instruments user are only the ones cached or "built in".
  • Group use, internet. Users must be authenticated with the server, admin level users manage the AUMIT sessions.
  • Group use, no internet. There may be a way to use Bluetooth to send setups and instruments between browsers the way GameKit does on the iOS version.

User identity may be a roll-my-own version or leverage identity that's needed from third party conferencing services.

When used independently, there's no need for a User to identify themself. AUMI Together may use cookies to preserve the previous session, but that would not be associated with a user, but rather a browser session. Setup objects may be snapshotted and named and tagged for session use and sharing.

User groups

A user identity is always associated with group, rather like POSIX filesystem groups. Access to sessions is maintained in a similar way. User access to sessions is conceived as a micro group of the user and one or more admins.

A user need not use any real world identifying information as part of their identity.

When an AUMI Together session is created for group use by an admin, it should create an invitation with a unique code to identify the session. These invitations (URLs) are sent out in an out-of-band way, through email, text, or calendar. While it'd be nice to be able to bookmark them, there should be a way to only authorize a user's access to a session for particular sessions. Perhaps the Session Waiting Room would be the best way.

User groups may sit as an enhancement, organizing other conferencing API identity protocols. That is, you use your Zoom or Jitsi Meet Id, but only under the covers from your AUMI Together id, and that would be associated with your AUMI Together Id.

Security

The User's browser IP address and User Agent information may be examined for credibility. That test must happen on the Authentication server.