Recommendations & best practices
The domain is a container of avatars, a way to "store" them. The domain name is used as a prefix of the identifier of the avatar (IRI). As an exemple, you can define your domain name like this : http://myapplicationdomain/. In that case, the avatar of that domain will be addressed by the following IRI http://myapplicationdomain/myavatar1 For more details, see Thing’in wiki https://wiki.thinginthefuture.com/#Domain%20of%20an%20avatar
The most simple way to proceed is to create a single domain for an application. All the avatars are managed in the same domain. It’s highly recommended for an application to use Thing’in existing domains. Domains are shared between the applications.
Creating several domains for your application could also be an option if you want to provide a limited view to some users. Domains allow you to limit the view of a set of avatar to certain users.
For exemple : domain_A is http://domain_X/subsetA/
Domain_B is http://domain_X/subsetB/
A user that is granted rights on domain_A can’t access nor see the avatars that are managed in domain_B.
A user that is granted rights on domain_B can’t access nor see the avatars that are managed in domain_A.
A user that is granted rights on http://domain_X/ can access all the avatars that are managed in the application domain (subsetA + subsetB).
An IRI identifies an avatar in Thing’in. An IRI can be split into 2 parts
For more details, see Thing’in wiki and $iri operator : https://wiki.thinginthefuture.com/#Avatars%20-%20Search
The recommendation is to create at least two different accounts. One account with read only access to the avatars of one or more domains. A second account with more rights ( ie : read write access on all the avatars). Access management is based on Role Based Access Control. Each user is assigned a set of roles that will allow him to perform some actions. A role is a collection of permissions that can be applied to users. A standard user has a user role. Provider role permit a user to create new avatars in Thing’in. Service-admin role has been designed for application manager in order to manage a service and its users.
For more details, see Thing’in wiki https://wiki.thinginthefuture.com/#Access%20Control