There was a question after my FediCon talk about how accounts and storage and apps interrelate.

My simplest example conceptually is that an ATProto account functions like an Apple account: you have an identity for logging in, and it has storage included, and apps can store data in your account if you give them permission. As a developer, you know every account has storage attached.

The simplified answer for how ATProto actually works is that your unique identifier in ATProto is a DID, created when you create an account.

Screenshot of atproto-browser displaying the DID Doc portion of my @bmann.ca account

Here's the DID doc for my @bmann.ca account, via atproto-browser

Your DID has an associated DID Doc that lists things like your human readable name -- aka handle like @yourname.bsky.social, or my own domain like @bmann.ca -- and what server you have delegated hosting to. Bluesky runs a bunch of PDS that are named after mushrooms, and this account is on morel.us-east.host.bsky.network.

You can look at the DID Doc for @bmannconsulting.com to see that it is on my self-hosted PDS bringyourown.computer.

In summary, your identifier is a unique DID, you have a human-readable domain name pointing at it, and you delegate actual account hosting for app records and file storage to a PDS of your choice.

Any app prompts for your handle, it looks up your PDS, redirects there for you to authenticate via OAuth, and then the app has permission to write records and upload files to your account.

As a developer, you get both auth & storage owned by your app users that you don't need to manage.