Spaces as Layers

Public anchor records paired with sidecar records in permissioned spaces give ATProtocol apps a composable pattern for blending open discoverability with controlled access.

March 25, 2026

One challenge with ATProtocol’s permissioned data model is handling records that need to be both public and private. Events are a good example. If you create a fully private event that stays in a private space, things are simple: the event record and all RSVPs remain there, and only members can see them. Each RSVP points to the events in that space, so access control is easy.

It gets more complicated when an event is partly public. For example, a conference afterparty might be announced to everyone, but the venue address and capacity are only shared with confirmed guests in a private space. The public event record and the private details each have their own AT URIs, so they are separate records in different places. This means RSVPing to the public event is not the same as RSVPing in the private space, even though both are for the same event. Users can’t just RSVP publicly if the full details are hidden, because the protocol doesn’t have a built-in way to connect those two identities.

One way to handle this is for the event organizer to use a space for the event and add extra records to it. The public event record is posted on the organizer’s PDS, while sensitive details like the afterparty address, access instructions, and capacity limits are stored as sidecar records in the event’s permissioned space. When someone’s RSVP is confirmed, the organizer gives them read-only access to the space so they can see the private details. This keeps the public event easy to find and join, while private information is only shared with the right people. The space acts as a simple container for the event’s private side, and the organizer decides who can see what.

This approach isn’t just for events. The main idea is to have a public anchor record, like an event, forum topic, discussion thread, or job posting, that anyone can find and interact with. Alongside this, there is a space for permissioned identities and sidecar records for sensitive or extra data, visible only to certain people. The anchor record stays public and can move across the network, while the sidecars are limited to spaces with controlled access. Space-aware apps can show both layers to users with the right keys, giving a smooth experience without losing access controls. This method is flexible: one anchor can link to many spaces, each designed for its own audience and context.

Subscribe to Nick's Blog

to get updates in Reader, RSS, or via Bluesky Feed

ATProtocol

permission spaces