Where is the user profile stored?
It’s stored in a Gaia hub. The specific URL is anchored to the Bitcoin blockchain by a hash. You can see the URL in the
zonefile key in the object returned from the
/v1/names endpoint on core.blockstack.org:
$ curl https://core.blockstack.org/v1/names/judecnelson.id
"zonefile": "$ORIGIN judecnelson.id\n$TTL 3600\n_http._tcp URI 10 1 \"https://gaia.blockstack.org/hub/15gxXgJyT5tM5A4Cbx99nwccynHYsBouzr/0/profile.json\"\n",
zonefile_hash is the hash160 of the
zonefile, and is written to the blockchain on name registration)
Who has access to modify it?
Only you can modify it. The signature on your profile is checked against the public key address that owns the name’s blockchain. In this example, only the owner of the private key for
15gxXgJyT5tM5A4Cbx99nwccynHYsBouzr can generate a valid profile.
Do I need to create a separate profile for my dapp?
Only if you intend for your dapp to have a Blockstack ID and profile that other non-dapp users can read. For example, if you want the dapp profile to show up in the Blockstack explorer, the profile object itself needs to be a JWT signed by the private key that owns your dapp’s Blockstack ID. The profile JWT’s payload needs to include a URL to an avatar image and list of zero or more social media verifications. There’s a description of what this JWT is expected to look like here.
is the concept of a global file for attestations that is appendable by many apps is feasible?
Can you describe more about what you’re trying to build? It’s possible today to create a materialized view of a global file appended to by many different apps, but the individual attestations may live in each app’s (or each user’s) Gaia hubs.