The right location for a new app's data?

Given that my browser based web-app has loaded the user’s profile document and read the value of pim:storage, which yields the root of my POD … where should my app then store it’s data and what should it do to protect the data from other web-apps?


  • My web-app registers my pets and store data about each pet in it’s own document in a dedicated my-pets container.

  • My web-app lives at which thus also happens to be the value of the Origin header the browser is going to send to my POD server.

Where should the my-pets container be located? Should it be or or what is the right “best practice” recommended location?

Data discovery by the user’s type registry is not going to work since this a new web-app and nobody has ever had a chance to make a registration.

The location should be private by default (protected from other users) and restricted to requests from only. What should my web-app do to ensure this?

Thanks, Jørn


I’ve had a couple of discussions with a lot of interesting people (se Demo app - RC flight logger and and come to these conclusions, at least about the location of data:

  • The application data is your data - not any specific app’s. For that reason the app-name should not be part of the URL.

  • The application state, preferences, currently selected item, sorting order and so on, is specific for the app and should have a URL that includes the app’s name.

  • The /public container name is misleading - you can put both private and public data there and control it with access control lists. I suggest using a more generic name. See

  • DIfferent people want different structures for their data. The container structure is hierarchical and its impossible to find a structure that suits everybody. So let the user choose their own location.

  • Do check the type registry for a location first. See

  • If there is nothing in the type registry then select a suitable default location and let the user change it. Then register the user’s choice in the type registry.

  • Personally I suggest using /user/... for user data in general, something like /user/photos or /user/my-pets. But some people will prefer the root for user data if they think of their data as “important”. Myself, for instance, I use /rc-data for data about my radio controlled aircrafts.

  • Use /app/... for app-specific state data, something like /app/wonder-notes or /app/mega-slideshow.