We are currently working on the details, but we want to make a log-in once system, even for desktop apps. So the user logs into the SAFE launcher with a password, and then selects from a list of identities (or creates a new one) when launching an app. The SAFE launcher then passes information about the identity the user selected, so that each SAFE app launches can began “doing work”, without requesting a password from the user. A similar process would be done in Android and iOS, but the details are likely to differ slightly.
The primary goal is to reduce accidental (bugs, etc.) exposure of sensitive data (SAFE password, and other identities) through process separation. Initially users WILL have to remain vigilante that an app could steal credentials intended for another app. This is difficult to stop if a user runs multiple applications under the same local OS account, any mechanism we use to pass data from SAFE launcher to app can be seen by apps with the same privileges. Its the same problem that running local apps with oAuth have. Saavy users will be able to run as different local OS accounts (hopefully someone will have time to write a how-to on this). Long-term it would be nice to launch the apps in a container (which is currently only possible in *BSD and Linux systems), so that applications are even further restricted in what they are allowed to do. This is nearing on the SAFE-OS dream a few people have had, which would be nice for less technically saavy users.
This has not been something we considered. Since everything is open source, you can obviously create a unique login system just for your application. However, incorporating this into the existing SAFE launcher is likely ideal. How would a user in this situation login, with a fingerprint?