Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scope needs to be tightly defined with narrow focus #9

Closed
csarven opened this issue Mar 22, 2023 · 4 comments · Fixed by #38
Closed

Scope needs to be tightly defined with narrow focus #9

csarven opened this issue Mar 22, 2023 · 4 comments · Fixed by #38

Comments

@csarven
Copy link
Member

csarven commented Mar 22, 2023

Recommend a set of practices needed for data security for Solid Pods, and for both server and client software, including use of appropriate authentication, authorization, verification, identity, and other standards, integrating existing outside efforts.

This is too broad. It is also suggesting best practises and/or guidelines on works that are still under development or have not even been incubated in the CG. Moreover, recommending BPs on components that are at the same time deemed to be out of scope for the WG.

Recommend a set of protocol behaviors and best practices to request and grant access to data stored in Solid Pods.

Define a protocol for state synchronization regarding changes to resources in Solid pods.

Noting again that most of this is not incubated or has sufficient implementation feedback.
@melvincarvalho
Copy link
Member

melvincarvalho commented Mar 28, 2023
edited
Loading

Define a protocol for state synchronization regarding changes to resources in Solid pods.

Agree with @csarven re: this item, which may significantly increase the workload for the WG.

@csarven csarven mentioned this issue Mar 30, 2023
Closed
@elf-pavlik
Copy link
Member

I think those might be good examples of what this bullet point might aim to cover.

I don't think we still have crystal clear the dependency structure between all the specs and where each requirement and security consideration belongs. Possibly some details might need to be captured as WG Note until a proper specification can be worked on.

@csarven csarven mentioned this issue May 8, 2023
Closed
@kaefer3000
Copy link

kaefer3000 commented May 11, 2023
edited
Loading

Section 2 "Scope" rightly talks about many different ends (authentication, security, state synchronisation, ...) that the Solid Protocol should achieve. Section 2 mentions one specific means to achieve an end (authentication), the technology OpenID Connect. OIDC may be a good choice to achieve authentication, but this looks imbalanced.

Therefore, I propose to remove the mention of OIDC from 2. Scope.

(copied from #29 as per request of @csarven such that #29 can be closed.)

@pchampin
Copy link
Collaborator

I believe that #34 mostly addressed the concerned raised in this issue. @csarven ?

@csarven csarven mentioned this issue May 29, 2023
Closed
csarven added a commit that referenced this issue Jun 5, 2023
@csarven
Revise scpoe and out-of-scope
6ccbb1e 
Resolves #9 based on feedback in issue and agreement in https://github.com/solid/specification/blob/main/meetings/2023-05-31.md#scope-needs-to-be-tightly-defined-with-narrow-focus
@csarven csarven mentioned this issue Jun 5, 2023
Merged
pchampin pushed a commit that referenced this issue Jun 13, 2023
@csarven @pchampin
Revise scpoe and out-of-scope
0005adb 
Resolves #9 based on feedback in issue and agreement in https://github.com/solid/specification/blob/main/meetings/2023-05-31.md#scope-needs-to-be-tightly-defined-with-narrow-focus
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Revise scope and out-of-scope solid/solid-wg-charter
5 participants
@melvincarvalho @pchampin @csarven @elf-pavlik @kaefer3000