Aaron Coburn

I am not suggesting a generalization of WebID to include DIDs. You are correct that such a thing is not possible. I am suggesting that Solid-OIDC identify agents with URIs...

For example, in the [Solid Web Access Control specification draft](https://solid.github.io/web-access-control-spec/#terminology), it makes reference to WebID without depending on it: > agent > An agent is a person, social entity or...

> yes, that is what I mean by disjoint union. Exactly. And so long as Solid-OIDC requires WebID, it cannot support DID

I am not suggesting that we _replace_ WebID with DIDs. Indeed, that would not solve the problem. Rather, I am suggesting that Solid-OIDC stay independent of all that. You can...

Because Solid-OIDC will likely be just one authentication mechanism for Solid (as opposed to the one-and-only authentication mechanism), I would like to see either a stand-alone suite for Solid-OIDC or...

I will point out that `client_secret_basic` (and `client_secret_post`) is completely orthogonal to DPoP. DPoP is a mechanism to bind an OAuth access token to a particular client-managed keypair. It has...

> the exp claim that appears both in the DPoP-bound Access Token and the OIDC ID Token Aside: there is no `exp` claim that is part of the DPoP specification,...