node-solid-server icon indicating copy to clipboard operation
node-solid-server copied to clipboard

Published 20 hours ago verified publisher icon nodeSolidServer

/profile/card editing should be a valid WebID

Open bourgeoa opened this issue 2 years ago • 2 comments

@jeff-zucker Do you have any hints to what minimal controls on a card WebID should contain ? Are all the following needed

<./card> a foaf:PersonalProfileDocument; foaf:maker :me; foaf:primaryTopic :me.

:me
    a foaf:Person;
    solid:oidcIssuer <https://solidcommunity.net:8443>;
    solid:account </>;
    space:storage </>;
    foaf:name "bourgeoa-solidcommunity:8443".

I'm not sure the last 3 are a MUST.

bourgeoa avatar Nov 11 '22 15:11 bourgeoa

We are waiting for some input from the WebID spec.

timea-solid avatar Nov 23 '22 17:11 timea-solid

The oidc:Issuer is required by the Solid-OIDC spec. Everything else is up in the air as to whether it will be a MUST in the coming spec. But at a minimum all the predicates you show will be strong recommendations (I hope). Regardless of whether they are a MUST, I do not see any advantage and multiple disadvantages to not including them in default profiles.

What I do see as a very critical issue is that we should disallow editing of the oidcIssuer. Make users request changes to it by email. A mistake in the oidcIssuer blocks the user from authenticating with their WebID. A bad actor replacement of the oidcIssuer would hijack the entire account.

jeff-zucker avatar Nov 23 '22 18:11 jeff-zucker