authorization-panel icon indicating copy to clipboard operation
authorization-panel copied to clipboard
verified publisher icon solid

Recommendation scenario

Open csarven opened this issue 5 years ago • 3 comments

re basic resource access: https://solid.github.io/authorization-panel/authorization-ucr/#uc-basic

In the Solid ecosystem, wouldn't it more likely - possibly encouraged - to have a "recommendation" scenario where Danielle shares their recommendation from their own personal storage as opposed to Alice's?

csarven avatar Jul 27 '20 07:07 csarven

That is an interesting point. I think the following strategies can be used:

  1. Bob can create a resource on Alice's server stating that he supports Alice. There would need to be enough information in that recommendation for a reviewer to be able to check with Bob if he really did write that. This can lead to problems if Bob changes his mind at some point as then the reviewer would not be clear if Alice lied or Bob changed his mind.
  2. Bob writes a review on his Pod and sends a link to that review to Alice (appends a triple with a link to the review and some metadata). There the reviewer can be sure that Bob wrote it (by verifying that the wACL rules are not world writeable). Alice would have to make sure she is on good terms with Bob for a while, to avoid Bob changing the content.
  3. Bob can post a signed review that can be appended to a document of Alice's using RDF Signatures. This may make Alice and the reviewer more comfortable, but Alice perhaps less cautions with her friendship with Bob. Note that private keys can be compromised, invalidating signatures.

All three cases have advantages. The first one does not require Bob to have a Solid Pod. The second one requires Bob to have one. The third requires widespread use of RDF Signatures.

bblfish avatar Jul 27 '20 08:07 bblfish

Added multi-storage; recommender controlled scenario in PR: https://github.com/solid/authorization-panel/pull/100

A recommendation that is stored and controlled by a third-party would typically need a way to ensure data integrity or high trust that data wasn't altered or have a way to track changes. This is all within the scope of Solid and orthogonal to where data is published, however, scenarios should fundamentally reflect decentralisation of data and control - what we've been trying to show in the Solid ecosystem to date.

csarven avatar Sep 02 '20 07:09 csarven

Since #100 was merged, should we close this issue?

elf-pavlik avatar Sep 04 '20 20:09 elf-pavlik