Solid Authorization Panel

# Solid Authorization Panel February 17th, 2021 ## Present - Justin B - Henry S - Emmet T - Josh C - Eric P - e Pavlik - Matthieu B ## Agenda * Announcements * Review Minutes (2m) * Accept [prior minutes 2021-02-10](https://github.com/solid/authorization-panel/pull/169) * Accept [prior minutes 2021-02-03](https://github.com/solid/authorization-panel/pull/165) * Pull Requests * https://github.com/solid/authorization-panel/pull/152 - Add functional requirements * Topic Items * 2/17 Milestone - Approve and merge UCR (https://github.com/solid/authorization-panel/pull/152) * Discuss next steps for specification proposal * Discuss [meeting with Credentials CG](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0062.html) ## Minutes * Prior meeting notes merged ### Use Cases and Requirements Approval of https://github.com/solid/authorization-panel/pull/152 - No objections to merge. - Several approvals (Henry, Josh, Pavlik) - All requested changes in the PR have been addressed / resolved ### Discuss next steps for specification proposal How should we move forward? Emmet: Mathew moves to providing a second implementation. The current description with pseudocode is not a specification, but needs to be improved. JB: Will also be able to contribute text Feedback from members of the panel. EP: Should look at integrating work from the interoperability panel (e.g. Data Grants / Data Receipts). Good to look at how these pieces work together. Propose to prioritize review across the board of these complementary items. Pavlik: Should look at how it integrates with Interoper Panel with Access Grants. Henry: - I opened https://github.com/solid/authorization-panel/labels/ACP - How far do we want to go from WAC because WAC could do the same thing. Conceptually very similar https://github.com/solid/authentication-panel/pull/125 - Certain places where there is a difference (ACP vs. WAC) - Support for DID - https://github.com/solid/authorization-panel/issues/147#issuecomment-743158893 To extend / change WAC, or make something else? JB: Tim has provided editorial guidance that WAC should be maintained as it is today, and something different should be a different system ET: ACP introduces a lot of differences to how WAC currently works - so created a new implementation (ACP) HS: Realize there are other groups using WAC that may not want to change. EP: Need to be sure we avoid infinite analysis. May not need to spend a lot of time with OWL people. ACP rules are pretty tight and bounded, probably don't need to use an OWL or RDF reasoner. ET: Have avoided reasoning logic that could lead to performance issues at scale. HS: How far do we get with WAC + inferencing (w. differnt types of inferencing) ET: Proposing the use of UMA 2 and where might that come in, in terms of requesting permissions and consent ET: UMA: [User Managed Access](https://en.wikipedia.org/wiki/User-Managed_Access) EP: In regards to submitting WAC proposal to specification - should it be submitted directly to the solid/specification repository before going through the panel. ET: +1 any authz draft should go through the panel JB: +1 any authz draft should go through the panel EP: +1 any authz draft should go through the panel MB: +1 any authz draft should go through the panel