2021-09-06 Authentication Panel

# 2021-09-06 Authentication Panel https://meet.jit.si/solid-authentication ## Agenda * Feedback from CSS implementers on Sep 13th (2 min) * Scheduling AS discussion in AuthZ panel (2 min) * Documenting delegation scenarios (2 min) * [Determine identifier and title for the solid-oidc spec #27](https://github.com/solid/solid-oidc/issues/27) * WebID (where do we expect End-user's and Client's (Web/D)ID Documents to be hosted?) * [Define Solid-OIDC requirements for what client description WebID Document should include #28](https://github.com/solid/solid-oidc/issues/28) * [Proposal: change webid claim to solid #26](https://github.com/solid/solid-oidc/issues/26) * [Advertising trusted OIDC issuers via Link headers #32](https://github.com/solid/solid-oidc/issues/32) * [Generalize Solid-OIDC protocol beyond WebID #35](https://github.com/solid/solid-oidc/issues/35) ## Present * Nicolas * Pavlik * Barath ## Minutes ### Feedback from CSS implementers on Sep 13th Nicolas: We can also discuss client credentials flow on that meeting. I know that Ruben and Joachim were looking into implementing client credentials flow. Pavlik: I know that Justin also uses client credentials flow some places ### Scheduling AS discussion in next AuthZ panel Pavlik: Given that Matthieu is on vacation we should do it next week Wed 15th ### Documenting delegation scenarios Pavlik: I discussed some of such use cases with Aaron but we should discuss it again when he's present. There are two active related scenarios in the AuthZ panel: - https://solid.github.io/authorization-panel/authorization-ucr/#uc-delegation-subset - https://solid.github.io/authorization-panel/authorization-ucr/#group-membership-vc ### where do we expect End-user's and Client's (Web/D)ID Documents to be hosted? Pavlik: Currently NSS and CSS create WebID documents in solid storage. Nicolas: I think this question should be out of the question for solid-oidc spec. We want to avoid coupling between WebID document and storage. For exapmle if storage is provided by pod provider one can loose one's WebID. Ideally one would have WebID hosted somewhere which redirects to solid pod or elsewhere. In case of webapps, we would host static resource, rather than host it on external storage. We should make as little assumption about hosting it as possible. Pavlik: Resource Servers should be able to host "regular" HTML/CSS/JS apps. Storing JSON-LD raises the question of how the server serializes/deserializes the data: the output could legitimately be different from the input. In this case, relyig on a specific serialization could be hard, and we have to be aware that would impact people hosting their WebIDs on Pods. Pavlik: It would be good for users owning their domain names to have redirections in places (e.g. using CNAME) Barath: Note that a storage provider (either for Pods or WebIds) could stop working for business reasons, so hard to make any assumptions how that would end. Ideally, we should promote some kind of user agreement that tries to protect users from data loss that providers could pledge for. Pavlik: https://tosdr.org/ might be a useful pattern for ranking solid services providers Nicolas: We should check each issue and respond in it. ## Actions @elf-pavlik: to fix broken build @elf-pavlik: to post on CSS channel @nicolas: review indivudual issues related to WebIds wrt the general agreement described in the minutes.