# Solid Authorization Panel November 18th, 2020 # Present - Justin B - elf Pavlik - Henry S - Max L - Jamie F - Sarven # Agenda - ACP Specification - Next Steps - WAC Specification - Next Steps - elf Pavlik - [UC: 2.5.2. Limiting application access while not acting as resource controller](https://solid.github.io/authorization-panel/wac-ucr/#uc-client-constraints) # Minutes ## ACP Next Steps - Justin: I discussed with Tim on how ACP and WAC should coexist. WAC has been fairly well established. WAC has things that has been agreed on but not documented. We shouldn't change WAC to solve use cases we are addressing. Solid ecosystem should support it. ACP would be in the trajectory to satisfy new requirements. - Pavlik: I don't think implementes will be very motivated to implement WAC knowing that ACP will be what we put further work into. - Henry: WAC is composed of statements of who has what access mode to which resources. ACP uses link from resource to ACR. I miss documentation on how ACP compares to WAC. - Henry: Better to have two vocabs for clarity, but will need ability to translate / migrate. Most important job is to try and work out what that relationship is between them. Write out an ontology that maps one to the other (as well as work out the ACP ontology) - Eric: We should figure out who our clients are, who we are trying to protect. Probably we don't have unknown implementers since there was no proper solid spec. - Justin: I don't see general resistance to the notion of letting WAC stand on its own, not changing it. Instead we would work on ACP in collaboration with Emmet. - Henry: Need to understand the document / ACP better - understanding the relationship to WAC will help. - Pavlik: WAC doesn't really have better documentation than ACP. ACP is pretty well-documented in comparison. Maybe difference is ACP hasn't had as much time in peer-review / implementation experience. Can we see list of all WAC implementations on server-side? With good guidance on how to migrate it may not be as painful as we think. +1 ERICP, +1 JB1 - Pavlik: Question for Emmet - how can we participate on ACP as a group? What is the best way as a group to start iterating on this? What kind of commitment can we get from inrupt for participation? - Martynas: What is issue with WAC - Pavlik: See https://solid.github.io/authorization-panel/wac-ucr/#limitations - Eric P: If we know we have these inheritance issues with WAC, and we know ACP addresses it, then we should go full steam ahead on ACP or end up being spread to thin (by trying to extend WAC to do things it doesn't / wasn't designed for) - Sarven: (repeated stuff that was mentioned in past meetings.. ) - Pavlik: Have caution with breaking changes to WAC (i.e. inheritance, control) - Justin B: Proposal today is really just to carve off mind-share to better understand ACP and work on documenting it so we can determine it's path forward - Eric P: Lets get a better understanding of the delta, but we shouldn't spend a bunch of time investigating what WAC might've become - Sarven: Tim mentioned that a broad authorization framework should be looked at as a research track - Correction: "capabilities/posession goes into research column" - https://hackmd.io/@solid/r19VNSzYD - Justin B: Proposing work effort to investigate ACP - Pavlik: Specific action items on all those efforts ACTION ITEMS: - Get ACP ontology published / available - Get a better understanding of the delta between ACP / WAC - Get functional requirements to use cases - Henry: Can put aside 2-3 days a week for the next 2-3 weeks to work on the mapping between WAC and ACP to work out the differences are. (I wrote an implementation of WAC 5 years ago, but it would need rewriting, so I don't have much at stake on either side) - Sarven: working on a WAC spec update .. can work on delta/overlap with ACP - Justin B: can prepare an approach for panel ACP initiative to present next week - Sarven's proposal was: 1) get UCs functional requirements out 2) update WAC and ACP info 3) compare WAC/ACP 4) profit - Pavlik: push forward clarifying inheritance in ACP - Pavlik: push forward ACP vocab