Solid Authorization Panel

# Solid Authorization Panel August 19th, 2020 ## Present - Justin B - Dmitri Z - Jackson M - elf Pavlik - Henry S - Sarven C - Josh C ## Agenda - PR Review - Writing Requirements for UCR ## Minutes ### LDN Access Request - https://github.com/solid/authorization-panel/pull/28 JB: Will comment on the PR to reflect that there is active work happening in interop panel related to this. ### Read-append-write use case - https://github.com/solid/authorization-panel/pull/94 JB: Updates were approved. Okay to merge. MERGED ### Add minimal credential disclosure ex. in Privacy - https://github.com/solid/authorization-panel/pull/95 HS: created https://github.com/solid/authorization-panel/pull/98 to focus specifically on social sharing, which is *part* of #95 HS: This use case is on hold - focusing specifically on #98 now JB: First use case proposed in this related to minimal VC disclosure looks good. ### Public commenting for extended social network - https://github.com/solid/authorization-panel/pull/98 HS: Refined version of #95, removing the credential iteration to focus on social sharing HS: Addressing this use case solves a lot of legacy issues with blogging and blog spam SC: Good use case. JB +1 EP: Prefer not to add more details to this one. Believe this captures them well enough. JB - Noted. ### A high confidentiality scenario - https://github.com/solid/authorization-panel/pull/96 HS: Okay with UUIDs (per feedback). Hashes were wrong in the context. HS: Focus is on confidentiality and privacy. This is a use case that people in high security will hone into. Good reason to remember why we follow our nose on the web. Valid use case and enforces why explicit inheritance is important. SC: Few points to note: - Open issues on the solid spec repo related to sensitive information URIs, and another about containment listing - Does a client want to name their resource (PUT) vs. does the server name it for them (POST). How server picks the name is an implementation detail. HS: Might read better if example of the resource structure in the use case is provided. ### Conditional access by relation - https://github.com/solid/authorization-panel/pull/99 SC: Propose including that this is under the same authoritative domain, and the server has access to both SC: Refine to be more clear about how the relationship is described. DZ: Are we saying filtering on the presence of a triple? JB: Yes but specifically with a given predicate DZ: In line with where we wanted to head EP: Let use case capture spirit - don't include as much plumbing. "measurements are related to report with this predicate" - could even be done w/o the predicate.