# Solid Use Cases !! WIP https://meet.jit.si/solid-cg ## TODO * [ ] Pick a small pool of diverse names for the fictional characters [reference](https://github.com/solid/specification/blob/main/CONTRIBUTING.md#self-review). * [ ] Incorporate [the use cases requested by the practicioners](https://github.com/solid-contrib/practitioners/discussions/10) * [ ] Decide the future of [Use Cases and Requirements for Authorization in Solid](https://solid.github.io/authorization-panel/authorization-ucr/) & [Authorization Use Cases Survey](https://github.com/solid/authorization-panel/blob/main/proposals/authorization-ucr/uc-survey.md) * [ ] Decide the future of [Solid Notifications Use Cases and Requirements](http://htmlpreview.github.io/?https://raw.githubusercontent.com/solid/notifications-panel/main/notifications-ucr.html) * [ ] Decide the future of [User Stories for Solid](https://github.com/solid/user-stories/) * [ ] Agree on precise terminology to use when defining use cases * [ ] Define categories for use cases (use lables?), e.g. 'ops', 'apps', 'sec', 'privacy' * [ ] Ontologies and shapes ### Porting data pods * As a user, I want to move a Pod from one Solid Server to another. * I want all this to happen in a transparent way to applications that use the data ## App authorization ### Broad authorization and discovery proposed by: elf Pavlik * As a user of project management application * I want to authorize that app to access all the project boards and tasks on those boards * Without sharing with that app contacts who don't share project boards with me * Still, when one of my contacts starts sharing some project boards with me * I want my app to discover it and start showing it to me automatically Note: [existing demo for SAI](https://youtu.be/IXzdH1JqcOA?si=IrTtAAGeV3vdWrAv) ## Social Graph ### Sharing data with contacts who still don't have WebID proposed by: elf Pavlik * As a person collaborating with various individuals and organizations * Given that some of my contacts are yet to get WebID * I want to be able to pre-authorize their access to some of my data * So that when they get WebID and get on board with solid, they can access that data. Note: [existing demo for SAI (partial)](https://youtu.be/dH4BAOmjCAs?si=UjLbsRYSW7vQ2DBx) ## Access delegation proposed by: elf Pavlik * As an admin of an organization * I want to authorize specific individuals to access certain data of the organization * In a way that they can independently authorize others to the extent of the access they received * And ensure that once I revoke access for one of the people I granted it to, anyone that they authorized will also lose access ## Collections proposed by: elf Pavlik * As a user * I want to be able to organize my data into collections * I want to manage access on the collection level, so it applies to all the members * I want to be able to 'move' my data between collections wihout breaking any incoming links # Appendix ## I Actors * Application - CAN be identified; autonomous or not * Agent - CAN act - individual, entity or bot(application) * User - is an agent; individual user acting for herself or on behalf of an entity; CAN be authenticated * Org - CANNOT act; community/group/enterprise/team/etc (social agent) that controls data, but actions are taken by an authorized person or bot on behalf of Entity; CANNOT be authenticated * ServiceProvider - IdP Provider, Pod Provider etc. * Issuing a credential * from the outside org issues a credential * from the inside some org member (individual) * possibly bot as a side effect of something else Social Entity vs. Application * Applications always act on behalf of social entities (or just individuals?) * every contract needs to be signed by a person, not an organization - audit trail * all sites have cert signed by a CA, Outside vs Inside perspective ## Auditing (logs) ### ActivityPods * Personal Data Store / Collective Data Store * Organization has its own WebID but can't authenticate * distinction between groups and organizations, groups can be looser * conforming with ActivityPub we have applications (bots), for example when max number of attendees in event the bot will close subscriptions. * group vs organization * one can just join the group, possibly some moderation, organization can have more formal roles ### Existing ontologies * ActivityStreams * https://www.w3.org/TR/activitystreams-vocabulary/#actor-types * https://www.w3.org/TR/activitystreams-vocabulary/#dfn-generator * Schema * https://schema.org/Organization * https://schema.org/Person * https://www.w3.org/TR/vcard-rdf/ * https://www.w3.org/TR/vocab-org/ * https://www.valueflo.ws/specification/all_vf.html ### Open Food Network/Data Food Consortium use case ACTION: Hadrian to reach out and see how we could collaborate * https://community.openfoodnetwork.org/t/ofn-as-data-source-for-solid-apps/2872 * https://datafoodconsortium.gitbook.io/dfc-standard-documentation/solid-client-protocol *