W3C Solid Community Group: Data Interoperability Panel

# W3C Solid Community Group: Data Interoperability Panel * Date: 2022-01-04T15:00:00Z * Call: https://meet.jit.si/solid-data-interoperability * Chat: https://gitter.im/solid/data-interoperability-panel * Repository: https://github.com/solid/data-interoperability-panel ## Present - Justin B - elf Pavlik - Angel Araya - Juliette C ## Regrets * --- ## Announcements ### Meeting Recordings and Transcripts * No audio or video recording, or automated transcripts without consent. Meetings are transcribed and made public. If consent is withheld by anyone, recording/retention must not occur. * Use panel chat and repository. Queue in call to talk. ### Participation and Code of Conduct * [Join the W3C Solid Community Group](https://www.w3.org/community/solid/join), [W3C Account Request](http://www.w3.org/accounts/request), [W3C Community Contributor License Agreement](https://www.w3.org/community/about/agreements/cla/) * [Solid Code of Conduct](https://github.com/solid/process/blob/master/code-of-conduct.md), [Positive Work Environment at W3C: Code of Ethics and Professional Conduct](https://github.com/solid/process/blob/master/code-of-conduct.md) * If this is your first time, welcome! please introduce yourself. ### Scribe Selection * JB * Pavlik ## Agenda ### sai libraries / resource types - JB: thinking whether sai-js/java need a base resource type that can account for non-rdf resources - ### ergonomy of ecosystem - Pavlik: Discussion in last authorization-panel around ACP / Data Grants compatbility and areas of friction - Justin: I don't think our design precludes the ability to consent / grant access to non-identity based schemes (e.g. with verifiable credential) - Pavlik: currently we put these grants in agent registrations, so if it isn't based on agent identity. based on current approach there's a heavy focus on that. i think it's justified because most people will want to set policies based on this. - Justin: I think that the current infrastructure can be used well for this (...gives example) - Pavlik: I think in the case of a organization issuing a credential for its employees delegation can be used, but agree generally in the example - Pavlik: Approach we take in interop is to fire up discovery / following your nose from the app to the data. What i want to emphasize tomorrow for data grants is that we have a very clear way to get to data (following our nose). Once we start at the app, the app can get all of the data that the user can access. Using ACP / Raw WAC you leave it out of scope. - Justin: If you're relying on your access control system for data discovery you're in trouble. with the interop consent / grants you can support different access control systems implementing those decisions - Pavlik: Also, as new data is created (e.g. new data registry with new storage), access control can be applied immediately based on previous choices. Gets even more interesting with something like "All" scope - If i give an application access for all events, and all scope, the application automatically gains access for that. In ACP you don't have delegation and can't specify policies on something you don't have access to yourself. - JB: For authorization panel tomorrow, there was discussion of doing a presentation. How should we attack? - Pavlik: More to emphasize how interop work complements the current authorization work. Showcasing that we have working implementations. Focus rest of the meeting to explore what work to be done to reconcile it.