# Solid Authorization Panel September 23rd, 2020 ## Present - Justin B - Josh C ## Agenda - Survey Review ## Minutes ### Survey Feedback PAVLIK: All worth considering. Interesting use case from bblfish on flat namespace / uuids. Relying on relationships between resources vs. filesystem is interesting. Need to ensure that we're considering use cases from interoperability DZ: Pointing out that flat namespace with UUIDs is how [EDVs](https://digitalbazaar.github.io/encrypted-data-vaults/) are implemented. Vault can't rely on identiy of accessing agent. DZ: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend - read-append on an individual document may not be the right solution to the use case. -0 DZ: Strong -1s, Any Authenticated Agent access - don't think its useful because of the ability to make an ephmeral agent. Still not legitimate in conjunction with 2.7.1. Showing up with a legit verifiable credential from trusted issuers is a better combination. DZ: Bold -1 - 2.2.3 - How does Bob know what these opaque URLs in the list represent? What if the implementation hides these from Bob and he can't see them. Use case doesn't make sense. Note that 2.3.2 seems reasonable. DZ: Of particular interest - Inherit permissions from non-containing resource (child can pick the parent's permission) DZ/ERICP: Conditional control boundaries are interesting and valuable. DZ: Explain tag system. ERICP: tags are for groups of resources DZ: Tags on data and conditional access to them would be valuable ERICP: Should groups be able to live in different places - DZ - long standing question - ERICP - could be a site policy - DZ - was talked about in old spec and possible issue with circular references SARVEN: No strong -1s, general comments its a good sample of stuff. consider simplifyig the number of things flying around in the use case to make it simpler to comprehend. some of the use cases may not be clear enough. could help to do some editing on some of the use cases to simplify.