WebID registration is just in beta: "Solid Identity Provider support for WebID-based authentication for client applications is currently not widely available. Currently, only Inrupt’s Enterprise Solid Server (ESS) supports WebID-based authentication for client applications and only as a Beta feature." (https://docs.inrupt.com/developer-tools/javascript/client-libraries/tutorial/authenticate-client/)
Christopher Prince @crspybits Sep 09 20:50
So just so I'm clear, when it says in those docs "WebID-based authentication for client applications" that means static client registration?
@NSeydoux
Sep 10 03:10
Not quite: static client registration is vanilla OIDC (even OAuth 2.0) concept, where the app developer uses an out-of-band mechanism to get a client id/secret pair from a given Identity Provier, that the app can later re-use to be identified by the same Identity Provider. In this case, the identifiers is server-managed, and the developer manually provides client information when registering.
On the other hand, Solid Client identifiers (the spec is walking away from calling them WebID for technical reasons, but they're very much similar to a WebID for apps) is a Solid-OIDC-specific mechanism, where the client is in control of its identifier, which dereferences to a document where client information may be found by the identity provider. Details are provided in the draft spec: https://solid.github.io/solid-oidc/#clientids
In an open ecosystem such as Solid, where a given user is free to use the Identity Provider of their choice, regular static registration doesn't scale, which is why the alternative mechanism has been proposed.
WebID registration is just in beta: "Solid Identity Provider support for WebID-based authentication for client applications is currently not widely available. Currently, only Inrupt’s Enterprise Solid Server (ESS) supports WebID-based authentication for client applications and only as a Beta feature." (https://docs.inrupt.com/developer-tools/javascript/client-libraries/tutorial/authenticate-client/)
(From https://gitter.im/solid/app-development)
Christopher Prince @crspybits Sep 09 20:50 So just so I'm clear, when it says in those docs "WebID-based authentication for client applications" that means static client registration?
@NSeydoux Sep 10 03:10 Not quite: static client registration is vanilla OIDC (even OAuth 2.0) concept, where the app developer uses an out-of-band mechanism to get a client id/secret pair from a given Identity Provier, that the app can later re-use to be identified by the same Identity Provider. In this case, the identifiers is server-managed, and the developer manually provides client information when registering. On the other hand, Solid Client identifiers (the spec is walking away from calling them WebID for technical reasons, but they're very much similar to a WebID for apps) is a Solid-OIDC-specific mechanism, where the client is in control of its identifier, which dereferences to a document where client information may be found by the identity provider. Details are provided in the draft spec: https://solid.github.io/solid-oidc/#clientids In an open ecosystem such as Solid, where a given user is free to use the Identity Provider of their choice, regular static registration doesn't scale, which is why the alternative mechanism has been proposed.