search

nodeSolidServer / node-solid-server

Solid server on top of the file-system in NodeJS
https://solidproject.org/for-developers/pod-server
Other
1.78k stars 303 forks source link

/profile/card editing should be a valid WebID #1709

Open bourgeoa opened 1 year ago

bourgeoa commented 1 year ago

@jeff-zucker Do you have any hints to what minimal controls on a card WebID should contain ? Are all the following needed

<./card> a foaf:PersonalProfileDocument; foaf:maker :me; foaf:primaryTopic :me.

:me
    a foaf:Person;
    solid:oidcIssuer <https://solidcommunity.net:8443>;
    solid:account </>;
    space:storage </>;
    foaf:name "bourgeoa-solidcommunity:8443".

I'm not sure the last 3 are a MUST.

timea-solid commented 1 year ago

We are waiting for some input from the WebID spec.

jeff-zucker commented 1 year ago

The oidc:Issuer is required by the Solid-OIDC spec. Everything else is up in the air as to whether it will be a MUST in the coming spec. But at a minimum all the predicates you show will be strong recommendations (I hope). Regardless of whether they are a MUST, I do not see any advantage and multiple disadvantages to not including them in default profiles.

What I do see as a very critical issue is that we should disallow editing of the oidcIssuer. Make users request changes to it by email. A mistake in the oidcIssuer blocks the user from authenticating with their WebID. A bad actor replacement of the oidcIssuer would hijack the entire account.