search

nodeSolidServer / node-solid-ws

Node/Javascript implementation of Websockets for Solid
http://npm.im/solid-ws
8 stars 6 forks source link

WS should be authenticated with ACL #1

Open nicola opened 8 years ago

nicola commented 8 years ago

Was https://github.com/solid/node-solid-server/issues/143

michielbdejong commented 5 years ago

The client should probably provide the user credentials in the upgrade request. Connecting should probably never fail. Notifications should only be sent to authenticated users who are subscribed to a (parent-)folder containing that item, and currently have read-access to the changed item. Maybe, subscribing to a folder to which the user has no read access should already fail with an error if the user does not have read access to the folder at that time, since the user would not receive any notifications unless the ACLs change during the period the WebSocket connection is active.

michielbdejong commented 5 years ago

As a first step, I'll try to restrict updates to public files when connected without credentials.

michielbdejong commented 4 years ago

I'm now (finally) working on a fix for this, see https://github.com/solid/specification/issues/52#issuecomment-682491952

I plan to finish this in October 2020 as part of my EU-funded solid-crud-tests milestone (will update this comment if that estimate changes).

michielbdejong commented 3 years ago

@jaxoncreed as discussed in the Solid OS call today, would it make sense to add a WebSockets client into ISCAJ? How can we coordinate that between the two of us?

michielbdejong commented 3 years ago

CC @Vinnl