Open elf-pavlik opened 2 months ago
There is also https://github.com/solid/solid-spec/issues/106
After re-reading what you wrote above, are we saying the same thing: https://github.com/solid/solid-oidc/issues/219#issuecomment-2123508677 ? I mean the issuer origin. It is separate from the oidcIssuer value changing.
Let's separate those two cases. Here, I only focus on situations where the WebID Document is compromised and the triple with solid:oidcIssuer
gets changed.
We plan to discuss it next week on Tuesday https://www.w3.org/events/meetings/b277ff65-0aad-425e-bd1d-64758cd4547a/20240604T140000/
Solid-OIDC relies on
solid:oidcIssuer
delegation in WebID Document, SAI, similarly, relies oninterop:hasAuthorizationAgent
. Compromising any of them can lead to gaining owner-level access to all storage owned by the agent WebID denotes.Prior discussion