Clarification on Solid and comparisons

[csarven]

See also https://github.com/solid/solid-wg-charter/issues/3 on omitting use of "pod".

Solid presents several advantages over more traditional architectures for data use by Web services today, including:

• Solid Pods are controlled by individuals or organizations, not third parties.

In Solid there are varying degrees of "control" and different forms of delegation, anything from URI ownership (as per AWWW), multiple storage owners, identity providers, to access permissions. Paraphrase or remove this point because it is not literally the case that third parties do not have any means of controlling any aspect of a "pod".

• Solid Pods enable fine-grained control over private data on a per-application and per-principal basis.

Redundant with respect to the first point. "Principal" in Solid is not constrained to certain actors or roles.

• Solid Pods enable interoperability and data sharing between applications and services while respecting user wishes.

• Solid Pods enable portability of data, of hosting, and of applications.

These two points are vague and doesn't actually say anything that's unique to Solid. Some of these features are not even particularly incubated or have sufficient implementation feedback.

[jeff-zucker]

I believe a strong statement about control is necessary. I suggest something like this:

While individuals and organizations may delegate control over all or part of a Solid Pod, absent such explicit delegation, Solid Pods are controlled by the individual or organization, not by third parties.

[laurensdeb]

I would propose we combine the first and second points:

• Solid storage enables fine-grained control by individuals or organizations over private data, on a per-application and per-agent basis.

+1 on removing or re-wording "third parties" Based on the current Solid specification it is fully possible for third parties (e.g. "managed" ecosystem operators) to limit the decision power of individuals over how they can access or share the data stored in their Solid Pod. I believe this is behaviour which should be permissible under the Solid specification, as data-ownership is a very complex topic and sufficient flexibility is required to support various legal and business interpretations of the concept.

Additionally I would prefer the use of "agent" instead of "principal", as this term is frequently used in WAC, ACP, Solid-OIDC and WebID specification to identify an entity identified by a WebID. This is the contrast I feel we want to make in this point.

On the last two points, I think client-server interoperability is an important feature of the Solid protocol but perhaps we should rework these statements to more clearly emphasize this. I do agree that client-client interoperability, and thus interoperability in the broad sense is not something we have sufficiently incubated in the current CG to claim in this charter.

Additionally I feel like the decentralized nature of the trust model we have established in the Solid protocol for authentication and authorization should be sufficiently underscored.

I would perhaps propose wording like this:

• Solid enables interoperability between applications and various storage server implementations of the protocol.
• Solid defines a decentralized trust model enabling authentication and authorization mechanisms to operate at Web scale.

[csarven]

Thanks for the suggestions Jeff, Laurens. I think we are on the same page. I've integrated your feedback with some edits into this PR https://github.com/solid/solid-wg-charter/pull/30 .