Removed references to TLS that imply it is the primary form of authenication

[jaxoncreed]

TLS as a primary form of authentication should be deprecated in favor of a oidc. TLS may still be used as a form of credentials under oidc. All concerns about needing completely decentralized identity systems will be solved with an eventual implementation of DiD.

[dmitrizagidulin]

👍 looks good.

[michielbdejong]

@jaxoncreed ping

[jaxoncreed]

@dmitrizagidulin @michielbdejong could you give this a review so I can merge it?

[michielbdejong]

@kjetilk I think you have write access to this repo, can you add your review?

[michielbdejong]

also @RubenVerborgh please re-review

[michielbdejong]

@kjetilk @Mitzi-Laszlo @timbl @justinwb: we need one more of you to approve this before it can be merged.

[kjetilk]

Actually, I have no strong opinions, but this has such a long history that I think @timbl 's review would be good to have for legitimacy.

[kidehen]

TLS as a primary form of authentication should be deprecated in favor of a oidc. TLS may still be used as a form of credentials under oidc. All concerns about needing completely decentralized identity systems will be solved with an eventual implementation of DiD.

What does that mean, in regards to your DiD reference?

Solid has historically supported WebID-TLS or WebID-OpenID Connect as authentication protocols. Why do we need to go down the problematic maze associated with designating WebID-OpenID Connect as the Primary Authentication Protocol? That's simply wrong, and by now the experiences to date should be ample evidence.

Experiences to date meaning:

1. Create a Pod
2. Use the Pod repeatedly without authentication hassles and confusion.
3. Allow others interact with a pod for read-write operations on a predictable basis without authentication hassles and confusion.

[RubenVerborgh]

Note: I approved for technical correctness, but this should not be merged without approval from @timbl indeed.

WebID-TLS has some very nice technical properties; the only blocker is the extremely bad browser UI (which is so bad that it is currently virtually impossible to use it with many sources, as we will have with Solid).

At the same time, we have the One Solid notion.

So not an easy decision at all.

[kidehen]

Situation Analysis

Solid seeks to simplify (via frameworks, libraries etc) the development and deployment of read-write applications that leverage Linked Data principles.

As part of the endeavor outlined above, loose-coupling of Identity (via resolvable identifiers i.e., WebID), Identification (profile data i.e., WebID-Profile Document), authentication (via authentication protocols e.g., OpenID Connect and TLS), and authorization (via WebACLs) are essential regarding architecture dexterity and vision consistency.

Challenge

What MUST application developers expect in order to provide solutions to end-users en route to providing the most flexible and usable experience possible?

Suggested Solution

Here's a table reflecting both what exists across protocols and developer profiles using a MAY, SHOULD, or MUST approach to authentication protocol support i.e., what needs to be reflected in literature that informs rather than confuses the broader Solid Community.

	TLS	OpenID Connect	OpenID Connect + TLS Bridge
Solid Client App Developer	MAY	SHOULD	MUST
Node Solid Server	MAY	SHOULD	MUST

[jaxoncreed]

@kidehen That sounds like an acceptable solution, though I think I'd upgrade OpenID Connect to a MUST (since it's already implemented for the OpenID Connect + TLS Bridge).

Would you mind making those modifications to the spec then linking that pull request here?

[michielbdejong]

	TLS	OpenID Connect	OpenID Connect + TLS Bridge
Solid Client App Developer	MAY	MUST
IDP	MAY	MUST	SHOULD
Storage Server	MAY	MUST

[michielbdejong]

This PR only corrects the context about webid-oidc-spec, the mention of "secondary" webid-tls as per that table will go into https://github.com/solid/solid-spec/pull/171

[michielbdejong]

@timbl can we merge this now? This only removes references from this spec, the bigger change is in solid/solid-spec#171