Open csarven opened 11 months ago
llvee
commented
1 month ago Started researching better solutions for identity verification recently as it is a challenging obstacle for travelers everywhere. I discovered this repository, is it open for contributions from anyone?
csarven
commented
1 month ago @llvee , this repository (and everything under the solid org) is indeed open for contributions from anyone. You're welcome to jump in anywhere. Please note the Solid Code of Conduct and the Positive Work Environment at W3C: Code of Conduct.
I'm curious about what led you here and more details on identity verification. The Solid WebID Profile specification may not by itself provide what you're looking for in terms of "verification", although certain aspects could contribute to it. This issue might be outside the scope of that topic so you may want to join the Solid specification chat room on Matrix.
https://github.com/solid/vocab/issues/26 outlines a use case where an agent wants to use a preferred or trusted proxy to read or update resources (without disclosing their application's true origin). Such feature also has the benefit to work around servers that can't be reached due to not participating in the CORS protocol.
There is implementation experience based on https://dokie.li/ where the application reads a WebID Profile's
solid:preferredProxy(squatted ns) and routes fetch requests to target resources through its proxy. I currently use:where I have a Solid server running on my local machine. I could use a remote server, i.e., the Solid server running on csarven.ca, but I didn't set ACLs on its proxy. This is orthogonal in any case.
So, irrespective to what the property is called or whether it uses a URI Template or some other way to convey the proxy URL and the part that an application needs to add in the URI of the target resource, the Solid WebID Profile specification should introduce this feature on some requirement level.
CORS is PITA (Pain in the Ass) and for Solid applications to take advantage of resources beyond those on a Solid server or a server that properly implements CORS, there needs to be use of a proxy. Otherwise, a whole category of use cases for Solid applications is a non-starter. Again, dokieli has plenty of experience on this - resources could be anywhere. And undoubtedly other applications have run into similar shortcomings that can be overcome by: