You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The oidc:Issuer is required by the Solid-OIDC spec. Everything else is up in the air as to whether it will be a MUST in the coming spec. But at a minimum all the predicates you show will be strong recommendations (I hope). Regardless of whether they are a MUST, I do not see any advantage and multiple disadvantages to not including them in default profiles.
What I do see as a very critical issue is that we should disallow editing of the oidcIssuer. Make users request changes to it by email. A mistake in the oidcIssuer blocks the user from authenticating with their WebID. A bad actor replacement of the oidcIssuer would hijack the entire account.
@jeff-zucker Do you have any hints to what minimal controls on a card WebID should contain ?
Are all the following needed
I'm not sure the last 3 are a MUST.
The text was updated successfully, but these errors were encountered: