https://meet.jit.si/solid-authorization
- Sarven
- Dmitri Z.
- Max Leonard
- Henry Story
- E. Pavlik
- Matthieu B.
- March 10: 15:00 & 18:00 UTC: Solid/CCG meet & greet with Tim Berners Lee
- UCR Survey Update and actions
- Propose access request with LDN #28
- Relating ACL and ACP ontologies #148
- + characterize axes for access relationships #179
- Create wac-acp-diff-story.md #178
Dmitri: W3C Credentials CG is a large community. It incubated DID WG, VC WG and now it incubates other task forces. Solid community expressed interest in using VC, signatures and encryptions. Next Wednesday they are coming to present during our weekly call and we will present on the same day during theirs. ...: We should decide what we want to present. I'd like us to select couple of topics. For example our identity-based access control.
Henry: It's good to understand that it is not just the credentials community.
Sarven: https://gitter.im/solid/specification?at=6022bab5063b6c68d54c658c
CCG presents to SocialCG in the first session, and the other way around in the second session.
They've suggested that an intro to their following work items would be of interest to us: Universal Wallet, DID-Core, Secure Data Storage + others. Also asking any specific work items or areas they should cover.
I suggested some areas: Identity/Identifiers: WebID, DID Access control / Capability-based security models: ACL, OCAP VC data model Signatures/Encryption All sorts of Security and Privacy Considerations
Areas to Present:
Access Control models:
- Identity Based (ACL)
- Capability Based (zCaps)
What kind of problems is the CCG solving, and what kind of problems is the Solid CG solving?
Come prepared with questions.
Henry & Pavlik: We should present our use cases. For example, https://solid.github.io/authorization-panel/authorization-ucr/#uc-capabilities But also our general web-based use case approach.
Q: Do we want to prepare slides? (With what we're presenting to the CCG?)
Sarven: Let's present the different specs we're incubating. (Tim gives an overview of the ecosystem for 5-10 min. 5 mins on WebID. etc (see rough agenda))
Sarven: it'll be up to each topic presenter, if they want to use slides or not.. screenshare
UCR Survey Update and actions
- #152 broke survey -- should've been addressed prior to PR merge.
- Proposed actions: fix survey links and comments;
- get more responses from people (indicate implementation state/plans)
Pavlik: will put it on next interop panel meeting agenda to give feedback how Access Needs can be used to request access
Sarven: should move to solid/specificatation as it is a protocol issue.
Henry: I agree this would be interesting to look at what part is a protocol. I can look at it more carefully. leave it as is for now.. for more discussion
Pavlik: discuss in data-interop for the altnerative. but okay to move to solid/specifcation
Henry: after looking at it: This could be an interesting document to keep up to date. But it a way I think it would be easier to work out way towards such a document by building up simple examples comparing WAC and ACP as in the following story.
Henry: Two problems with the story (both explained in detail in PR)
- where does the regex expression come from, that does not seem to be in the Solid Spec
- the Shapes restrictions are too restrictive: they don't allow acl:AuthorizesAgent to be used as the object of acl:agentClass
- The Shapes restrictions over-constrain WAC, and so make possible extensions described in issue 184 Limitations: Reusing Policies seem out of bounds.
So this does not quite capture the difference, but it is helpful to see a major worthwhile improvement.
CSarven: the document should state that it is provisional.
EricP: ... makes some adjustments ...
Henry: we need to have the document POC Evaluation Table ready.
- Create issue about updating https://github.com/solid/authorization-panel/blob/master/proposals/authorization-ucr/uc-survey.md
- Pavlik: discuss access request with LDN in interop panel
- Sarven will propose to move PR 128 to solid/specification