Allow users to list which origins they trust #1121
Comments
This branch is dependent on https://github.com/solid/acl-check/tree/feature/trusted-app and should be merged after #1118. This should fix #1121
|
Is there perhaps an alternative to requiring every user to list every origin they trust without putting that decision exclusively or mandatorily in the hands of the Pod provider? I am thinking about something like <#me> :trustedOriginListProvider <uri-containing-a-list-of-trusted-origins>.So a Pod provider could provide a list of trusted origins but each user would decide if they wanted to agree that they were trusted by specifying the Pod provider as also a provider of a list of trusted origins. Or the user could manually create their own list of trusted origins or they could specify some other list of trusted origins provided by a trusted source other than their Pod provider. |
|
So some way of delegating trust to others, e.g. a POD provider? (I mean, a use case is also that you trust the judgement of your family member to manage a list of trusted apps.) Maybe create an issue for the WAC spec suggesting something like this? |
With strict origin policy the default (as it becomes in NSS v5), web applications need to have their origin listed as trusted. Right now we only have this setting available as a global setting for the whole server. We should have something more granular, where users can list web applications (i.e. their origins) as trusted.
The WAC specification describes a possible way of doing this, by implementing the use of
acl:trustedApp. I propose we implement this feature.The text was updated successfully, but these errors were encountered: