acl:trustedApp limits usefulness of decentralized social apps #1789
Comments
|
Is it not used to address the open issue with the ACL model is the fact it doesn't explicitly take into account client apps, because once a client has an access token it can make use of it maliciously to craft requests, even if it uses DPoP-bound JWTs? So the trustedApp predicate is to provide a guard against an unauthorized application from executing an arbitrary request with any access token. Or am I completely wrong? |
I suppose that's correct. However, the feature still limits the choice of apps for other users. A simple resolution would be to apply |
Being right about something for once is nice, but I agree. Though this may be by design - I think acl:trustedApp should be applied on a per-resource basis and not a per-pod basis, though. For instance, I may have a datashape/resource that I only want a specific app to use. Is that a use case that makes sense?
I agree here and could possibly make a branch for this because I think I rewrote the acl-checker which uses this recently, but I would have to check. I think another instance where you would want to use |
👍🏼 Yes! It seems shape/resource-based app authorization is the long-term vision for many in the Solid community (e.g., SAI). Personally, I'm a fan of shape-based app authorization.
Agreed. Control is too much to share arbitrarily. 🙂 In the long term, it would make sense for each user with access to grant that access to their chosen app, though I'm not sure how that would be implemented. For now, since For now, it would be great if non-owner people with resource access could use the app of their choice, at least for
However, we would need to be a bit more restrictive with profile document itself, since |
I keep seeing mentions of decentralized/self-sovereign identities to handle this with the app possibly being tied to who owns it(?).
I'll take a look into it when I can. I am busy with writing my thesis this term which is why I have been rather inactive. I don't think it should be too big of a hassle to remove, but maintaining/updating these packages is on the low priority list right now |
|
Thank you for the responses, @zg009! Best of luck with your thesis! I might be able to make a PR, but it would be great to get approval from the NSS maintainers/community first. |
|
Do you know whether NSS takes into account trusted apps of the pod or resource owner, or of the person who requested the data? If the former, this issue could be resolved by checking trusted apps of the person who requested the data. If the latter, this issue may perhaps be closed (after some testing). |
Not off the top of my head. I can grab a look at it tomorrow evening or next week - my writing is nearing an endpoint. I did some rewriting of the acl-check class and I'm not even sure if the |
As was already pointed out in #1672 (comment), when somebody has shared their data hosted on NSS with me, I can't access those data with a web app of my choice, I have to use the same web app they used.
This limits usefulness of otherwise interoperable apps that work on top of any kind of social non-public data.
In comparison, CSS doesn't use
acl:trustedApp, and I can use an app of my choice to access the data shared with me.Has this been discussed already? Is this a desired behaviour? It looks to me like it's an unfortunate side effect, since it limits one of goals of Solid Project1: People can choose which app they want to use.
Footnotes
as I understand it ↩
The text was updated successfully, but these errors were encountered: