Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 01:05
    elf-pavlik commented #447
  • Aug 08 15:22
    TallTed commented #447
  • Aug 07 02:14
    almereyda opened #448
  • Aug 06 09:58
    melvincarvalho commented #447
  • Aug 06 09:55
    melvincarvalho commented #447
  • Aug 06 09:44
    melvincarvalho commented #447
  • Aug 06 09:41
    melvincarvalho commented #447
  • Aug 04 19:09
    barath commented #447
  • Aug 03 22:40
    ThisIsMissEm commented #447
  • Aug 03 17:14
    kjetilk commented #409
  • Aug 03 17:08
    acoburn synchronize #409
  • Aug 02 16:03
    elf-pavlik commented #447
  • Aug 02 15:56
    elf-pavlik commented #447
  • Aug 02 13:38
    scenaristeur commented #447
  • Aug 02 12:34
    timbl commented #447
  • Jul 28 16:33
    csarven reopened #409
  • Jul 25 12:15
    elf-pavlik commented #447
  • Jul 22 15:50
    justinwb assigned #447
  • Jul 22 15:50
    justinwb opened #447
  • Jul 06 14:22
    csarven commented #224
Jeff Zucker
@jeff-zucker
interop folks - how is the exclusivity of an AuthorizationAgent enforced? If I have an old-style app with write perms on the whole pod, what is to prevent me from writing stuff only the AuthAgent should write to? Does the AuthAgent, the first time it is invoked go through and create .acls for itself?
What's then to prevent an app with Control from re-writing those?
elf Pavlik
@elf-pavlik

We are still polishing details. I see it in the following way:

  1. Authorization Agent creates Access Consents and based on them generates Access Grants
  2. Authorization Server (associated with given Resource Server) can access Data Grants applicable to given RS and based on them sets ACRs/ACPs/YouNameIt-s

In that case Authorization Server associated with Resource Server (RS would advertise it via as_uri in WWW-Authenticate would be the exclusive party to create ACRs/ACLs/...

This doesn't require anything like acl:Control access mode at all, the association between AS and RS is pre-established.

With this approach, Access Consents would be the single source of truth, Access Grants are derived from those by AA, and ACRs/ACLs/... are derived from Data Grants by corresponding Authorization Servers.

Introducing another source of truth can lead to various issues, policies set directly in ACRs/ACLs could be easily overwritten.

I think we could have different approaches coexisting but preferably in different storages, solid/specification#377 could possibly address it as well, where one storage type would be AS managed and another could allow raw ACP/WAC/YouNameIt policies.
We have been diving into that during Wednesday AuthZ calls and I expect we will continue working things out during next weeks.

The approach discussed above has the advantage of only AS and RS needing to agree on ACP/WAC/YouNameIT, clients (apps) only need to understand Data Grants (read-only), and Access Needs. Authorization Agent stays responsible for dealing with most interop nuances and it would rely on AS to set policies on RS based on Data Grants (also read-only for AS)
Jeff Zucker
@jeff-zucker
So basically there would be old-style storages and new-style storages and never the twain shall meet ? Only old-style apps can access the former and only new-style can access the latter? That does not seem workable to me.
I would like to come to your meetings but am really swamped for the next few weeks.
elf Pavlik
@elf-pavlik

What's then to prevent an app with Control from re-writing those?

I see many problems with letting clients (apps) set policies. User should be able to manage all policies from one place they have full confidence with, in interop it's their Authorization Agent

Regular clients (apps) shouldn't force people to set any access policies with them, instead, they should initiate flow with AA and let user do those very specific and security-critical access decisions there.
Jeff Zucker
@jeff-zucker
That's fine for new-style apps, is your suggestion that the entire existing ecosystem of apps just go away?
Jeff Zucker
@jeff-zucker
I agree that Control should only be granted to one or a very few apps (e.g. SolidOS and Penny in the existing system)
elf Pavlik
@elf-pavlik
We have related issue: solid/data-interoperability-panel#237
Fred Gibson
@gibsonf1
A quick slightly unrelated question: any request that comes into a solid server with an ip-address as server name is almost guaranteed a hacker, and its in the nature of solid that DNS is always required, so I was just trying to think what would be the best code to throw at an ip address, 404, 403?
Sarven Capadisli
@csarven
Personally, I would only block (403) IP addresses that I know or well-known to be acting outside of the terms of my service.
Fred Gibson
@gibsonf1
This is in the sense of a request coming into the server using an ip address instead of a DNS request (not the origin), like 5.161.48.158/profile/card instead of https://frederick.trinpod.us/profile/card
Feb 15 20:04:36 make trinity[842703]: 103.203.57.25 - [15/Feb/2022:20:04:36 +00:00] "GET 5.161.48.158:/ HTTP/1.1" 200 2528 "-" "HTTP Banner Detection (https://security.ipip.net)"
I guess something like this scanning / with ip could be ok, but this is for sure a hacker:
Feb 15 20:03:17 make trinity[842703]: 45.146.165.37 - [15/Feb/2022:20:03:17 +00:00] "POST 5.161.48.158:/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
So maybe the rule would be any non / request by an ip address should get 40?
Fred Gibson
@gibsonf1
But good point, 404 unless it for sure is violating TOS
Jeff Zucker
@jeff-zucker
Also for a hacker 404 is "try the next thing" and 403 is "what can I do to get that"
Fred Gibson
@gibsonf1
Ahh yes, people want what they cant get. I was also trying, for true hackers, to send no reply or something like that
But then I would have to reserve a thread for hackers where the request is sent to die and timeout the other side
Sarven Capadisli
@csarven
A request can be forbidden (403) for any reason.
Kjetil Kjernsmo
@kjetilk
Feb 15 20:03:17 make trinity[842703]: 45.146.165.37 - [15/Feb/2022:20:03:17 +00:00] "POST 5.161.48.158:/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
Those are cute... I see lots and lots of them impinging on my servers too. That's why I think it is important to have a processing step ahead of anything heavy that can reject stuff like that
Fred Gibson
@gibsonf1
:thumbsup:
I added this function at the top of all routes:
(defmethod reject-ip-request ()
  (when *request*
    (let ((server (request-server-name *request*))
      (path (request-uri *request*)))
      (when (or (not (stringp server))
        (not (stringp path))
        (and (?ip-address server)(not (string= path "/"))))
    (throw-code 404)))))
So if an IP request comes in for anyting other than /, 404
Sarven Capadisli
@csarven
@kjetilk , welcome to the W3C Solid CG! Here are some issues...
Sarven Capadisli
@csarven
Mathlouthi Khaled
@odaper
Hello, I'm joining the SOLID community and I'll contribute to this great idea, but I still have some questions: if my company will have its own POD that will hold all confidential data of its employees, the risk of cyberattack is higher than before right? because today my company have multiple databases by application like HRPortal, Intranet...etc if they will be moved to one place I think that the risk will be higher, what do you think?
sjoertrix
@sjoertrix:utwente.io
[m]
Interesting question. When you have stuff with 10 suppliers, the risk of getting hacked might be 10x. And you don't have much control about security, country or policies.
With Solid it is easier to be in control of your data, you decide where you leave your data. You could choose to leave some HRdata with a different Solid supplier, but you have the option to store your data where you choose.
1 reply
This question might be more appopriate in the general solid chat.
Mathlouthi Khaled
@odaper
Hello, why the RDF/XML should be used to read/write data in the POD instead of JSON-LD? our Stateless apps today are using JSON so I think that moving to RDF via REST API may create a breaking change in the existing web apps and migrating to SOLID PODS will be complicated. I support the idea of SOLID and I'll contribute to this great project but for now I'm trying to understand and identify the problems that we may face in the future. Many thanks for your answers
Sarven Capadisli
@csarven
@odaper RDF/XML is not required by the Solid Protocol. Where did you come across that information?
9 replies
Sarven Capadisli
@csarven
:bell: Daylight saving time changes up ahead... everyone get abacuses out.
Kjetil Kjernsmo
@kjetilk
OMG!
Sarven Capadisli
@csarven
@/all I propose that we communicate all CG meetings using UTC throughout the year. We let anyone/state observing daylight saving time adjust to it as they need to.
Kjetil Kjernsmo
@kjetilk
:+1: yeah, that makes sense since we're out of sync every now and then
Sarven Capadisli
@csarven

It'd be great to keep current panels at the same time slot. I'd suggest 14:00 UTC... Keeping the following in mind:

Operating principle for effective participation is to allow access across disabilities, across country borders, and across time. Feedback on tooling and meeting timing is welcome.

https://github.com/solid/specification/blob/main/meetings/template.md#participation-and-code-of-conduct

Kjetil Kjernsmo
@kjetilk
:+1: I suppose each panel should find their own time slot, but setting the time in UTC to not make it dependent on various daylight savings time and stuff is good
Aaron Coburn
@acoburn

The Authentication Panel has been incubating the Solid-OIDC specification for the last several years. Today was an important milestone in that the panel has voted to promote Solid-OIDC from a purely "editors draft" document to a Community Group Draft: roughly equivalent to a FPWD. A repository tag was created with the version number of this draft. This is all in preparation for a summertime target of ~CR status.

At present, the Solid-OIDC draft specification is available at https://solid.github.io/solid-oidc/ via a GitHub pages workflow. I would like to discuss how we can start moving these drafts into the https://solidproject.org/TR/ namespace, presumably under oidc. Ideally, we will have an automated process via GH, but for now a manual process should suffice.

What would be the best way to proceed here?

Jeff Zucker
@jeff-zucker
Congrats on and thanks for the work!
Justin Bingham
@justinwb
huge milestone - great work
Sarven Capadisli
@csarven

@acoburn If you'd like to publish the CG-DRAFT at https://solidproject.org/TR/solid-oidc and https://solidproject.org/TR/2022/solid-oidc-20220328 (with links referring to each other and possibly including links to the ED) then please make a PR of the final HTML and scripts/media to the solid/specification repository .

On a related note, you may want to note solid/solid-oidc#98

Justin Bingham
@justinwb
@acoburn the current mechanism is automated in that whatever is committed into solid/specification is published to the corresponding github pages for that repo, which is then in turn proxied (via rewrite) from /TR/
(note that alain, jackson, and i have been working on a project to migrate solidproject.org to CSS (nearly done), at which point we’ll move on from the proxy/rewrite to direct deployment)
Sarven Capadisli
@csarven
@acoburn The table in the document at TR/ can also be updated with the new information. Let me know if you'd like to go ahead with that or wait for the publications of the CG-DRAFT under TR/
Aaron Coburn
@acoburn
Thanks for the pointers -- I'll start with a PR to the specification repo. If it's easy to also update the TR/ table at the same time, I will do that; otherwise, I'll do this in two steps
Kjetil Kjernsmo
@kjetilk
Great work, @acoburn !
I'm looking forward to review it