top | item 31248780

(no title)

bduerst | 3 years ago

I haven't dived into the specs, but how does solid solve bad actors getting access to your pod?

Usually today your data is fragmented across platforms (so damage is reduced) which have centralized authorities who can step in and fix bad actor issues.

discuss

BaseballPhysics|3 years ago

Honestly, I'm gonna be super lazy and just quote the front page of the site:

> Anyone or anything that accesses data in a Solid Pod uses a unique ID, authenticated by a decentralized extension of OpenID Connect. Solid's access control system uses these IDs to determine whether a person or application has access to a resource in a Pod.

Of course, as a data owner, you could accidentally grant a bad actor access to your data, but presumably you can also revoke that access as well.

bduerst|3 years ago

But that's just it though - if bad actors gain control, you lose the ability to reject OAuth creds (which is what OpenID is). Things like social engineering or phishing of credentials, which happens at scale today.

They need a way to handle situations when bad actors take over, because other solutions handle this with centralized authorities who step in and rectify the issue.