top | item 31249136

(no title)

bduerst | 3 years ago

But that's just it though - if bad actors gain control, you lose the ability to reject OAuth creds (which is what OpenID is). Things like social engineering or phishing of credentials, which happens at scale today.

They need a way to handle situations when bad actors take over, because other solutions handle this with centralized authorities who step in and rectify the issue.

discuss

BaseballPhysics|3 years ago

I'm now confused by what you mean when you say "gain control".

Are you talking about literally exploiting a bug and hacking the underlying service that is providing access to the pod?

In that case, it's a question of who owns and operates the pod. Solid is conceived as a set of standards that can be implemented by either individuals, or by companies on behalf of individuals. Think "data ownership as a service".

So you can still have centralized entities that implement the spec and provide support and other services for users, including dealing with security incidents.

slkdk32|3 years ago

[deleted]