Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need clear specifications of POD access and usage controls #180

Open
sproffer opened this issue May 4, 2020 · 1 comment
Open

Need clear specifications of POD access and usage controls #180

sproffer opened this issue May 4, 2020 · 1 comment
Labels
doc: Ecosystem doc: Web Access Control topic: explaining the vision

Comments

@sproffer
Copy link

sproffer commented May 4, 2020
edited
Loading

Do we want to provide users choices for what data to share, and how the data can be used, in much granular level?

Several of current Solid apps have "all or none" approach for access requests, the app prompted me to grant the app permission to "Edit data", or the app wouldn't run. This is essentially the same as Today's smart-phone apps installation process, it would prompt users to acknowledge permissions to access "your contact", "your storage", "your camera", etc., if you don't agree, you cannot install this app. There is no other choice for users if they "need" this app, this is just to inform users what data will be shared.

Take a hypothetical app for movie recommendation, it requires read-access to a list of movies you watched and your friends list. So the app would recommend movies based on what you have watched, and also what your friends watched (so you and your friends will have common topic).

This example presents several questions:

  1. Can a user get the app running, without granting permission to access friends list?
    I don't want to share my friends list, just give me recommendation based on my past movie history.
  2. When granting permission to access friends list, it is not clear how my data is going to be used?
    I may not want the app to share all my movie list with all my friends, but by granting permission of accessing friends list, it allowed the app to do just that, the implication I may not realize.

So, if we address privacy concerns, we would have to give users choice on what to data to share or partial share; on this subject, users might not remember what data they have, a clear view of what data they have, and even allow users clear it out: https://myactivity.google.com/myactivity would be very helpful. As for how the data is going to be used, we should have a standardised specifications, this sometimes is more of the concerns than the shared data itself.
@kjetilk
Copy link
Member

kjetilk commented May 25, 2021

Indeed, Solid currently has a resource-centric view (or document-centric, if you will) of access control, but it means that as a developer, you should be careful to split different data up in chunks, so that you would have one resource for a movie, one resource for a friend list, one resource (a container) for all the movies, etc. Then, you'd assign privileges to each of these resources. Again, it is very much up to the developer to design a good UX around that.

@csarven csarven mentioned this issue Nov 25, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
doc: Ecosystem doc: Web Access Control topic: explaining the vision
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kjetilk @sproffer