Authorizing Solid Applications

and related security and privacy considerations.

User-centric approach to applications

Email is even older The Web and it is still one of the most prevalent technologies. Besides freedom to choose which email provider's mail server we use, SMTP and IMAP allow us to choose freely which email client we want to interact with. Each user can even use different email clients on their different devices. One of the main promisses of Solid is to provide similar freedom to all our interactions online.

Challenges of loose coupling

Open ecosystem comes with additional complexities compared to walled gardens.

Third parties
Applications are not part of your social graph, they are just tools used by you and your peers.
Discovery
Applications need to be able to find relevant data which user authorized them to access. No additional protected information should be disclosed.
Distributed data
Users access their data and data their peers which was shared with them. Every peer can host data on multiple servers. User's need to be able to define policies for their applications and apply it everywhere.
Terms of use
When user authorizes access, they may want to set specific conditions on how application provider may and may not use that data.
UX
Users need to be able to make authorization with confidence, especially when authorizing access to data of other peers in their social graph.