New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting access to the private data of the user's POD #247
Comments
Hi there! Yes, that is a very interesting and relevant use case, but we do not have that capability at present. I haven't studied it in detail, though I have been thinking about it for some time too. I imagine one approach that identity providers could use is to issue any number of WebIDs the user may like and with customizeable attributes to be shared. So, you might have one URI that you share with those who you'd like to know you, and you generate new WebIDs for other sites. Only you and your POD Provider would know that this is actually the same person, but you could potentially have the attributes you shared be verified. Like, for example, with one peer, you just share your age, so only your age is available when that WebID is dereference. I think this is a topic we will need to work on. |
Hi ! It's all about sharing data without sharing my personal URI, as the objective (as I understand) of the Web3.0 is not supposed to ban any kind of data sharing, but rather protect the privacy. It's just my premature reflexion. I need to read more on the current documentation of SOLID to understand in which way this mechanism could be included. Best regards. |
The way I understand it, the Web URI is really an identifier for the POD, and not the user. The users authenticate to claim ownership of the POD. If the ability to migrate our PODs to a different provider was offered, this implies that our POD address would have to change also. Why not decouple Identity and POD such that the POD can have N number of aliases and thus the identity would not be exposed (from your Use Case above). The Identity would claim ownership of the POD, but you would not be able to trace the Identity if the 3rd party app only knows the POD's alias. Obviously there must be a registry of Aliases to physical location for the PODs, in the good spirit of decentralization, perhaps a blockchain ledger might be the best option. |
That's an interesting use case indeed. What if (BIG IF) the movie recomendation service need to autheticate (like an OAuth) so that the requests to your POD could only be fired from that specific domain? Does that make sense? |
I'm just new to the paradigme of Web3.0 and Solid/Inrupt.
I'm very excited, and I support this design of decoupling user data and services.
I've understood that it belongs to the user to choose which private POD data he will accept to share with which service.
However, I have a question: what if a service needs to access this private POD data, and the user accept to do it, but anonymously (i.e in a manner that the service will not be able to dereferenciate the user later and keeping storing the user data (we want to avoid re-centralization of user data, doesn't it ?)).
For exemple, I store my favorite movies in my private POD space, and I wish to subscribe to a Movie Recommender System which needs to know my preferences. Ideally, I want to share my preferences to this Recommender system, but without giving him my URI (e.g. mohamed.inrupt.net), and avoid any possibility that this service can associate my preferences with my URI.
Is there anyway to implement this kind of design ?
Thank you !
The text was updated successfully, but these errors were encountered: