Bootstrapping a shared folder from an app without giving all access to this app

Hello

We are currently investigating the possibility of using SOLID for an enterprise application. More specifically, we are looking to use SOLID to allow our customers to choose what data they share with the company.

To do this, our first step is to create a shared folder on the customer’s pod, with read-write access for the customer and read-only access for the company. To make it easier for them (our customers are not necessarily SOLID experts), we would like to create this folder automatically from our application on their pod.

However we do not see how to do this without the client having to give our application the rights of “CONTROL” (modification of accesses) on the whole pod (see picture below).

The only solution we have in mind to get around this problem is to use a separate application from the main application, in which the client would have enough confidence to give it “CONTROL” rights, and which would be limited to the creation of the shared folder with the appropriate access rights.

Thus, the client does not need to give “CONTROL” rights (modify access) to the main application.

Has anyone ever encountered this problem ? Do you see alternative solutions?

Ideally, the best would be if more fine-grained rights are possible at the application level.

1 Like

I also would like to know how the data is partitioned. I think I asked this some years ago :stuck_out_tongue: How data is partitioned?

@acailly - There is work being done on app launchers - things that would handle some of the bootstrapping. It is also possible to create ACL permissions per Container or per Resource (in the .acl file rather than in the profile trustedApp section). You’d still need Control permissions to create the .acl - there’s no way around that : you need Control to give or take away Control.

@cristianvasquez - the Solid spec has little to say about file systems, databases, etc. Those are implementation details that are expected to vary between implementations. What remains constant is the concept of containment.

1 Like

Thanks @jeffz
I saw the launcher proposal in the authentication panel github repo, and also saw it mentionned in some issues in the solid-nextcloud repo, do you have more info about this subject?

I’ve been meaning to play with the Nextcloud version but just haven’t had the time. Take a look at the first two items on this list -Search · solid app-launcher · GitHub. The first is Inrupt’s and I have no idea what phase it is in. The second is the Nextcloud version which Yvo on the project kindly pulled out as a stand-alone thing.

1 Like

Thanks again @jeffz
I was not aware of GitHub - ylebre/solid-app-launcher: Experimental standalone version of the Solid app launcher, will take a look :slight_smile: