How is trust established across pod providers?

I’m investigating using Solid for a major development project, and the following question came up about the use of JWT in webids: If I create a webid for a user on Pod Provider A’s platform, and want to share pods with another user WebID that was created on Pod Provider B’s site, will that work? Do the pod providers share a secret allowing them to verify each other’s JWT tokens? Is this part of the Solid spec?

There are lengthy answers to your question here :
https://forum.solidproject.org/t/solid-pod-with-jwt-verification/. The short answer is : Any Solid Identity Provider can provide an app with a JWT associated with a given WebID that allows that app to act as that WebID.
Any Solid Pod provider the app contacts can recognize it as authenticated via the JWT and as belonging to that WebID and can therefore apply authorization restrictions accordingly. That is all part of the spec.

2 Likes