I am planning a webapp and chrome extension to store securely my information for auto-fill forms on browsers instead of allowing browsers to do the work or do it manually every time. The system is intended to be, of course, secure…and paranoid ! So plan on hosting my own server side storage to be accessible from anywhere. It makes sense also that other people use it too. In investigating possible tech uses I came across solid project. I have no knowledge of the system and I understand still young and not sure if it makes sense to use it ! I am looking here for advice.
1- Is the project mature enough beyond experimental application i.e real life application like the one described ?
2- Do you think solid can fulfil the requirement ?
3- Do you see risks and shortfalls using solid pods for user data storage ?
Hi Heithem, I too am investigating the Solid Project. One thing that helps me make choices here right now is the guarantee I can pack up and move at any time. So I am going to start small with a managed provider playground. My own server side storage will be the goal though. I thought there would be more of a discussion type forum for new users. There must be a surge of us after Tim Berners-Lee’s latest book??
–
Alar
I thought there would be more of a discussion type forum for new users.
In addition to this forum (in which you are welcome to ask any questions) a lot of discussion goes on in the matrix chat channels and in the community group virtual meetings. I invite you to the Practitioner Group which holds regular discussion meetings online and also coding session focusing on mentoring, skill sharing and networking. More info on the meetings and chatroom are available here - GitHub - solid-contrib/practitioners: A hub for Solid developers
Hi Heithem, your use case is actually a really solid fit (pun unavoidable) for this stack. A few answers to your three questions:
1. Mature enough for real-life use?
Yes, with caveats. The Solid protocol itself (authentication via OIDC/DPoP, resource storage via LDP) is stable and well-specified. Community Server (CSS) is the main actively-maintained server implementation. The tooling around it, client libraries, auth helpers has stabilised significantly over the last two years. It’s past “experimental” for the kind of app you’re describing: structured personal data, single user or small group, self-hosted.
2. Can Solid fulfil the requirement?
A browser extension storing form-fill data in a pod is a natural fit. You authenticate once via the user’s WebID, then read/write to pod resources from the extension using the Solid fetch API. The user owns the storage endpoint, so they can self-host or use a managed provider. That’s exactly the “accessible from anywhere, I control it” model you described.
For the sensitive security angle specifically: standard pod ACLs protect against unauthorised access, but the server operator can read the data. If you want true zero-knowledge storage, where the host cannot read the contents even in a breach, client-side encryption is now practical. We built @privatedatapod/vault-sdk for exactly this: AES-256-GCM encryption in the browser before anything hits the server. The source is on GitHub and it works against any Solid pod, not just ours.
3. Risks and shortfalls?
The main ones honestly:
The app ecosystem is still small, you’ll likely be building your own client rather than integrating with existing tools
Key management UX requires thought if it’s going to be used by non-technical people
Self-hosting a CSS instance requires more ops work than a managed provider
If you want to try before committing to self-hosting, privatedatapod.com lets you spin up a pod in 30 seconds to prototype against.
@Heithem I’ve got a proof-of-concept cross-browser extension that connects to a Solid pod.
It needs some cleanup before I can publicly share it but, if you’re interested, I can give you private access.
I think @pod42 makes some excellent points, although I disagree with
You’ll likely be building your own client rather than integrating with existing tools
We’ve been working on various client adjecent tools to make our (and other developer’s) life easier.
I can provide some example code for interacting with Solid in the browser using @muze-nl/metro-oidc (if you need low-level control), @muze-nl/metro-oldm (if you want control over the data side of things but don’t want to deal with all the auth stuff), or @muze-nl/jsfs-solid (if you want something that “just works” out of the box).
! So plan on hosting my own server side storage to be accessible from anywhere. It makes sense also that other people use it too. In investigating possible tech uses I came across solid project. I have no knowledge of the system and I understand still young and not sure if it makes sense to use it ! I am looking here for advice.