Newbie in SOLID with doubts

I’ve been reading about SOLID for the last weeks, and after many posts and forum discussions I still have some doubts regarding an app I would like to develop.

Greatly simplifying SOLID’s ecosystem, I see it as an environment (correct me if I’m wrong) where each WebID/account has access to a dropbox-like personal storage in which data is semantically annotated, and users use web applications to view, modify and connect that data in innotative ways.

That said, I would like to include some features that are facing some challenges (maybe from trying to bring my background as an old-school web developer to SOLID):

  • As a user, I can have my data spread through multiple PODs (one for photos, one for videos, one for text documents, etc). However, I access any SOLID app using only one WebID. Thus, is there any way to “link” all profiles between them so that the application can access all my data?
  • How does the idea of having admin profiles, or different profile roles, within an application make sense within SOLID? For example, imagine I have my homework essays stored in my POD, and I want my teacher to evaluate them. Would we be able to use the same app? As I understand, once we start using it, all profiles have the same “access and features level”. Would it be better to have one app for students (document writing) and one for teachers (access the documents and evaluate them)?

Thank you in advance :sweat_smile:

1 Like

You can do this by including a link in one profile to another, such as ‘sameAs’. Whether an app will follow such links and pull the information together will depend on the design of the app.

BTW you don’t need to have multiple pods for different kinds of data. You probably realise this, but I just want to clarify.

I’m not expert here so hopefully someone who understands permissions will read and answer more definitively, but I’m fairly sure you could do this and use the same app.

You would grant your teacher’s webid access to your essays rather than grant access to the app. Like adding them as a friend to a group - if you’ve been reading the discussion on how to implement groups.

Hope that helps. I can’t advise on how to do these things but if you need help some here should be able to.

3 Likes

As @happybeing already said, it’s possible. With ACL files you can specify permissions for files and folders. Folders can also specify default permissions which are inherited by contents. An example for a simple ACL file (from the spec):

# Contents of https://alice.databox.me/docs/file1.acl
@prefix  acl:  <http://www.w3.org/ns/auth/acl#>  .

<#authorization1>
    a             acl:Authorization;
    acl:agent     <https://alice.databox.me/profile/card#me>;  # Alice's WebID
    acl:accessTo  <https://alice.databox.me/docs/file1>;
    acl:mode      acl:Read, 
                  acl:Write, 
                  acl:Control.

The different level of permissions are:

  • Read (Can read the resource, e.g. GET requests)
  • Append (Can add new content or append to existing, e.g. POST a new notification to inbox)
  • Write (Can add/modify/delete content, e.g. replace a file with a newer version)
  • Control (Can modify all permissions for this resource, e.g. granting/revoking another person Read access)

The different actors you can specify are:

  • webId
  • group (afaik, a list of webIds stored in a separate file. Hence you could modify the group even if you only have Append/Write permissions to the group file)
  • authenticated (anyone who is logged in)
  • public

There’s also the possibility to specify trustedApps, but that’s probably not relevant to you.

So putting it together, you could do something like this:

  1. create groups for the different roles (Student, Teacher, Admin, etc)
  2. create some folders (submits, shared, public)
  3. set permissions for the folders (“Students can Append¹ to contents of the submits folder”, “Teachers can read, edit and delete contents of the submits folder”, “Admins can modify permissions of the submits folder”).

Finally, ACL files are also turtle files so you could use any program which works with turtle files to create/edit them. Also there would be several acl libraries which makes it easier to work with them. And if you don’t need to programmatically change permissions, you can just use the UI of the data browser.

(1) Regarding append, keep in mind that the students won’t be able to view or modify their submissions. If you want that it would probably be best to create one folder per student and give them write access to the contents of it.

5 Likes

And in case you didn’t find it already, I think that’s a good place to get started: https://solidproject.org/

It also has a list with tools and libraries, but I don’t think that it’s complete. If you don’t find something, just ask :))

I was just thinking about having multiple PODs per profile, not that my app will need to deal with this scenario, but just to know the implications of dealing with such an environment.

The owl:sameAs attribute was an idea I was thinking about to link those profiles together, but I imagine those profiles should grant access to the application individually.

1 Like

As a user, I can have my data spread through multiple PODs (one for photos, one for videos, one for text documents, etc). However, I access any SOLID app using only one WebID. Thus, is there any way to “link” all profiles between them so that the application can access all my data?

You can add multiple storages to your profile by using the http://www.w3.org/ns/pim/space#storage predicate:

@prefix sp: <http://www.w3.org/ns/pim/space#>.

:me sp:storage <storage1> ;
       sp:storage <storage2> ;
       sp:storage <storage3> .

In order to get something reasonably done, you would of course need to have CONTROL access to these storages as well. (Sidenote: In fact, anyone can claim that they any storage is theirs. The access controls will not give them any access for that reason though, the access is controlled through ACL resources - you might want to check out the WAC spec and the work of the Authorization and Access Control Panel.)

How does the idea of having admin profiles, or different profile roles, within an application make sense within SOLID? For example, imagine I have my homework essays stored in my POD, and I want my teacher to evaluate them. Would we be able to use the same app? As I understand, once we start using it, all profiles have the same “access and features level”. Would it be better to have one app for students (document writing) and one for teachers (access the documents and evaluate them)?

You could grant access to your teacher AND an app that you trust. If your teacher wants to access your (presumable private) resources with another app, they would have to request access from you first.

And yes, one of the important aspects of Linked Data is interoperability, so as long as the teacher app and the student app agrees on the vocabularies/ontologies and shapes to use, they can work on the same data without any problems.

3 Likes

Great info @A_A, thanks for the heads-up.

Will be looking into it and see if I have further doubts. Maybe checking the permissions I can also play with the UI presented to each “profile” (e.g., show students the “Submit assignment button”, whereas it remains hidden for teachers)

And if you come across any tools and/or libraries that you think should be included there, you can contribute them here :slight_smile:

1 Like