I enjoyed very much the book ‘This is For Everyone’ and I was struck by a slight nostalgic tickle when Mr Berners-Lee mentioned early webpages inviting users to ‘sign the guestbook’.
I’m also much taken with the notion of Solid and users controlling their own information at the data layer (me myself, and API?), with apps being given read/write permission at the user’s discretion and not just existing in corporate silos.
To try and learn I integrated a tawdry ‘Solid guestbook’ on a website, if anybody has a moment and would please try to sign it and let me know if I’m making any obvious mistake, I’d be grateful. I’m having a feel around to see if I could contribute anything useful to the Solid project. Thanks.
(Obviously apologies for the web design, I was going for a hippy aesthetic, and much like Ned Flander’s mum’s hippy parenting, I tried nothin’ and I’m all out of ideas).
(I would’ve added that to the guest book too, but of course you only allowed a single message, fair enough.)
Edit: I also added a second message using the app Penny, just to demonstrate that restrictions enforced by the app aren’t enforced by the Pod, and thus can be circumvented by using a different app. Hope you don’t mind too much
Thank you, and thank you to the other ‘signees’ too, this is actually extremely helpful to my understanding, because I now realise that I’m not thinking decentralised and that what I should be doing is asking any signees to write to their OWN pod (through my code). It then behooves me as the developer/app to do the verification and co-ordination. I’m going to have a think about this, thank you so much.
You can have them write to your pod, but there are a few separate ways to handle data shapes that don’t conform to your application expectations.
Ignore weird graphs entirely. This could cause problems if someone posts large amounts of fake data.
Validate on load. Just query the things you need from the graphs in the pod. Same issue as above.
SHACL validation - the ActivityPods project uses this for some of their work. I haven’t dug too deeply into how they do it but I am guessing it may be able to be bypassed in a similar way by using a separate app.
trustedApp predicate in your ACL for the resource - this was a security solution at one point in Solid that meant only apps with the respected HTTPS uri could perform an operation against a resource. I am not sure if this is supported by CSS by default.
