I’m trying to build a feature where a user can request access and permissions to another user’s pod, which the second user can later review and approve/deny. I see that inrupt has some libraries that do this: @inrupt/solid-client-access-grants API Documentation — Inrupt solid-client-access-grants Documentation
However my understanding is that these libraries only works with ESS. Is there a way to do the same thing with CSS, or a solid pod generally?
The access grants feature is an experimental API only in ESS.
To emulate this somewhat in CSS and NSS, I would imagine you would need your webID document to have a link to a public “inbox” where anyone can send a request. You could then build an app that shows the content of these requests and if you approve it, then it allows that user to read some data by updating the security policy with an associated resource.
3 Likes
Yeah that’s kind of what I imagined doing too if there wasn’t a standard. However, rolling our own access grant system kind of implicitly means it won’t be interoperable with other apps. Was hoping to avoid that, but it may not be possible rn.
I wouldn’t worry about that too much at this point. From my point of view, Inrupt is doing the same thing with their experimental API since it doesn’t work with other SOLID compliant servers. I’m not sure if the Inbox proposal was finalized, and I don’t remember the link, but I Do believe an Inbox in your webId is something you are allowed to do. If you make a popular inbox request ontology and make it public, it could become the standard way.
3 Likes
You should check out the Solid Notifications Protocol. It is AFAIK the closest we have to a standard way to communicate with a pod owner and is (I could be wrong) in the latest CSS. That is the communication/notification part, for the access grant part , one option is the Interoperability Specification,.
4 Likes
Ah ok. The interoperability spec does have a few notes on how to handle access grants. I’ll give that a go. Thanks!
There is also the Event Notifications protocol we are working on. A pod owner could e.g. send an AS2 ‘Offer’ to another pod owners inbox that can ‘Accept’ or ‘Reject’ this and update the access rights. This could result in an ‘Announce’ notification to the original requester informing the access was granted.
This Event Notification protocol is currently also implemented in non-Solid use-cases e.g. COAR Notify to communicate between institutional repostories and peer-review systems. And this will also be part of DataVerse the open source software that is used for research data (with simular use-cases as this one).
4 Likes
And now there’s also this proposal : GitHub - CxRes/per-resource-events: A minimal notifications protocol built on HTTP,
2 Likes
Would it already be possible to use the java client library from Inrupt to handle access requests and grants between a solid client app and a locally running CSS? Or does this still only work with the ESS?
If the latter is the case, what would you need in your client app to realize read access to the resources of the different pods stored on the CSS? And this could maybe be a stupid question but does the client app need to have an account on the CSS itself (so it can instantiate a session for the SolidClient class) in order to communicate with the pod-owners on the CSS?
Thanks in advance!