Security Advisory: May 15, 2020

A security advisory has been issued for the Node Solid Server and the existing client libraries. For steps on remediating these defects, please see a copy of the advisory at https://inrupt.com/security/advisories.

Thank you,

Osmar Olivo

2 Likes

Hi, is it the same thing as User token and security - why SOLID server does not include the origin of the requester in token? ?

2 Likes

Hi, is it the same thing as User token and security - why SOLID server does not include the origin of the requester in token?

It’s a separate security advisory informing the community about a change to the token structure that’s coming to the authentication spec in the near future.

The origin requester has not yet been solved, but we will be rolling out a solution to it in the future.

For more details and to join in on the disucssion on tokens and auth, join the auth panel calls at 10 eastern every monday (https://github.com/solid/authentication-panel)

3 Likes

Hello, will you update https://github.com/solid/webid-oidc-spec/blob/master/application-user-workflow.md too? I can already spot a difference from https://github.com/solid/authentication-panel/blob/master/oidc-authentication.md : the client header (authorization: Bearer vs DPoP:).

1 Like