The right location for a new app's data?


#1

Given that my browser based web-app has loaded the user’s profile document and read the value of pim:storage, which yields the root of my POD https://elfisk.solid.community … where should my app then store it’s data and what should it do to protect the data from other web-apps?

Example:

  • My web-app registers my pets and store data about each pet in it’s own document in a dedicated my-pets container.

  • My web-app lives at https://my-solid-pets.com which thus also happens to be the value of the Origin header the browser is going to send to my POD server.

Where should the my-pets container be located? Should it be https://elfisk.solid.community/my-pets/ or https://elfisk.solid.community/inbox/my-pet/ or what is the right “best practice” recommended location?

Data discovery by the user’s type registry is not going to work since this a new web-app and nobody has ever had a chance to make a registration.

The location should be private by default (protected from other users) and restricted to requests from https://my-solid-pets.com only. What should my web-app do to ensure this?

Thanks, Jørn


#2

I’ve had a couple of discussions with a lot of interesting people (se Demo app - RC flight logger and https://github.com/solid/solid-spec/issues/127) and come to these conclusions, at least about the location of data:

  • The application data is your data - not any specific app’s. For that reason the app-name should not be part of the URL.

  • The application state, preferences, currently selected item, sorting order and so on, is specific for the app and should have a URL that includes the app’s name.

  • The /public container name is misleading - you can put both private and public data there and control it with access control lists. I suggest using a more generic name. See https://github.com/solid/solid-spec/issues/129

  • DIfferent people want different structures for their data. The container structure is hierarchical and its impossible to find a structure that suits everybody. So let the user choose their own location.

  • Do check the type registry for a location first. See https://github.com/solid/solid/blob/master/proposals/data-discovery.md

  • If there is nothing in the type registry then select a suitable default location and let the user change it. Then register the user’s choice in the type registry.

  • Personally I suggest using /user/... for user data in general, something like /user/photos or /user/my-pets. But some people will prefer the root for user data if they think of their data as “important”. Myself, for instance, I use /rc-data for data about my radio controlled aircrafts.

  • Use /app/... for app-specific state data, something like /app/wonder-notes or /app/mega-slideshow.