node-solid-server icon indicating copy to clipboard operation
node-solid-server copied to clipboard
verified publisher icon nodeSolidServer

Track who is the pod owner and allow them always control access.

Open michielbdejong opened this issue 5 years ago • 12 comments

So you will be able to write protect a file still and even stop yourself reading it but you will always be able change that back.

See https://gitter.im/solid/chat?at=5f866ebe78d7f20c9faac119

michielbdejong avatar Oct 14 '20 07:10 michielbdejong

  • https://github.com/solid/specification/issues/197#issuecomment-699937520
  • https://github.com/solid/specification/issues/197#issuecomment-699942808
  • https://github.com/solid/specification/issues/153#issuecomment-624630022

csarven avatar Oct 14 '20 07:10 csarven

Thanks for the links! But those are all proposed spec changes that haven't happend yet.

I'll implement it using the current spec.

And that's easy in this case, because only the pod server itself needs to know about this. In NSS it's always clear that the pod owner is either https://example.com/profile/card#me (for everything under https://example.com/, in single-user mode) or https://username.example.com/profile/card#me (for everything under https://username.example.com/, in multi-user mode).

michielbdejong avatar Oct 14 '20 08:10 michielbdejong

@michielbdejong I am personally in agreement with your choice for the current spec. The owner should be the one allowed to delete the pod. Can it be a different webId ? I dont know with the actual spec.

bourgeoa avatar Oct 15 '20 19:10 bourgeoa

Does this choice works for pod used has a storage extension ?

bourgeoa avatar Oct 15 '20 19:10 bourgeoa

@michielbdejong Is Control enough ? I suppose what is needed is ReadwriteControl.

But in that case the owner is always authorized for the resource (folder, file).

I think that the expectation is a bit different. To have the owner have always access to ACL only. A kind of back door to access the key to the front door.

bourgeoa avatar Oct 16 '20 09:10 bourgeoa

Yeah, if you have only Control then you can at least bootstrap yourself back into ReadWriteControl.

I don't have a lot of bandwidth for work like this at the moment, but it's good to have this issue documented in case one of us has some more time on their hands, e.g. on a Friday afternoon. :)

michielbdejong avatar Oct 20 '20 14:10 michielbdejong

@michielbdejong friendly amendment: "So you will be able to CONTROL protect a file still and even stop yourself reading it but you will always be able change that back."

So if you are the owner of the pod , you will always be able to change the ACL. That doe NOT mean you will always automatically be able to read and write: you may have to change the ACL first. So you will still be able to protect yourself from reading or from writing files. But you will be able to change it back.

timbl avatar Apr 29 '21 21:04 timbl

(To not confuse this issue with the questions about how the you can find the owner of the pod from a given resource in the pod -- that requires more specification and is much less urgent)

timbl avatar Apr 30 '21 09:04 timbl

https://solidproject.org/TR/protocol#storage :

The root container (pim:Storage) MUST have an ACL auxiliary resource directly associated to it. The associated ACL document MUST include an authorization policy with acl:Control access privilege.

csarven avatar Apr 30 '21 10:04 csarven

This issue is getting out of hand. We have the title saying one thing, the first comment is about something else .. then we are talking about what Control entails.. and above I pasted how to persist root ACL + Control.

Control is only about the ACL resource.

csarven avatar Apr 30 '21 10:04 csarven

@timbl @csarven Taking this in consideration

The root container (pim:Storage) MUST have an ACL auxiliary resource directly associated to it. The associated ACL document MUST include an authorization policy with acl:Control access privilege.

and returning to ACL resource only, I have a proposal for discussion, avoiding the owner problem.
Consider that anyone with Control in root ACL

  1. has Control on all pod's acls
  2. has Control only if there is no Control access in an acl (this is a fallback not to all situation - the webid in acl might not exist anymore).

bourgeoa avatar May 01 '21 11:05 bourgeoa

There is now a PR that introduces the "owner" concept and requirements: https://github.com/solid/specification/pull/264 . The outcome of that PR should address this issue and be implemented in NSS. The key thing to note here is that owner will have implicit control access to ACL resources. Owner can't remove its own control access or give owner privileges to someone else through ACLs. If the owner wants to perform read-write operations on ACL resources, it will always be allowed. The owner can indeed set authorization policies without allowing itself read-write on a resource. Since it has implicit control, it can always allow itself read-write.

csarven avatar May 20 '21 07:05 csarven

closed with https://github.com/nodeSolidServer/node-solid-server/pull/1604

bourgeoa avatar Apr 15 '23 09:04 bourgeoa