Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document attacks possible when WebID Document is hosted in a Solid Storage #3

Open
elf-pavlik opened this issue May 20, 2024 · 3 comments
Open

Document attacks possible when WebID Document is hosted in a Solid Storage #3

elf-pavlik opened this issue May 20, 2024 · 3 comments

Comments

@elf-pavlik
Copy link
Member

Solid-OIDC relies on solid:oidcIssuer delegation in WebID Document, SAI, similarly, relies on interop:hasAuthorizationAgent. Compromising any of them can lead to gaining owner-level access to all storage owned by the agent WebID denotes.

Prior discussion
@csarven
Copy link
Member

csarven commented May 21, 2024

There is also solid/solid-spec#106

After re-reading what you wrote above, are we saying the same thing: solid/solid-oidc#219 (comment) ? I mean the issuer origin. It is separate from the oidcIssuer value changing.

@elf-pavlik
Copy link
Member Author

Let's separate those two cases. Here, I only focus on situations where the WebID Document is compromised and the triple with solid:oidcIssuer gets changed.

@srosset81 srosset81 mentioned this issue May 27, 2024
Open
@elf-pavlik elf-pavlik moved this to Scheduled in Special Topic Meetings May 29, 2024
@elf-pavlik
Copy link
Member Author

We plan to discuss it next week on Tuesday https://www.w3.org/events/meetings/b277ff65-0aad-425e-bd1d-64758cd4547a/20240604T140000/

@elf-pavlik elf-pavlik mentioned this issue Jun 4, 2024
Merged
@VirginiaBalseiro VirginiaBalseiro moved this from Scheduled to Done in Special Topic Meetings Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Special Topic Meetings
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@csarven @elf-pavlik