- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Mon, 27 Nov 2023 10:47:37 +0100
- To: eric@alexandriaconsulting.com
- Cc: public-solid <public-solid@w3.org>
- Message-ID: <CAKaEYhJmw7tGMM4LCmwK1tEt93JtE-2dKEw=6Ak+Xwt1dzf_hw@mail.gmail.com>
ne 26. 11. 2023 v 17:35 odesílatel Eric Jahn <eric@alexandriaconsulting.com> napsal: > Melvn, > Thank you for the explainer synopsis. This sort of thing really helps to > keep us focused on the larger objective bringing us together in this > project. > > I have one suggestion to augment your proposed text. The statement > >> Solid enables users to store their personal data in online data stores, >> known as Pods. These Pods are controlled entirely by the user, who can >> grant or revoke access to applications as desired. > > seems to eliminate the desire for "organizational" Solid pods from the > summary. > > I see organizational pods as sort of a multi-tenant solid pod, where the > individual does not control the entire pod, but the individual does have a > say in how their own data is allowed to be shared from the organizational > pod. This could empower consent-driven public health and human services > information exchanges, where some of the data is not entirely accessible or > controllable by individuals. Individuals may requests removal of some > sharing permissions, but granting that request depends on the > organization's policies, and depends on the situation. For example, private > sharing between health care entities of an individual's COVID diagnosis or > mental health diagnoses may not be something an individual can completely > control, since this information may be in the interests of the greater good > to selectively share to other agencies. > Could we add the concept of "Shared Pods"? Could you suggest some text: e.g. Here is a draft text to explain the concept of Shared Pods in the Solid framework: *Shared Pods in Solid* In addition to personal data stores, Solid introduces the concept of Shared Pods, a collaborative data management solution that balances individual autonomy with organizational responsibilities. These Shared Pods are managed by organizations but grant individuals the ability to define consent parameters for specific data sharing. This approach is particularly vital in domains like health and human services, where data sharing, while partially controlled by individuals, must also align with public interests and regulatory frameworks. In Shared Pods, individuals may request modifications to sharing permissions, subject to the organization's policies and the broader context of data usage. > > Organizational pods can lead toward complex and rule-driven, computable > consent-sharing mechanisms in health and human services, as well as > other domains. > > Is there a way we can include this concept in the Solid Project concept, > or does the group think this is too tangential, and should be in a separate > project that may or may not interoperate well with the core Solid concept? > > Either open source arrangement is acceptable to me, but this feedback will > help me focus my efforts on the correct pathway for open source > participation. > You're speaking my language since im a huge fan of free and open source software. Having started the community pod and helped to maintain it for a long time, I can say it's right now a tough task. The main issue being that the software and spec change in breaking ways, leading to bugs and a high support burden. Any advances on open source governance models would be a plus. > > Thank you! > -- > Eric Jahn > CTO/Data Architect > Alexandria Consulting LLC > St. Petersburg, Florida > 727.537.9474 > alexandriaconsulting.com > WebID <https://alexandriaconsulting.com/files/eric_jahn.rdf#me> > > On Sun, Nov 26, 2023 at 10:57 AM Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > >> >> >> čt 23. 11. 2023 v 13:04 odesílatel Harshvardhan J. Pandit <me@harshp.com> >> napsal: >> >>> Hi. >>> FWIW, I request that the language regarding 'privacy' be broader than >>> 'access to data'. See suggestions below. >>> >>> On 23/11/2023 09:31, Melvin Carvalho wrote: >>> > *Data Management with Solid* >>> > Solid enables users to store their personal data in online data >>> stores, >>> > known as Pods. These Pods are controlled entirely by the user, who can >>> > grant or revoke access to applications as desired. This separation of >>> > data from applications allows for greater user autonomy over their >>> > personal information. >>> >>> 1) "These Pod are controlled entirely by the user" - What about cases >>> where Solid Pods are 'provided' to the user with ability to manage data >>> but NOT manage the pod or move it to a different provider etc. Or cases >>> where data may not be under the user's control i.e. they can access it >>> but cannot manage it or only can approve specific applications and not >>> others. Should such cases not be called 'Solid'? >>> >>> 2) "who can grant or revoke access to applications" - Pods are about >>> controlling/managing data and the language should reflect this. E.g. >>> "who can control the storing and usage of data by applications". By not >>> using the line 'grant or revoke access' I am avoiding reducing autonomy >>> to take it or leave it type situations based on solely on >>> access/gatekeeping. >>> >>> > >>> > Security and Privacy in Solid >>> > >>> > *Data Control and Privacy* >>> > One of Solid's key features is its emphasis on user-controlled data >>> > privacy. Users have the authority to manage who can access their data, >>> > enhancing privacy and data security on the web. >>> > >>> >>> Same as above, "users have the authority to manage who can access and >>> how it will be used and shared with others..." - the "how it will be >>> used and shared with others" is the key part to not just stop at having >>> access to data but also managing the who and why aspects of it being >>> used. >>> >> >> Any thoughts on how the text could change? How about: >> >> "Data Control and Privacy >> >> A hallmark of Solid is its focus on user-directed data privacy. This goes >> beyond simply managing access to data. Users possess the authority not only >> to decide who can access their data but also to determine how it is used >> and shared with others. This expanded scope of control emphasizes the >> importance of understanding both the "who" and the "why" in data usage, >> thus enhancing privacy and data security on the web. This approach aligns >> with Solid's vision of a more user-centric web experience, where >> individuals have a significant say in the lifecycle of their data." >> >> If you have some suggestions I can change the text. >> >> >>> >>> Regards, >>> -- >>> --- >>> Harshvardhan J. Pandit, Ph.D >>> Assistant Professor >>> ADAPT Centre, Dublin City University >>> https://harshp.com/ >>> >> >
Received on Monday, 27 November 2023 09:47:55 UTC