- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Mon, 27 Nov 2023 11:16:24 +0000
- To: Melvin Carvalho <melvincarvalho@gmail.com>, eric@alexandriaconsulting.com
- Cc: public-solid <public-solid@w3.org>
Hi. IMHO explainers should not be the place to develop new definitions, but to distil existing agreements into accessible text. An observation: https://solidproject.org/about which is the "official about Solid" page does not mention *anything* about individual's having sole control. It has "Each Pod is fully controlled by the Pod owner (i.e., you)." - which can mean either that the individual 'owns' as in manages the data in the pod regardless of how that pod is provisioned. This is compatible with the definition of 'owner' in the Solid spec https://solidproject.org/TR/protocol#terminology, which says "An owner is a person or a social entity that is considered to have the rights and responsibilities of a storage.". The spec states "An overarching design goal of the Solid ecosystem is to be evolvable and to provide fundamental affordances for decentralised Web applications for information exchange in a way that is secure and privacy respecting.". Further, the Privacy Considerations section does not contain any indication of data use/mis-use beyond the Pod - https://solidproject.org/TR/protocol#privacy-considerations. Hence my earlier statement that the community has to first agree on whether Solid is only a 'decentralised storage solution with access control' provided to the individual to 'manage their data' or more than that (which my suggested text reflected). On a personal note: I interpret statements in the past regarding Solid, such as Tim Berners-Lee's open letter https://www.inrupt.com/blog/one-small-step-for-the-web stating "Solid is guided by the principle of “personal empowerment through data” which we believe is fundamental to the success of the next era of the web. We believe data should empower each of us." - with the understanding that empowerment does not stop at data in the Pod but also continues when that data leaves the Pod which is seemingly at odds with the technical capabilities of Solid. Regards, Harsh On 27/11/2023 09:47, Melvin Carvalho wrote: > > > ne 26. 11. 2023 v 17:35 odesílatel Eric Jahn > <eric@alexandriaconsulting.com <mailto:eric@alexandriaconsulting.com>> > napsal: > > Melvn, > Thank you for the explainer synopsis. This sort of thing really > helps to keep us focused on the larger objective bringing us > together in this project. > > I have one suggestion to augment your proposed text. The statement > > Solid enables users to store their personal data in online data > stores, known as Pods. These Pods are controlled entirely by the > user, who can grant or revoke access to applications as desired. > > seems to eliminate the desire for "organizational" Solid pods from > the summary. > > I see organizational pods as sort of a multi-tenant solid pod, where > the individual does not control the entire pod, but the individual > does have a say in how their own data is allowed to be shared from > the organizational pod. This could empower consent-driven public > health and human services information exchanges, where some of the > data is not entirely accessible or controllable by individuals. > Individuals may requests removal of some sharing permissions, but > granting that request depends on the organization's policies, and > depends on the situation. For example, private sharing between > health care entities of an individual's COVID diagnosis or mental > health diagnoses may not be something an individual can completely > control, since this information may be in the interests of the > greater good to selectively share to other agencies. > > > Could we add the concept of "Shared Pods"? Could you suggest some text: e.g. > > Here is a draft text to explain the concept of Shared Pods in the Solid > framework: > > *Shared Pods in Solid > * > In addition to personal data stores, Solid introduces the concept of > Shared Pods, a collaborative data management solution that balances > individual autonomy with organizational responsibilities. These Shared > Pods are managed by organizations but grant individuals the ability to > define consent parameters for specific data sharing. > > This approach is particularly vital in domains like health and human > services, where data sharing, while partially controlled by individuals, > must also align with public interests and regulatory frameworks. In > Shared Pods, individuals may request modifications to sharing > permissions, subject to the organization's policies and the broader > context of data usage. > > > Organizational pods can lead toward complex and rule-driven, > computable consent-sharing mechanisms in health and > human services, as well as other domains. > > Is there a way we can include this concept in the Solid Project > concept, or does the group think this is too tangential, and should > be in a separate project that may or may not interoperate well with > the core Solid concept? > > Either open source arrangement is acceptable to me, but this > feedback will help me focus my efforts on the correct pathway for > open source participation. > > > You're speaking my language since im a huge fan of free and open source > software. > > Having started the community pod and helped to maintain it for a long > time, I can say it's right now a tough task. The main issue being that > the software and spec change in breaking ways, leading to bugs and a > high support burden. Any advances on open source governance models > would be a plus. > > > Thank you! > -- > Eric Jahn > CTO/Data Architect > Alexandria Consulting LLC > St. Petersburg, Florida > 727.537.9474 > alexandriaconsulting.com <http://alexandriaconsulting.com/> > WebID <https://alexandriaconsulting.com/files/eric_jahn.rdf#me> > > On Sun, Nov 26, 2023 at 10:57 AM Melvin Carvalho > <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> wrote: > > > > čt 23. 11. 2023 v 13:04 odesílatel Harshvardhan J. Pandit > <me@harshp.com <mailto:me@harshp.com>> napsal: > > Hi. > FWIW, I request that the language regarding 'privacy' be > broader than > 'access to data'. See suggestions below. > > On 23/11/2023 09:31, Melvin Carvalho wrote: > > *Data Management with Solid* > > Solid enables users to store their personal data in > online data stores, > > known as Pods. These Pods are controlled entirely by the > user, who can > > grant or revoke access to applications as desired. This > separation of > > data from applications allows for greater user autonomy > over their > > personal information. > > 1) "These Pod are controlled entirely by the user" - What > about cases > where Solid Pods are 'provided' to the user with ability to > manage data > but NOT manage the pod or move it to a different provider > etc. Or cases > where data may not be under the user's control i.e. they can > access it > but cannot manage it or only can approve specific > applications and not > others. Should such cases not be called 'Solid'? > > 2) "who can grant or revoke access to applications" - Pods > are about > controlling/managing data and the language should reflect > this. E.g. > "who can control the storing and usage of data by > applications". By not > using the line 'grant or revoke access' I am avoiding > reducing autonomy > to take it or leave it type situations based on solely on > access/gatekeeping. > > > > > Security and Privacy in Solid > > > > *Data Control and Privacy* > > One of Solid's key features is its emphasis on > user-controlled data > > privacy. Users have the authority to manage who can > access their data, > > enhancing privacy and data security on the web. > > > > Same as above, "users have the authority to manage who can > access and > how it will be used and shared with others..." - the "how it > will be > used and shared with others" is the key part to not just > stop at having > access to data but also managing the who and why aspects of > it being used. > > > Any thoughts on how the text could change? How about: > > "Data Control and Privacy > > A hallmark of Solid is its focus on user-directed data privacy. > This goes beyond simply managing access to data. Users possess > the authority not only to decide who can access their data but > also to determine how it is used and shared with others. This > expanded scope of control emphasizes the importance of > understanding both the "who" and the "why" in data usage, thus > enhancing privacy and data security on the web. This approach > aligns with Solid's vision of a more user-centric web > experience, where individuals have a significant say in the > lifecycle of their data." > > If you have some suggestions I can change the text. > > > Regards, > -- > --- > Harshvardhan J. Pandit, Ph.D > Assistant Professor > ADAPT Centre, Dublin City University > https://harshp.com/ <https://harshp.com/> > > -- --- Harshvardhan J. Pandit, Ph.D Assistant Professor ADAPT Centre, Dublin City University https://harshp.com/
Received on Monday, 27 November 2023 11:16:32 UTC