- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 22 Apr 2025 17:38:28 +0200
- To: Virginia Balseiro <info@virginiabalseiro.com>
- Cc: public-solid@w3.org
- Message-ID: <CAKaEYh+8X6tQP7BGEcYfK-8muc6OYALZfhRoop0NDod=8dL0Hw@mail.gmail.com>
út 22. 4. 2025 v 17:32 odesílatel Virginia Balseiro < info@virginiabalseiro.com> napsal: > Hi all, I want to ask a potentially silly question about Solid-OIDC :) > > AFAICT, with static registration, clients need to be very aware of IDPs, > registering themselves statically (read: manually) on a particular > "broker" service. This means it is not particularly scalable for a > decentralized ecosystem. > > Dynamic client registration is perhaps more suitable for a decentralized > ecosystem, but the benefits in terms of security seem marginal since any > client can register themselves dynamically. > > In addition, there have been conversations (and there might have been > implementations) about potential restrictions of certain operations > and/or certain resources to particular clients means that users will > need to contact / request their RP / service providers to allow a > certain application that they prefer / trust. > > These approaches sound for sure very secure, but doesn't seem to align > to the promise of individuals having the "autonomy" that Solid is > supposed to offer. > > I may have misunderstood some of the technical details but it seems to > me (Solid-)OIDC's model isn't particularly fitting for Solid. My > question is, how would this be reasonably usable and scalable in a > decentralized / open ecosystem? > Hi Virginia, Not a silly question at all — it’s a really thoughtful one! Just to add a note: Solid-OIDC is only one option for authentication in Solid. Before it came along, we had WebID-TLS, which leaned more toward decentralization (albeit with its own quirks). Over in the Nostr CG, we’ve also been exploring a different approach to decentralized auth that I believe could scale beautifully. It’s called HTTP Schnorr Authentication — simple, elegant, and grounded in cryptographic identity: https://nostrcg.github.io/http-schnorr-auth/ Still early days, but exciting directions ahead! Best, Melvin > > Cheers, > > Virginia > https://virginiabalseiro.com/#me > > >
Received on Tuesday, 22 April 2025 15:38:45 UTC