- From: Paul Tyson <phtyson@sbcglobal.net>
- Date: Wed, 23 Apr 2025 19:42:58 -0500
- To: public-solid@w3.org
On 4/22/25 10:30, Virginia Balseiro wrote: > Hi all, I want to ask a potentially silly question about Solid-OIDC :) > > AFAICT, with static registration, clients need to be very aware of IDPs, > registering themselves statically (read: manually) on a particular > "broker" service. This means it is not particularly scalable for a > decentralized ecosystem. > > Dynamic client registration is perhaps more suitable for a decentralized > ecosystem, but the benefits in terms of security seem marginal since any > client can register themselves dynamically. > > In addition, there have been conversations (and there might have been > implementations) about potential restrictions of certain operations > and/or certain resources to particular clients means that users will > need to contact / request their RP / service providers to allow a > certain application that they prefer / trust. > > These approaches sound for sure very secure, but doesn't seem to align > to the promise of individuals having the "autonomy" that Solid is > supposed to offer. > > I may have misunderstood some of the technical details but it seems to > me (Solid-)OIDC's model isn't particularly fitting for Solid. My > question is, how would this be reasonably usable and scalable in a > decentralized / open ecosystem? Virginia, would OIDC Self-Issued OpenID Provider [1] address your concern? It was suggested for inclusion in Solid-OIDC [2], but it doesn't look like anything came of it. Regards, --Paul [1] https://openid.net/specs/openid-connect-core-1_0.html#SelfIssued [2] https://github.com/solid/solid-oidc/issues/91 > > Cheers, > > Virginia > https://virginiabalseiro.com/#me > >
Received on Thursday, 24 April 2025 00:43:12 UTC