Re: [Solid26: Implementation Guide] On Solid26 (WAC|ACP)

My feeling is that the main goals with respect to access control are that
we eventually have a single standard and that, in the interim, developers
are not faced with confusing choices.  It seems clear that the Community
Group wants this to be WAC and that Inrupt and ODI want this to be ACP.
Was the CG poll determining this perfect? - No it was not. How could it be,
faced with the absurdly short time between when the Guide was proposed when
it goes public? But I think it is indisputable that WAC is more widely
deployed and accepted by a majority of the CG.  And I think, therefore it
is what we should all converge towards.  I think we should say in the Guide:

Currently there are two approaches to access control in Solid - ACP has
more capabilities, WAC is more widely used.  In the short term, developers
should use WAC where possible and fall back to ACP only where its extra
capabilities are needed. Servers implementing ACP should take care, that,
where WAC is sufficient, clients are presented with the subset of ACP that
matches WAC and support access to those resources by clients unaware of
ACP.  In the long term, implementers are encouraged to move towards adding
ACP's capabilities to WAC.

I'll also say that I share Christoph's concerns about the process and
transparency.  It is great that ODI is promoting this Guide, it is much
needed.  But it is not great that ODI is basically pressuring the community
to decide against, the community's own best attempt to decide the issue.

-- 
Jeff

On Mon, Apr 27, 2026 at 3:38 PM Jesse Wright <jesse.wright@jesus.ox.ac.uk>
wrote:

> Dear Christoph, elf Pavlik, all,
>
> I share the concern with how CG consensus is being framed here. The CG
> consensus described is a lack of active dissent on [2026-03-20] (proposal
> of data collection) and [2026-04-08] (interpretation of results). There was
> no straw poll, no formal vote, and no input from anyone outside the call,
> despite many members of the community not being represented in those calls.
> Since other members of the CG have heard the outcome — they have come to CG
> calls and voiced their concerns, both with the process for collecting data,
> and the outcome it provided. Whilst it would be useful for those views to
> be re-iterated in this mailing thread, we cannot simply ignore what has
> been said in meetings and responses on GitHub.
>
> As the one who sent out the survey, I feel responsible for the fact that
> it was not quality research — missing capture of a number of applications
> and not qualifying the data that was collected against size or impact of
> deployment.
>
> It is also worth noting that early on we were discussing in the CG having
> a Solid 1.0. This became Solid26 because there was a view that there was
> not enough maturity to have a Solid 1.0. I sent out the email to collect
> the data on March 20th. It was on April 1st that you suggested we make it
> Solid26 an implementors guide and I opened a new work item [1].
>
> My position on what we should recommend has changed — I have been
> transparent about that. That is a result of listening to feedback on what
> the nature of Solid1.0/Solid26 should be, the efficacy of the approach
> taken to collect information on access control languages, and the feedback
> on the outcome.
>
> [1] https://github.com/solid/specification/issues/773#issue-4187138731
>
>
> Kind Regards,
>
> Jesse Wright
> DPhil Computer Science
> Jesus College
>
> mailto:jesse.wright@cs.ox.ac.uk <jesse.wright@cs.ox.ac.uk>
> https://www.cs.ox.ac.uk/people/jesse.wright/
> https://www.linkedin.com/in/jesse-wright-49823a132/
> Book a meeting: https://cal.com/jesse-wright-zdbdal/public
> Mobile: +44 7862 381 515
> WhatsApp: +61 468 669 019
>
> *My work day may look different than yours. Please do not feel obligated
> to respond outside of your normal working hours.*
> ------------------------------
> *From:* elf Pavlik <elf-pavlik@hackers4peace.net>
> *Sent:* Monday, April 27, 2026 11:19 PM
> *To:* public-solid@w3.org <public-solid@w3.org>
> *Subject:* Re: [Solid26: Implementation Guide] On Solid26 (WAC|ACP)
>
> Hi Christoph,
>
> I'm writing from mobile mostly to ask for a quick clarification on CG
> process.
>
> https://www.w3.org/community/solid/charter/#decision-policy
>
> "To afford asynchronous decisions and organizational deliberation, any
> resolution (including publication decisions) taken in a face-to-face
> meeting or teleconference will be considered provisional. A call for
> consensus (CfC) will be issued for all resolutions (for example, via email,
> GitHub issue, or web-based survey), with a response period of five to ten
> working days, depending on the chair’s evaluation of the group consensus on
> the issue. If no objections are raised by the end of the response period,
> the resolution will be considered to have consensus as a resolution of the
> Community Group."
>
> My understanding is that we were using GitHub PRs for that, even without
> explicitly calling it out, and objections were raised by multiple people.
>
> I would also note
> https://github.com/solid/specification/blob/main/meetings/2026-04-01.md#wac--acp
>
> "SC: Maybe, give the group the opportunity to voice (dis-)comfort with
> this result and messaging?"
>
> Certain discomfort seems to have been voiced.
>
> Even without reading the CG charter. My common sense tells me that CG
> doesn't have consensus on this issue. We clearly don't agree and the whole
> ongoing conversation can be seen as evidence.
>
> We already were planning to communicate Solid 26 as something that is
> still being finalized. This issue seems like one of the points that in the
> end we may note as something that we didn't reach consensus on.
>
> Given ongoing Solid Week I would suggest that we only try to agree on how
> this work in progress can be communicated.
>
> Best,
> elf Pavlik
>
> -------- Original Message --------
> On Monday, 04/27/26 at 09:47 Christoph Braun <braun3@fzi.de> wrote:
> Dear all,
>
> there is disagreement on what the intent and content regarding access
> control language(s) in the Solid26 Implementation Guide should be.
>
> I have manually reviewed all CG meeting minutes [Minutes] starting
> 2026-01-07 and linked documents relevant to that discussion.
> Please find all the relevant references at the end of this email.
>
> My full comment including a documentation of my evaluation can be found
> here:
> https://github.com/solid/specification/pull/783#issuecomment-4325498262
>
> ## TL;DR:
>
> I thus arrive at the conclusion that
> - the technical arguments made to also recommend ACP do not invalidate
> the agreement and decision that had been reached within the CG.
> - the intention of "Solid26" from the beginning was indeed to recommend
> one access control language (as it was communicated that way and the
> initial drafts only listing ACP).
> - the agreed to process resulted in WAC being the choice of access
> control language to recommend
>
> This CG followed the usual process of finding consensus or agreement and
> to reach a decision on a proposal.
> If individual CG members are not satisfied with the outcome of the
> decision or the data collection  by means of which the outcome was
> determined, I would urge them to raise an issue to the group and make
> their concerns explicit in writing such that it can later be referenced.
> At the same time, I urge CG members to not obstruct implementation of
> the CG's decision, even though they might personally disagree.
>
> ## Status Quo
>
> - "Solid26" was communicated by @jeswr (JW) and Oli Bage (OB) to select
> one access control language and to recommend that choice.
>
> [2026-01-21],[2026-01-28],[2026-03-18],[2026-03-20],[2026-03-25],[2026-04-01]
> - Prior to data collection, the initial Google Docs drafts for Solid26
> listed ACP as the already chosen access control language to recommend.
> [Solid26 Overview (draft)], [Solid26 (draft)]
> - Data collection shows high adoption of WAC and low adoption of ACP in
> the community. [Results (archived)]
> - After the data collection had finished, it was proposed by @jeswr to
> recommend WAC and in addition mention ACP. [2026-04-08]
> - An Objection was raised by @csarven against this proposal based on the
> earlier communicated goal and agreement on that goal in the group.
> [2026-04-15]
> - TimBL argued to recommend ACP en par with WAC. [2026-04-15]
> - The editors of Solid26 moved forward with recommending WAC while
> mentioning ACP, though not to include ACP, despite the objection. [Commit]
> - The argument to recommend ACP en par with WAC depended on use cases
> was iterated. [2026-04-22]
> - It was argued that "Solid26" were not intended to lock in baselines.
> [2026-04-22]
>
> Based on the above, I observe that
> - agreement was reached within the group to recommend one access control
> language based on the data gathered
> - the choice of access control language to recommend had fallen on WAC
> under consensus of the group
> - there is no agreement within the group not to recommend WAC
> - there is no agreement within the group to recommend ACP and WAC en par
> - there is no agreement within the group to recommend ACP
>
> I further note that
> - the current draft for "Solid26" already mentions ACP as an expressive
> access control language and acknowledges that implementers might find
> ACP to satisfy their use cases.
> - this is already borders what was originally communicated within and
> agreed to by the group.
>
> I thus arrive at the conclusion that
> - the technical arguments made to also recommend ACP do not invalidate
> the agreement and decision that had been reached within the CG.
> - the intention of "Solid26" from the beginning was indeed to recommend
> one access control language (as it was communicated that way and the
> initial drafts only listing ACP).
> - the agreed to process resulted in WAC being the choice of access
> control language to recommend
>
> This CG followed the usual process of finding consensus or agreement and
> to reach a decision on a proposal.
> If individual CG members are not satisfied with the outcome of the
> decision or the data collection by means of which the outcome was
> determined, I would urge them to raise an issue to the group and make
> their concerns explicit in writing such that it can later be referenced.
> At the same time, I urge CG members to not obstruct implementation of
> the CG's decision, even though they might personally disagree.
>
> Cheers
> Christoph
>
> ---
>
> References
>
> [Minutes] https://github.com/solid/specification/tree/main/meetings
> [2026-01-21]
> https://github.com/solid/specification/blob/main/meetings/2026-01-21.md
> [2026-01-28]
> https://github.com/solid/specification/blob/main/meetings/2026-01-28.md
> [2026-03-18]
> https://github.com/solid/specification/blob/main/meetings/2026-03-18.md
> [2026-03-20]
> https://lists.w3.org/Archives/Public/public-solid/2026Mar/0019.html
> [2026-03-25]
> https://github.com/solid/specification/blob/main/meetings/2026-03-25.md
> [2026-04-01]
> https://github.com/solid/specification/blob/main/meetings/2026-04-01.md
> [2026-04-08]
> https://github.com/solid/specification/blob/main/meetings/2026-04-08.md
> [2026-04-15]
> https://github.com/solid/specification/blob/main/meetings/2026-04-15.md
> [2026-04-22]
> https://github.com/solid/specification/blob/main/meetings/2026-04-22.md
> [Solid26 Overview (draft)]
>
> https://web.archive.org/web/20260424082149/https://docs.google.com/document/d/1HxaShh5MVRBcimo9uXrtpWPCW6Xo5S9aOLdFAQX2oJY/edit?tab=t.0#heading=h.68mt47qe53m7
> [Solid26 (draft)]
>
> https://web.archive.org/web/20260424080942/https://docs.google.com/document/d/1da2J-NsU3K-4kWEFOvhzIdrvy_KftewXdlxfu401kY0/edit?tab=t.0
> [Results (archived)]
>
> https://github.com/w3c-cg/solid/blob/main/implementations/wac-acp.2026-04-01.csv
> [Commit]
>
> https://github.com/solid/specification/pull/776/commits/12a71a33fc4674d7b296e2b6733856a9c1067e4c
>
>
>
>
>