Complete IDENTITY-WP-0003 corpus backfill and model refinement

Backfill all 23 research source notes with terminology extracts, modeling
assumptions, conflicts, canonical mappings, and references. Refresh terminology
artifacts, refine the conceptual model with explicit scenario paths, reconcile
canon surfaces and open questions, and mark the workplan finished.
This commit is contained in:
2026-06-21 20:22:20 +02:00
parent 790a2f2041
commit 1c1b5c9bc6
32 changed files with 2676 additions and 623 deletions

View File

@@ -1,50 +1,108 @@
# Webid Solid Profile
# WebID and Solid Profile
## Source Type
TODO: Identify whether this is a standard, specification, product documentation, academic concept, architecture pattern, or implementation reference.
Standard and ecosystem specification. WebID (W3C CG) for decentralized
identifiers; Solid Protocol for user-controlled data pods and profiles.
## Domain
TODO: Classify the source domain.
Decentralized identity-style profile discovery, user-controlled storage, and
WebID-based identification.
## Why This Source Matters
WebID and Solid profile concepts for decentralized/social identity and profile discovery.
WebID/Solid support user-controlled profiles and decentralized identity-style
profile discovery, relevant to persona, identifier, and data-sovereignty
semantics.
## Key Concepts
TODO:
- concept 1
- concept 2
- concept 3
- **WebID**: HTTP(S) URI identifying an agent; dereferencing yields profile
document (RDF).
- **WebID profile document**: RDF description of agent with type, name,
certificates, and links.
- **Solid Pod**: user-controlled personal data store with access control.
- **Solid Profile**: extended profile in pod with extended attributes and
preferences.
- **WebID-OIDC**: bridge binding OIDC authentication to WebID URI.
- **Agent type in profile**: self-described person or organization.
- **ACL (WAC / ACP)**: resource-level access control on pod resources.
- **Type Index**: registry of resource types in a pod.
- **Identity provider linkage**: OIDC issuer associated with WebID.
## Relevant Terminology
TODO: Extract terms used by the source and note their source-specific meaning.
| Term | Source meaning |
| --- | --- |
| WebID | HTTP URI identifying an agent; profile at same URL. |
| Profile document | RDF at WebID URI describing the agent. |
| Pod | User-controlled storage space. |
| Solid Profile | Profile data stored in pod. |
| Agent | Entity described by WebID (person or org). |
| WebID-OIDC | OIDC flow producing ID token with WebID claim. |
| ACL | Access control on pod resources. |
| Type Index | Discovery of pod resource categories. |
| issuer | OIDC provider linked to WebID authentication. |
## Modeling Assumptions
TODO: Capture assumptions made by the source about users, accounts, organizations, tenants, groups, roles, identities, relationships, or credentials.
- **Identifier (WebID URI) is primary**; profile is dereferenceable description.
- **User controls data placement** in pod, not only profile attributes.
- **Agent self-describes** type (person/org) in RDF profile.
- **Authentication can bind OIDC subject to WebID** via WebID-OIDC.
- **Access control is resource-centric** on pod, separate from identity record.
- **No central directory**; discovery via URI dereferencing.
- **Multiple profiles/pods per person** possible across providers.
## Identity-Canon Implications
TODO: Explain what this source suggests for the canonical identity model.
- **WebID URI** maps to **Identifier** (globally dereferenceable).
- **Profile document** maps to **Profile** with RDF attributes.
- **Pod** maps to user-controlled **Scope** for data storage.
- **Agent in profile** maps to **Actor** (Natural Person or Organization).
- **WebID-OIDC binding** maps to **Synonymity Assertion** / **Identifier
Binding** between OIDC `sub`+`iss` and WebID URI.
- **ACL** maps to authorization projection on resources in pod Scope.
- Supports S14 (pseudonymous/scoped identity), S02 (multiple profiles), user
sovereignty goals from ResearchSeed.
## Terminology Conflicts
TODO: Record where this source uses terms differently from other sources.
- **WebID vs. DID**: both decentralized identifiers; different ecosystems and
resolution models.
- **Profile vs. Account**: Solid profile is data surface; may not include
login credentials on same system.
- **Agent vs. Actor**: WebID agent is self-described entity; canon Actor is
broader participation root.
- **Identity vs. WebID**: developers equate WebID with whole identity.
- **ACL vs. Authorization Principal**: pod ACL uses WebID URIs as agents.
## Candidate Canonical Mappings
TODO: Map source-specific concepts to identity-canon candidate concepts.
| WebID/Solid concept | Candidate canonical concept |
| --- | --- |
| WebID URI | Identifier |
| Profile document | Profile |
| Solid Pod | Scope (user-controlled data) |
| Agent (in RDF) | Actor |
| WebID-OIDC binding | Identifier Binding / Synonymity Assertion |
| OIDC iss + sub | Scoped Identifier |
| ACL agent | Authorization Principal (WebID URI) |
| Type Index | Profile/discovery metadata |
| Pod resource | Resource (downstream) |
## Open Questions
TODO:
- Question 1
- Question 2
- Should WebID URI be a distinct Identifier subtype vs. generic HTTP URI?
- How should WebID-OIDC binding strength compare to OIDC pairwise sub (S14)?
- Does pod Scope warrant a canonical "Data Scope" specialization?
- Should Solid ACL remain purely authorization projection, or inform
Relationship types for resource sharing?
## References
TODO: Add canonical URLs, RFC/spec identifiers, documentation links, and citation notes.
- Solid Protocol — https://solidproject.org/TR/protocol
- WebID 1.0 (community spec) — https://www.w3.org/2005/Incubator/webid/wiki/Identity_Providers
- WebID-OIDC — https://solid.github.io/webid-oidc-spec/
- Solid Access Control (ACP) — https://solidproject.org/TR/acl-spec