Files
identity-canon/research/social-community-graphs/webid-solid-profile.md
tegwick 1c1b5c9bc6 Complete IDENTITY-WP-0003 corpus backfill and model refinement
Backfill all 23 research source notes with terminology extracts, modeling
assumptions, conflicts, canonical mappings, and references. Refresh terminology
artifacts, refine the conceptual model with explicit scenario paths, reconcile
canon surfaces and open questions, and mark the workplan finished.
2026-06-21 20:22:20 +02:00

108 lines
4.4 KiB
Markdown

# WebID and Solid Profile
## Source Type
Standard and ecosystem specification. WebID (W3C CG) for decentralized
identifiers; Solid Protocol for user-controlled data pods and profiles.
## Domain
Decentralized identity-style profile discovery, user-controlled storage, and
WebID-based identification.
## Why This Source Matters
WebID/Solid support user-controlled profiles and decentralized identity-style
profile discovery, relevant to persona, identifier, and data-sovereignty
semantics.
## Key Concepts
- **WebID**: HTTP(S) URI identifying an agent; dereferencing yields profile
document (RDF).
- **WebID profile document**: RDF description of agent with type, name,
certificates, and links.
- **Solid Pod**: user-controlled personal data store with access control.
- **Solid Profile**: extended profile in pod with extended attributes and
preferences.
- **WebID-OIDC**: bridge binding OIDC authentication to WebID URI.
- **Agent type in profile**: self-described person or organization.
- **ACL (WAC / ACP)**: resource-level access control on pod resources.
- **Type Index**: registry of resource types in a pod.
- **Identity provider linkage**: OIDC issuer associated with WebID.
## Relevant Terminology
| Term | Source meaning |
| --- | --- |
| WebID | HTTP URI identifying an agent; profile at same URL. |
| Profile document | RDF at WebID URI describing the agent. |
| Pod | User-controlled storage space. |
| Solid Profile | Profile data stored in pod. |
| Agent | Entity described by WebID (person or org). |
| WebID-OIDC | OIDC flow producing ID token with WebID claim. |
| ACL | Access control on pod resources. |
| Type Index | Discovery of pod resource categories. |
| issuer | OIDC provider linked to WebID authentication. |
## Modeling Assumptions
- **Identifier (WebID URI) is primary**; profile is dereferenceable description.
- **User controls data placement** in pod, not only profile attributes.
- **Agent self-describes** type (person/org) in RDF profile.
- **Authentication can bind OIDC subject to WebID** via WebID-OIDC.
- **Access control is resource-centric** on pod, separate from identity record.
- **No central directory**; discovery via URI dereferencing.
- **Multiple profiles/pods per person** possible across providers.
## Identity-Canon Implications
- **WebID URI** maps to **Identifier** (globally dereferenceable).
- **Profile document** maps to **Profile** with RDF attributes.
- **Pod** maps to user-controlled **Scope** for data storage.
- **Agent in profile** maps to **Actor** (Natural Person or Organization).
- **WebID-OIDC binding** maps to **Synonymity Assertion** / **Identifier
Binding** between OIDC `sub`+`iss` and WebID URI.
- **ACL** maps to authorization projection on resources in pod Scope.
- Supports S14 (pseudonymous/scoped identity), S02 (multiple profiles), user
sovereignty goals from ResearchSeed.
## Terminology Conflicts
- **WebID vs. DID**: both decentralized identifiers; different ecosystems and
resolution models.
- **Profile vs. Account**: Solid profile is data surface; may not include
login credentials on same system.
- **Agent vs. Actor**: WebID agent is self-described entity; canon Actor is
broader participation root.
- **Identity vs. WebID**: developers equate WebID with whole identity.
- **ACL vs. Authorization Principal**: pod ACL uses WebID URIs as agents.
## Candidate Canonical Mappings
| WebID/Solid concept | Candidate canonical concept |
| --- | --- |
| WebID URI | Identifier |
| Profile document | Profile |
| Solid Pod | Scope (user-controlled data) |
| Agent (in RDF) | Actor |
| WebID-OIDC binding | Identifier Binding / Synonymity Assertion |
| OIDC iss + sub | Scoped Identifier |
| ACL agent | Authorization Principal (WebID URI) |
| Type Index | Profile/discovery metadata |
| Pod resource | Resource (downstream) |
## Open Questions
- Should WebID URI be a distinct Identifier subtype vs. generic HTTP URI?
- How should WebID-OIDC binding strength compare to OIDC pairwise sub (S14)?
- Does pod Scope warrant a canonical "Data Scope" specialization?
- Should Solid ACL remain purely authorization projection, or inform
Relationship types for resource sharing?
## References
- Solid Protocol — https://solidproject.org/TR/protocol
- WebID 1.0 (community spec) — https://www.w3.org/2005/Incubator/webid/wiki/Identity_Providers
- WebID-OIDC — https://solid.github.io/webid-oidc-spec/
- Solid Access Control (ACP) — https://solidproject.org/TR/acl-spec