Data Wallets Using the Solid Protocol

I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture.

Details are here, but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard. We think designing a wallet around Solid makes sense for lots of reasons. A wallet is more than a data store—data in wallets is for using and sharing. That requires interoperability, which is what you get from an open standard. It also requires fine-grained permissions and robust security, and that’s what the Solid protocols provide.

I think of Solid as a set of protocols for decoupling applications, data, and security. That’s the sort of thing that will make digital wallets work.

Tags: data privacy, data protection, Inrupt, security standards

Posted on July 25, 2024 at 7:05 AM • 13 Comments

Comments

finagle • July 25, 2024 7:42 AM

Can you link to the specification please. After 10 minutes of surfing around the Solid site linked, and following links from there down various rabbit holes, I can’t find a link to the actual ‘open’ standard.
Based on what I can see so far it looks like vapourware. Surely a project like this should have some architectural materials, links to standards documents or something actually solid (pun intended) on or directly linked from their home page?

Winter • July 25, 2024 9:24 AM

A wallet is more than a data store—data in wallets is for using and sharing. That requires interoperability, which is what you get from an open standard. It also requires fine-grained permissions and robust security, and that’s what the Solid protocols provide.

One really important use case for data wallets would be medical data.

Many countries are struggling with electronic patient/health records. Privacy and Security concerns have shot down many projects. This can lead to bizarre situations where a patient is given a paper file with printouts of their health records from their hospital when they transfer to another hospital (image data on CD/DVD, this actually happens in the Netherlands).

The core difficulty here is that medical data must be accessible in emergency situations when the patient is incapacitated.

This is also a concern with other data wallets which have to be accessible when the owner dies or is otherwise incapacitated for longer times. It is one thing to get to a bank to release accounts of a deceased relative, another to retrieve important data, eg, passwords or account info, for which there is no alternative route.

I would like to know how the current standards treat this case. I could not find this information in the link nor on the Solid web site (there is no search function).

Bruce Schneier • July 25, 2024 9:28 AM

@finagle:

Weird. I typed “Solid specification” into Google, and it was the first hit:

https://solidproject.org/specification

And totally not vaporware. It’s a W3C standard. It’s been working for years.

Morley • July 25, 2024 12:05 PM

I hope it ends up easy to use for end users. Maybe an implementation certification program is in order for security and usability.

Melissa • July 25, 2024 12:20 PM

Inrupt is really a weird and paranoid company, it blocks TOR.
So much of the privacy, openness and security.
If you spit on user’s anonymity, why should I care about your products?

Espen • July 25, 2024 4:31 PM

I have been following the EU Digital Identity (DI) work for the last couple of years, and with the regulations landing this February it will go into effect early 2026.

The technical specification can be found at https://eu-digital-identity-wallet.github.io/eudi-doc-architecture-and-reference-framework/.

It sounds like Solid could help deliver some of the things the EU ID Wallet is trying to achieve, but I have not seen any mention of Solid in the work from EU.

I have not looked at the details but the W3C WebID used by Solid and the W3C Decentralized Identifiers (DIDs) being proposed by EU DI wallet might be trying to do the same thing.

I understand Solid is trying to achieve more than just identification and verifiable credentials, but it would be interesting if these standards would cooperate in some way.

ResearcherZero • July 26, 2024 5:04 AM

@Melissa

Many companies and sites block TOR.

VPNs also help route around faults. If TOR is blocked, try a VPN with another browser.
Privacy with more resilient network access helps to avoid upstream exchange failures.

Matt • July 26, 2024 11:29 AM

“Weird. I typed “Solid specification” into Google, and it was the first hit:”

Yeah, but the site itself doesn’t appear link to the specification anywhere. Is there some reason it’s okay to not have a link to the spec on the site itself?

Richard • July 26, 2024 5:08 PM

I’ve been excited about the Solid project since its inception. It overlaps a lot with the Decentralized Identity Foundation’s Decentralized Web Nodes project that has been sponsored by Block TBD and Microsoft. Do you have plans to interoperate?

https://github.com/decentralized-identity/decentralized-web-node

Peter • July 26, 2024 5:22 PM

“Web 3.0 is all about empowered individuals and personal data.”

In the Sixth World, Web 3.0 is the first version of the Matrix.

Clive Robinson • July 27, 2024 7:26 AM

@ ALL, Peter,

Re : To be Web 3.0 or Web 3, or less real.

Currently there are two web three’s recognised with another sneaking in in the background.

One is block chain proof of work NFT Smart Contract nonsense. That Molly White has a site highlighting the fact it’s a major train wreck happening nearly every day,

https://www.web3isgoinggreat.com

With speculators getting figuratively disemboweled by rug-pulling and similar theft.

The second is an idea that has apparently “not come of age” yet and the way things are being conflated may never do so.

This version is the follow on idea of the “semantic web” notion from getting on for a couple of decades ago.

It’s an idea thought up by Tim Berners-Lee who some still incorrectly think of as the inventor of the Internet…

The ‘semantic web’ is actually rarely talked about because its apparent ambitions have largely been and are now going.

That is it was all done by search engines that tag and file millions of websites using dedicated crawlers. But is that still true?

Jim Hendler collaborator with Tim Berners-Lee once said,

“Search works much better because Google has all that information”

But that is only part of it, the bit he missed is

“and makes it all available to you”

Anyone notice that this is nolonger true? Google now only makes available to you “what they think you should see”… Yes if you know enough to “drill through” Google will grudgingly give it to you.

Thus George Orwell’s notion of the three dictionaries of NewSpeak is actually coming true. You have to prove you are an adept in a knowledge domain to be allowed access to the real knowledge, not what some Corporate wants to fob you off with for their own benifit.

So arguably the ‘semantic web’ is already dead before it really happened, because it was not or could not “earn” for those with the money and power…

But… There is also a third view starting to sneak in. The so-called ‘spatial web’. Apparently originating from or with a push from Meta (loosing a significant amount of their share value in the process).

Apparently it will move the information that is you off of devices and into the metaverse… that will see you made not just in ‘virtual form’ but in ‘augmented reality’ majorly integrated with our daily lives… (Yup sounds as hellish as the Matrix).

The only thing we really know for certain about “Web Three” is that everyone is “shouting the odds” and the horses are not yet even foals let alone being in the starting gate.

“Pays your money, gets ripped off, don’t pay and be the product.”

Were the options available to you neither were pleasant.

But now with the LLM and ML systems you have a third way to go…

“Become detached from reality entirely.”

Yup Dante just does not cut it these days we certainly have “hell on earth” and people are just queuing up to enter…

Any way lunch time is just starting on this pleasant Saturday in the real world where I live. I think I’ll go “al fresco” whilst it is still not a crime against corporate dictate 😉

Cron.d • July 27, 2024 8:36 AM

Like X11, but for general data. Is there a connexion, noting they were appearing at around the same time and the same place ?

lurker • July 28, 2024 2:13 AM

@finagle, @Matt, @Bruce

Indeed the solidproject.org site appears to have very subtly hidden the specification.

However, navigating the commercial inrupt site from the bottom of the home page, Resources > Documentation > Introduction gives a link to the “Solid Specification” at ‘https://solidproject.org/TR/

If I type “solid specification” (without the quotes) into ddg search the first hit is for “Specification – Solid” linked to ‘https://solidproject.org/specification which page contains a link to the page quoted in the second para. above.

The “Specification” is, like most W3C associated projects, a multi-headed bundle of technical reports from different committees, and cannot be browsed in ten minutes over a single cup of coffee…

Schneier on Security

Data Wallets Using the Solid Protocol

Comments

Leave a comment Cancel reply