In preparation discussions for out talk at this years Cloud Storage Services for Synchronization and Sharing (CS3) conference we also briefly discussed the Solid project. And since Solid nicely fits with our values of keeping your data under your control and digital sovereignty we had to idea to put some of the discussed ideas into a blog.
What is Solid?
Solid is a project lead by “the inventor of the Web”, Sir Tim Berners-Lee and its goal is to build an infrastructure, where users can store their data in a secure and decentralised manner in so called “Pods”. The data inside of a pod is accessed via the “Solid Protocol”, which also takes care of who exactly has access to said data.
In addition to serving simple file blobs like images, videos and documents the aim of Solid is to promote the idea of the “linked data model”, which means storing data in open standardised formats, which are machine readable and allow to connect the data of multiple users in a meaningful way.
What would that mean for the Kopano Groupware?
Looking at the current Kopano architecture there are two locations where such a pod could be deployed. The first pod would be part of Kopano Konnect, which managed your identiy and is already an OpenID Connect based authentification provider. For this Konnect would need to be extended to support WebID, which is the authentification layer used in Solid. Luckily with WebID-OIDC there is a WebID variant that is already fully based on OpenID Connect.
The second place for such a pod would be alongside kopano-server, which manages access to your groupware data. This could be a new component that publishes a minimal subset the the Solid protocol, and the rest of the data exchange could then be done with the Microsoft Graph compatible RestAPI of Kopano. With these two components in place Kopano users would not only be able to log in to applications supporting Solid for decentralised logins, but also use their data in these applications.
Use case: Planning group meetings
For one to one meetings we recently already blogged about Harmonizely, which makes use of Kopanos RestAPI to get access to your calendar and therefore only suggests remaining meeting times to someone seeking to plan a meeting with you. And while users on the same Kopano installation can use the free/busy data to easily identify when users would be free for a group meeting, what if you want to schedule group meetings with external participants?
This is where Solid could come in. There are open source apps such as Framadata already, but all these apps require an organisator to manually enter appointments and participants to manually check their calendars and choose an option that fits them best. With a federated identity and calendar data accessible through Solid the participants of said meeting could use their own identity to sign into such a planning app and give the app access to their scheduling data, automatically suggesting dates that would still be free in their calendars. For future meetings the app could even retain access to the users schedule to directly disqualify dates that would not fit to the schedule of the users you want to invite.
Use case: File sharing
There are plenty solutions already that support simple sharing of files, such as ownCloud, Seafile and Nextcloud. These usually allow a user to share a link to a document and optionally protect the link with a password. If one of these solutions would integrate with a federated identity one would not need to resolve to send out an anonoymous link, but could instead send out a link that can only be opened by a given federated identity. Based on this identity the user could specify what the recipient could do with the shared file, like for example having only read access, or even write access to update it in a central location.
Conclusion
Nowadays data is stored in a lot of places and sadly you either have your own single island of authentification or you have to trust one of the few big tech corporations (like Google, Facebook, Microsoft and Amazon) to manage your identity for you. Solid can help not only in making sure to have ownership of ones one data, but with its decentralised identity can also help in connecting systems and data that would otherwise stay within a silo of its own.
