Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WS should be authenticated with ACL #1

Open
nicola opened this issue May 10, 2016 · 5 comments
Open

WS should be authenticated with ACL #1

nicola opened this issue May 10, 2016 · 5 comments
Labels
triage Issues that need team review

Comments

@nicola
Copy link
Contributor

nicola commented May 10, 2016

Was nodeSolidServer/node-solid-server#143

@michielbdejong
Copy link
Member

The client should probably provide the user credentials in the upgrade request.
Connecting should probably never fail.
Notifications should only be sent to authenticated users who are subscribed to a (parent-)folder containing that item, and currently have read-access to the changed item.
Maybe, subscribing to a folder to which the user has no read access should already fail with an error if the user does not have read access to the folder at that time, since the user would not receive any notifications unless the ACLs change during the period the WebSocket connection is active.

@michielbdejong
Copy link
Member

As a first step, I'll try to restrict updates to public files when connected without credentials.

@michielbdejong
Copy link
Member

michielbdejong commented Sep 28, 2020

I'm now (finally) working on a fix for this, see https://github.com/solid/specification/issues/52#issuecomment-682491952

I plan to finish this in October 2020 as part of my EU-funded solid-crud-tests milestone (will update this comment if that estimate changes).

@michielbdejong
Copy link
Member

@jaxoncreed as discussed in the Solid OS call today, would it make sense to add a WebSockets client into ISCAJ? How can we coordinate that between the two of us?

@michielbdejong
Copy link
Member

CC @Vinnl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
triage Issues that need team review
Projects
None yet
Development

No branches or pull requests

3 participants