Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Tim Berners-Lee Introduces "Solid" Decentralized Identity Platform

Tim Berners-Lee Introduces "Solid" Decentralized Identity Platform

This item in japanese

Solid is a new decentralized identity platform from WWW Creator Tim Berners-Lee which provides a mechanism for users to own and better control the usage of their data.

With several large companies trusted with large amounts of user data, and with several high profile data breaches and misuses of consumer data, Berners-Lee writes that:

The changes we've managed to bring have created a better and more connected world. But for all the good we’ve achieved, the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas. I believe we’ve reached a critical tipping point, and that powerful change for the better is possible — and necessary.

Berners-Lee and colleagues have been working on the open-source Solid project in an attempt to restore the power of individuals on the web. Today, most users provide their personal data to technology companies in exchange for value, but this is not always in the best interests of users. Solid strives to restore balance both by giving users complete control of their data and helping them better understand how they share their data.

Solid is not a new internet or web, but gets built with the existing web. Per Berners-Lee, the Solid platform:

Gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time.

Berners-Lee believes that this approach creates a wide range of opportunities for creativity, problem-solving and commerce by empowering individuals, developers and businesses with new ways to conceive, build and find innovative, trusted and beneficial applications and services.

Solid starts with the concept of a POD (Personal Online Data stores). Within a Solid POD, users store information such as photos, comments, contacts, calendars, fitness, and health data. The POD may get located within a home, at work, or within a selected POD provider. It should be easy to move data at any time without interruption of services.

Users then offer various people and apps permission to read or write to parts of their Solid POD. Users get the immediate benefit of not needing to manually enter new data for each new app or service, as data is instead read from the user's POD with their permission. Users have their own source of data, preventing the need to sync changes as all data stays with the user.

The Solid approach strives to protect user privacy while also being efficient for developers. Solid promotes the option for developers to build apps without needing to harvest data, as apps can leverage already existing data.

Solid described a POD as similar to having a private USB stick and/or website, but the user's data interoperate with all of their apps via a personal API. When someone posts comments or videos, their friends can view them with their application of choice. The goal is to strongly decouple the creation of data from its consumption so that data may get shaped into any form.

Users may have more than one POD to create separate identities. Users may install a Node.js POD on their own web servers, or get a Solid POD from a provider. When writing this article your editor experimented with setting up my own. Solid is implemented via various web standards. For example, rather than creating a clone of user data within an app, developers use Linked Data with RDF and FOAF. Solid also recommends the use of Rdflib.js, an open source JavaScript tool to make it easier to work with linked data in Solid. Rdflib.js can store data, parse and serialize data, and track changes to them from the app or server.

Solid also provides a collection of specifications. The WebID Identity specification provides a minimalistic approach, and allows a URI to denote a user, which returns machine-readable data. Similarly, authentication is provided using WebID-TLS and WebID-OIDC with plans to support other systems such as two-factor authentication.

The project provides examples of authoring Solid applications with Angular including a generator-solid-angular implementation. Application developers are encouraged to read the "Make a Solid app on your lunch break" guide. Various open source utilities are under development including the solid-auth-client, solid-ui, and react-components for Solid.

Solid faces an uphill battle to gain traction where previous attempts at decentralized platforms have struggled. To drive adoption of Solid, Berners-Lee has co-founded a new compoany, Inrupt. Will the Solid approach be sufficient for developers to create powerful applications? For example, could a search engine rely on distributed public data to deliver fast and meaningful results? Solid and Inrupt appear to be well positioned to answer these questions and challenges. Berners-Lee writes:

I have taken a sabbatical from MIT, reduced my day-to-day involvement with the World Wide Web Consortium (W3C) and founded a company called inrupt where I will be guiding the next stage of the web in a very direct way. Inrupt will be the infrastructure allowing Solid to flourish. Its mission is to provide commercial energy and an ecosystem to help protect the integrity and quality of the new web built on Solid.

The Solid specifications are open source under the CC0 1.0 Universal license, and the software aspects of solid are available under the MIT license.

Rate this Article