What is Solid?

Hi my name is Yulia and I'm a curriculum engineer at Inrupt.

In this video we'll talk about Solid. We'll discuss what the Solid standard and its components are, and conclude with introducing the Enterprise Solid Server as an implementation of the Solid standard and an infrastructure to host Solid Pods at scale.

Let's start with Solid which is a set of specifications currently being worked on within the World Wide Web Consortium (W3C) to make it a more widely adopted standard. If you haven't heard of W3C, it's the organization that produces and maintains the standards that define the World Wide Web. These standards describe the best practices of web development, such as HTML and CSS, and other generally accepted principles of web architecture and services. 

The Solid Protocol defines an API for structuring applications, data, and identities on the web.

In our earlier videos we introduced Solid Pods. If you want to learn more about them check out the link in the description. In short, a Solid Pod is a data store which contains data about an entity. We also briefly introduced WebIDs which are URLs used to identify entities on the web, and happens to also be a W3C specification.

Remember, Solid decouples applications, data and identities, and structures them in a way that is different from the traditional way that we have grown accustomed to.

We have a place to store data using Pods and a way to identify entities on the web, using WebIDs. Now we need to effectively separate identities, data and applications into their individual domains while also facilitating their interaction. To show how this happens, let's review the components of the Solid Protocol.

Solid's core components are Authentication, Authorization, Access Requests and Grants, Read, Write, Data Semantics, and Notifications. 

Authentication and Authorization require the concept of identity, which in Solid is defined via the WebID. WebID’s are uniquely identified by a URL that resolves to a resource called a WebID Profile. This document has further information about the WebID, for example: all the Pods connected to that identity. We'll create our own WebIDs in a later video. For now, let's get back to Authentication and Authorization.

Solid-OIDC is a specification that is compatible with any OIDC identity provider. It allows defining multiple trusted identity providers within a system, enabling a wider range of single sign on options across a Solid-based infrastructure. OIDC is the most widely adopted standard for identity providers, making for a large selection of options. It also facilitates establishing levels of identity verification, such as Multi-Factor Authentication. 

Authorization in Solid is based on Access Control Policies (ACPs) as the primary standard. Such policies grant and deny levels of access to resources, enabling granular access control and shared policies. 

With Authentication and Authorization basics covered, we should address Access Grants and Access Requests.

Access Requests are a mechanism that allows an agent on the web to request access to resources. The requester specifies which resource they need access to, for what purpose and duration. In response the agent with control access to this resource, is able to grant or deny these requests. If a request is approved, then an Access Grant is created to record the authorization and its parameters. This allows the requesting agent to access the resource. 

This specification enables users and organizations to have transparency and granular controls over read, write, and append permissions for their data at a resource level, thereby expanding Solid Protocol's ability to enable secure and transparent data sharing.

The Solid specifications standardizes the protocol for reading and writing data to Pods. If you're curious to learn about the concepts behind this part of the solid protocol, check out our video series about Linked Data, which focuses on the data semantics overall.

Last, but not least, are standards pertaining to Notifications. Notifications allow applications to subscribe to be notified of changes in Pod data that they have access to. This enables real-time actions and insights in response to changes in a Pod’s data. Currently, Notifications are mainly supported in the form of WebSockets. But the standards are extensible and additional notification protocols are planned to be added in the future.

All of these components enable interoperability. Which means that any Solid app can interact with any Solid server, and reuse the data that was generated by any other Solid app. This improves data quality, simplifies application integrations, and reduces data duplication.

If you want to learn more about interoperability check out the links in the description.

Inrupt has built the Enterprise Solid Server (ESS), which is an enterprise grade Solid-spec compliant offering designed for  performance, scale, security, and compliance. In the following videos we'll do an overview of ESS, and test it out using a hosted developer sandbox called PodSpaces. But for now let's recap what we discussed so far.

Solid is a set of specifications currently being worked on within the W3C to make it a more widely adopted standard. 

Solid's core components are Authentication, Authorization, Access Grants, Read/Write/Data Semantics, and Notifications. Within these components access control mechanisms like ACPs and Access Grants, which allow users to view who has access to their data, for what purposes, and grant or revoke access as necessary.

Solid decouples applications, data and identities and provides a set of standardized APIs for accessing and sharing data. This allows identities, applications and data to interact in a standardized way, regardless of where the data is stored.

Inrupt has built the Enterprise Solid Server (ESS). ESS is an enterprise grade Solid-spec compliant offering designed for performance, scale, security, and compliance.

See you in the next video and thank you for watching!