Patch Requests

Introduction

Solid accounts can support multiple login methods and can be connected to multiple storages in which access rules can be defined.

However, apps should not be able to make changes to access rules, the list of login providers or the list of storages of a user, without the user explicitly accepting these changes.

The only way to satisfy this requirement is to have an application that the user trusts. The user can then be redirected to this app where s/he is prompted to make a decision about adding/removing access rules, storages or login methods.

This way of working is very similar to how the Authorization Code Flow of OAuth 2.0 or OpenID Connect works. Indeed, in these protocols, the user is redirected to an Authorization Server or Identity Provider where s/he is presented a screen to login. The Authorization or Identity Provider is trusted by the user and allows apps to authorize or authenticate the user.

However, even though OAuth 2.0 or OpenID Connect provide a tried-and-tested foundation, these protocols have no notion of access rules, storages or login methods in the sense of the Solid protocol. Indeed, OAuth2.0 and OpenID Connect assume that resource servers all have a different way to handle access (hence the use of scopes in OAuth2.0), while Solid standardises access control of resource servers.

As such, Solid takes the basics of OAuth 2.0 and OpenID connect and builds on those protocols by adding the concept of a Patch Request.

A Patch Request can be used in an Authorization Code Flow to ask the user to make changes to his or her Solid account. Specifically, at the start of an authorization code flow, you can provide a query parameter containing the URI of a Solid Patch Document the authorize endpoint.

A Solid Patch can be used to request the user to make the following changes:

  • Adding or removing access rules in one or multiple of his/her storages
  • Adding or removing identity providers to his or her WebID profile document
  • Adding or removing storages to his or her WebID profile document

Components and Rules of a Solid Patch Document

A Solid Patch Document can consist of four components:

  • Access: define which access rules you want to ask the user to remove or add
  • Storages: define which data sources you want to ask the user to remove or add
  • Login methods: define which login methods you want to ask the user to remove or add
  • Conditions: define under which conditions the above components are added or removed (i.e. consent, ...)

A Solid Patch Document is a JSON document that is structured according to the example below:

Example

{  
  "add": {  
    "access": {  
      "subject_type_combo": [  
        {  
          "applies_to_subject_uri": "https://use.id/tom",  
          "applies_to_type_uri": "https://dbpedia.com/diploma",  
          "allowed_subject_uri": "https://webid.karamel.career",  
          "allowed_azp_uri": "*",  
          "allowed_issuer_uri": "*",  
          "allowed_access_mode": "read",  
          "storage": "*"  
        },  
        {  
          "applies_to_subject_uri": "https://use.id/tom",  
          "applies_to_type_uri": "https://dbpedia.com/diploma",  
          "allowed_subject_uri": "https://webid.karamel.career",  
          "allowed_azp_uri": "*",  
          "allowed_issuer_uri": "*",  
          "allowed_access_mode": "read",  
          "storage": "*"  
        },  
        {  
          "applies_to_subject_uri": "https://use.id/tom",  
          "applies_to_type_uri": "https://dbpedia.com/diploma",  
          "allowed_subject_uri": "https://use.id/tom",  
          "allowed_azp_uri": "https://webid.karamel.career/",  
          "allowed_issuer_uri": "https://accounts.use.id/",  
          "allowed_access_mode": "read",  
          "storage": "https://storage.use.id/"  
        }  
      ],  
      "resource": [  
        {  
          "applies_to_resource_uri": "https://storage.use.id/955872a8-e87c-40cc-858c-f3f2cfe00e78",  
          "allowed_subject_uri": "https://use.id/tom",  
          "allowed_azp_uri": "https://webid.karamel.career/",  
          "allowed_issuer_uri": "https://accounts.use.id/",  
          "allowed_access_mode": "read"  
        },  
        {  
          "applies_to_resource_uri": "https://storage.use.id/blabla/6f63b694-31ed-11ee-be56-0242ac120002",  
          "allowed_subject_uri": "https://use.id/tom",  
          "allowed_azp_uri": "https://webid.karamel.career/",  
          "allowed_issuer_uri": "https://accounts.use.id/",  
          "allowed_access_mode": "read"  
        }  
      ]  
    }  
  },  
  "remove": {  
    "access": {  
      "subject_type_combo": [  
{  
          "applies_to_subject_uri": "https://use.id/tom",  
          "applies_to_type_uri": "https://dbpedia.com/drivers-license",  
          "allowed_subject_uri": "https://webid.karamel.career",  
          "allowed_azp_uri": "*",  
          "allowed_issuer_uri": "*",  
          "allowed_access_mode": "read",  
          "storage": "*"  
        },  
        {  
          "applies_to_subject_uri": "https://use.id/tom",  
          "applies_to_type_uri": "https://dbpedia.com/drivers-license",  
          "allowed_subject_uri": "https://use.id/tom",  
          "allowed_azp_uri": "https://webid.karamel.career/",  
          "allowed_issuer_uri": "https://accounts.use.id/",  
          "allowed_access_mode": "read",  
          "storage": "*"  
        }  
      ],  
      "resource": [  
        {  
          "applies_to_resource_uri": "https://storage.use.id/547b5b5a-1e5d-4a5e-ade0-a031f371df86",  
          "allowed_subject_uri": "https://use.id/tom",  
          "allowed_azp_uri": "https://webid.karamel.career/",  
          "allowed_issuer_uri": "https://accounts.use.id/",  
          "allowed_access_mode": "read"  
        },  
        {  
          "applies_to_resource_uri": "https://storage.use.id/blabla/d0df542d-2a82-4c55-bb25-acc95dfd506c",  
          "allowed_subject_uri": "https://use.id/tom",  
          "allowed_azp_uri": "https://webid.karamel.career/",  
          "allowed_issuer_uri": "https://accounts.use.id/",  
          "allowed_access_mode": "read"  
        }  
      ]  
    }  
  },  
  "conditions": {  
    "policy_uri": "",  
    "tos_uri": "",  
    "legal_basis_uri": [  
      "https://blabla.com/consent",  
      "https://blabla.com/legitimate-interest"  
    ],  
    "purpose_uri": [  
      "https://blabla.com/marketing",  
      "https://blabla.com/kyc"  
    ]  
  }  
}