chfkch  Mar 13
So i am thinking out loud:
In the past i wanted to create an identity system, where the users could create sets of personal data like phone number(s), email adress(es), bank account(s) and physical adress(es) etc.
Then they could share grants, which are like an access control for a specific subset of those.
Could this be realised with private claims from OAuth?
Example in the next posts.
#OAuth #IdentityManagement
Show threadchfkch  

Example 1: I want to share my bank account, my physical address and contact (email/phone) with my internet provider. But they only get my "business" email and not private.
They get the collective bank account of my household, but not my personal one.

Should i change any of those in the future, i want my provider to be able to fetch the new data or even better, get a push notification (on their server) to fetch the updated data.

Mar 13 at 7:21pmWeb
Show threadchfkch  Mar 13

Example 2: I want some shop site to have my physical address and shop-specific email-alias, but not my phone number.

I would create a grant specific to that.

Show threadchfkch  Mar 13
So when i am moving places, i would for example update my physical address once in this service and all necessary business partners etc. can fetch the updated data on push.
Show threadchfkch  Mar 13

My favorite scenario is you could self-host this identity server and federate with others, or just let you business partners etc. retrieve data from your instance.
So basically, in these examples i imagine i could have the custom claim named after the uuid of the grant on my server, where i host my identity.
They would then initiate an OAuth request for this specific grant and then could fetch the data as long as the grant is not revoked.

Is this feasable?

Show threaddweinandMar 13

@chfkch in my view solid is all about personal data. Not companies. You own your Data, and you decide what app/company gets access to what. Your pod. Your rules.

https://solidproject.org

Your idea sounds technically feasible. But how would business partners, authorities or whoever come to the conclusion to federate with your "protocol"? What would be the incentive?

But in general I think your idea is what solid is about in general. But it clearly lags momentum and reach for now.

Solid: Your data, your choice - Solid Project

Solid is an evolution of the web by its creator Sir Tim Berners-Lee. Solid realizes Tim's original vision for the Web as a medium for the secure, decentralized exchange of public and private data.

Solid Project
Show threadchfkch  Mar 13

@dweinand the incentive would be that they always have up-to-date data from their cutomers. Certain businesses require to check if the data is correct and write letters to customers etc. which they could save with this.

Not sure what other benefits are, maybe they can save themselves from having portals to change user data altogether.

But i agree that the end-user is profiting more of this than the business side.

I will check solid project again when i am not tired...

Show threaddweinandMar 13
@chfkch Sounds a bit Like inrupt / solid to me. But I might be off here.
Show threadchfkch  Mar 13

@dweinand hhm i cannot make alot of it from the homepage, but it seems too much aimed at corporations.
But i think it is a common goal/concept.
I want to make this for the normal user, who is fed up to keep all this stuff updated for example when you move or swtich phone/banking account or so on.

In germany there is a service from the postal service to relay mail for one year after you move (and inform the sender of the address change), but for other data i don't know.