Loss of Control Mitigation

[kjetilk]

As noted in #58 , we need a strategy to address the situation where a user is locked out from their pod through errors in the ACL. This can occur in several situation, e.g. syntax error in ACL files, that users pass end up not granting control permission to any agent, etc.

We have server-side validation to mitigate the former, and we have discussed introducing the concept of an agent that is understood to be the "owner", to mitigate other situations. We should have a more general discussion on it.

[dmitrizagidulin]

In addition to missing or malformed ACL resources (especially the root storage ACL), loss of control (user being "locked out" of their account or storage space) can also occur from the deletion of several important resources:

• Deletion of the WebID Profile document (prevents the user from being able to authenticate)
• Modification of the WebID Profile doc to remove a few key triples (location of storage, and authentication-related triples)
• Deletion of the root .meta resource. (This one's weird, but we currently store the recovery email for a user's account in the root /.meta resource. Not sure how that came about, but we should probably change that.) - renders the user unable to change their password etc.

[kjetilk]

@justinwb has somet thoughts on how to use meta resources (#102) to address this.