Discussion on the Solid servers

Discussion on the Solid servers === 2020/11/17 Maria Dimou, Michiel de Jong, Jan Schill Notes by Maria - Definitions by Michiel. ### Definitions 1. **Node Solid Server (NSS)** was started 5 years ago by the Solid team at MIT. It is still the only _open source_ server that really works. The code was mostly written by PhD students. 2. **Enterprise Solid Server (ESS)** is [inrupt](https://inrupt.com/)'s commercial _closed source_ alternative, based on Trellis. They only just launched it in November 2020. [Article](https://sdtimes.com/data/inrupt-launches-enterprise-solid-server-to-restore-trust-in-data/). 3. **Community Solid Server (CSS)** is an _open source_ project by Ghent University, paid for by Inrupt, to rewrite NSS from scratch in TypeScript. It passes some of the tests, but only for a small subset of the functionality so far. 5. **php-solid-server (PSS)** is _open source_, passes more tests, but is also still incomplete. It's the basis for the Nextcloud app that makes Nextcloud compatible with Solid. ### Discussion * The Solid specifications are currently incomplete and experimental, mostly defined by PhD students. * Some security issues remain open, at least, as far as we know, with NSS and CSS, as _Web Access Control (WAC)_ is not implemented yet. There are vulnerabilities related to _WebSockets_ as well, [as per this issue](https://github.com/solid/solid-ui/issues/360). * The test suites show different behaviour for each of the, above mentioned, Solid server implementations, for those where tests were officially run. * These tests were not run on the ESS officially so far, inrupt hasn't given demo accounts yet. * [Pete Edwards](https://github.com/edwardsph), hired by inrupt this week, will add tests for Access Control policies. * Links to existing tests: * https://github.com/solid/test-suite#introduction * https://gitter.im/solid/test-suite * Tim Berners-Lee, Michiel and 3 more people work on the SolidOS development. Code is [included in the UI](https://github.com/solid/solid-ui). ### Conclusions 1. inrupt is not like Mozilla, which does have paid members but makes open source products. inrupt gives priority to its own customers, hence the closed source implementation. 3. Data portability for different data formats will be an attractive asset for Solid adoption. 4. One doesn't get a fully working environment by switching to Solid yet. It is at the stage Linux was in the 1990ies. 5. Still the need to defend personal data stores and adherence to well defined web standards is becoming increasingly obvious and a strategic choice for the future. 6. For the next 5 years Solid will remain "philosophical". Still, it is an investment, which _shall_ eventually work. We shall then be happy that we had the vision to embrace Solid early.