[New Work Item] Best Security Practice

[elf-pavlik]

I'm creating this issue since we considered managing it as a new work item.

• initial Best Security Practice #625

List and link to owners (at least 1 person for advancing the work item and 1 other person).

• @elf-pavlik
• TBD

Explain what you are trying to do, using no jargon or acronyms.

Provide a document similar to OAuth 2.0 Security Best Current Practice.
It will address security concerns raised in Solid CG, for example, #598

How is it done today, and what are the limits of the current practice?

Currently, we have #598 (2023-11-22) and #514 (2023-03-22) stuck in an overgrown issues tracker.

What is new in your approach, and why do you think it will be successful?

While some security concerns may not be addressed directly in relevant specifications, we can still document known best practices in a dedicated document. As long as suggested countermeasures don't require non-conformance to any of Solid specs, they can be presented as available options.

How are you involving participants from multiple skill sets and global locations in this work item? (Skill sets: technical, design, product, marketing, anthropological, and UX. Global locations: Africa, the Americas, APAC, Europe, Middle East, Antarctica.)

This is a very specialized aspect of Solid aimed at a very specific audience; anyone with security-related responsibilities can contribute.

What actions are you taking to make this work item accessible to a non-technical audience?

This work is explicitly intended for a technical audience.

[TallTed]

Currently, we have #598 (22-11-2023) and #514 (22-03-2023) stuck in an overgrown issues tracker.

For clarity, please format dates per ISO8601, i.e., 2023-11-22 and 2023-03-22

[elf-pavlik]

Please vote on the repo name in

• Best Security Practice repo name #639

[elf-pavlik]

Accepted as https://github.com/solid/security-bp