Key Concepts

Wallets

Inrupt Wallets are secure, standards-based containers that enable users to store, manage, and securely share personal data with fine-grained access controls and user consent.

Wallet Infrastructure

Wallet Infrastructure provides the user-centric data storage and management services required by Wallets (and any application in need of user-centric data) to manage data and control access to it.

Wallet Infrastructure includes APIs and SDK for developers, authentication and authorization services for governing data and data access, and deployment configurations designed to meet security and compliance requirements in highly regulated industries.

Enterprise Solid Server

Inrupt's Enterprise Solid Server (ESS) is the core component of Inrupt's Wallet Infrastructure. ESS is the server software that organizations deploy in their cloud or on prem environments to facilitate the provisioning, configuration, and administration of wallet storage. ESS is comprised of microservices that enable support for highly available deployment configurations and simple scaling.

ESS is an implementation of the W3C Solid specification.

Solid

Solid is an open web standard developed by Inrupt Co-founder Sir Tim Berners-Lee that gives people visibility into and control over their personal data. The W3C Solid specification defines technical standards and protocols that separate applications from data storage, enabling users to store their information in Personal Online Datastores (Pods) while granting selective access to apps and services. Inrupt's products implement and extend the W3C Solid specification to provide enterprise-grade solutions for user-centric data management.

Pods

A Pod (Personal Online Datastore) is user-centric storage for personal data that serves as the data storage mechanism for wallets. In Inrupt's documentation, "Pod" is a convenient shorthand for describing all personal data associated with a user as a logical unit, though this data is actually distributed across a collection of underlying storage technologies that ESS manages.

Pods are implemented according to the W3C Solid specification, which defines the technical standards, protocols, and requirements for how personal data storage should work.

Identity

WebID

A WebID is a digital identifier to identify a user, organizations, or agents. It takes the form of a URI.

A WebID Document is an Resource Description Framework document dereferenced from the WebID URI. This WebID Document allows applications and services to discover services used or trusted by the entity that controls the WebID, such as their trusted Identity Providers, Pods, and potentially some public personal information.

Client ID

A Client ID is a unique identifier assigned to an application to authenticate its requests to a Solid server. It acts as a means for the server to recognize and establish a secure communication channel with the client, ensuring that only authorized applications can access sensitive data within a Solid Wallet Storage.

Access Control

Access Grants

Access Grants in the context of Solid are a crucial part of managing resource permissions. They have the shape of a verifiable credential, providing a secure and standardized way to grant access rights. These credentials can assert specific permissions, such as read or write access to data, and are verified to ensure authenticity. Verifiable credentials facilitate decentralized identity management, allowing for flexible and interoperable permission structures in Solid ecosystems.

Access Control Policies

Access Control Policies (ACPs) in Solid ecosystems define rules for who can access specific resources and what actions they can perform. These policies use a standardized framework to specify permissions, such as reading, writing, and modifying data within a Solid Wallet Storage.

Access Control Resources

Access Control Resources (ACRs) are specific entities within a Solid Pod that store these rules and manage the application of policies.

Each Pod resource has an associated ACR that contains the policies that determine access to the Pod resource.

The lifecycle of the ACR is bound to the lifecycle of the Pod resource; that is:

• When creating a resource, ESS creates a corresponding ACR.

• When deleting a resource, ESS deletes the corresponding ACR.

If a resource has no Policies that apply to it, the resource is inaccessible. However, the Pod owner can add new policies to provide access to the resource.