Discussion with developers from Swedish Public Employment Service

by Maria Dimou (CERN)



Maria Dimou (CERN-Solid collaboration leader)
Jan Schill (CERN-Solid Proof of Concept (PoC) developer)
Magnus Svensson (Swedish University Network SUNET)
Tamas Szabo (Swedish public employment service)
Anton Wiklund (Swedish public employment service)


The Community Solid Server (CSS) version 1.0 was announced in August 2021.
As a european, open source implementation of the Solid specifications, it is the one being currently evaluated at CERN.
The also completed a PoC, on a possible use of CSS by multiple government institutions.

The meeting was suggested by Marcello Grita (Swedish public employment service) after having read Jan's thesis on the CERN-Solid PoC. Marcello's meeting suggestion:

We have been mandated by the government to build a digital infrastructure at national level for personal data exchange. There are not many other organizations that are using Solid for large projects and our team would be interested in an exchange of opinion with you regarding the technology and the solutions found to common problems.

Tamas reported:

We held discussions  with the team and CSS project manager Ruben Verborgh. For our use case the deployment has to be secure, scalable and highly available.

It is understood that CSS was mainly built for research purposes and to validate the Solid specifications. This means that modularity, flexibility and extensibility has been prioritized.

CSS focuses more directly on secure authentication and authorization to resources between the Solid Pod Server and the client (Solid application), but not how the "Data at rest" is secured nor how the "Data in flight" is protected. The CSS implementation does not take precautions on how to protect the data in-memory, while accessing/handling its resources.

These data security aspects need to be further investigated before CSS can be deployed to production.

Anton reported:

Earlier this year, we tried out different technologies for human-centric data sharing. One of the solutions we tried was Solid using the Enterprise Solid Server from Inrupt. It was just a proof-of-concept based upon test data. We presented our PoC on Solid World June (Notes by Maria Dimou HERE). We did not do our own deployment of ESS, we used it as a service hosted by Inrupt for simplicity.

Maria reported:

After the PoC successful completion, we wrote a CERN Policy document summarising the need for a (preferably) european and open source Solid server implementation. The obvious choice is CSS. The Node Solid Server (NSS) is old, the Enterprise Solid Server (ESS) is non-european and php Solid Server is not ready.

The current CERN-Solid project is trying to do exactly that. Install, configure and test a CERN CSS instance.

Please contact Maria Dimou for further information on the CERN-Solid collaboration.