Current recommendation for public inboxes can lead to spam

[elf-pavlik]

the issue for tackling the use of public inboxes more broadly: solid/specification#464

https://solid.github.io/webid-profile/#inbox

If no inbox is found a Pod Management App MAY create an inbox by creating a container. In that case, the app SHOULD also create access controls for the container that give read and write permissions to the WebID owner and append but not read or write permissions to everyone else.

I see this as a very risky suggestion. If the pod management app actually does, it can make storage vulnerable to spam. I think we should handle this issue on the spec level since in SAI we also make very minimal use of a specialized public inbox and it will require special considerations to prevent spam.

[csarven]

Misleading title and issue littering :(

Solid Protocol and WebID Profile do not require a public inbox. It is the specs that require a public inbox should include additional requirements and considerations to prevent spam.

It may be simpler to leave out the optional application behaviour to setting access permissions for an inbox. It does not impact interoperability given that another application (controlled by a user) can rightly set their own preferred access permissions.

[elf-pavlik]

in SAI we also make very minimal use of a specialized public inbox and it will require special considerations to prevent spam.

I actually went ahead and proposed removing any use of public inboxes from SAI solid/data-interoperability-panel#280

Misleading title and issue littering :(

I quoted the relevant part of the spec, which part do you consider misleading?