michielbdejong:
But if Iâm logged in to https://pheyvaer.github.io/solid-chess/ then that chess app has unrestricted read/write/delete access to all data on my pod, right? Isnât that very dangerous?
The App by its very nature is operating on your behalf i.e., your credentials are used to authenticate read-write operations to your pod.
The cool thing here is that your profile doc (not the apps) controls read-write operations. Thus, you are always the one writing to your pod, when you login under your WebID. Naturally, others can only write to your pod if you expressly grant access to their WebIDs via an ACL.
For the chess app, each player writes to their own pod using their respective credentials.
{webid}:Origin == writesTo ==> Pod, subject to ACLs (that include an acl:origin relation) set on Pod.