Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 20 16:09
    justinwb assigned #408
  • May 20 09:41

    csarven on main

    Update solid-oidc reference. Ba… (compare)

  • May 19 14:37
    acoburn synchronize #408
  • May 19 01:36
    acoburn synchronize #408
  • May 18 16:23

    csarven on main

    Add 2022-05-18 minutes (compare)

  • May 18 12:33
    matthieubosquet synchronize #408
  • May 18 10:07
    matthieubosquet synchronize #408
  • May 18 10:00
    matthieubosquet synchronize #408
  • May 18 09:45
    matthieubosquet synchronize #408
  • May 18 09:34
    matthieubosquet synchronize #408
  • May 18 01:55
    matthieubosquet commented #408
  • May 18 01:51
    matthieubosquet synchronize #408
  • May 14 12:25
    acoburn edited #408
  • May 14 12:17
    acoburn synchronize #408
  • May 13 19:56
    acoburn opened #408
  • May 13 16:13

    csarven on main

    Add privacy-principles (compare)

  • May 12 17:03
    csarven commented #407
  • May 12 17:02
    csarven commented #407
  • May 12 16:39
    csarven review_requested #407
  • May 12 16:39
    csarven opened #407
Sarven Capadisli
@csarven
Implementations
namedgraph_twitter @namedgraph_twitter raises hand
Sarven Capadisli
@csarven
GOod! I was wondering if you are.
Sarven Capadisli
@csarven
@namedgraph_twitter What are the reasons for LDH to use that? For public reads, does the system require the user to be identified? Is there a setting to turn it on/off?
Martynas Jusevicius
@namedgraph_twitter
public access and authenticated access is different
Sarven Capadisli
@csarven
"public access" doesn't entail anonymous. I'm just trying to understand what the intentions were in your implementation.
Martynas Jusevicius
@namedgraph_twitter
i meant public == non-authenticated
e.g. we might want to make the SPARQL endpoint available to any authenticated agent
but not make it public, i.e. to allow unauthenticated access
you can find acl:AuthenticatedAgent used in authorizations here: https://github.com/AtomGraph/LinkedDataHub/blob/master/platform/datasets/admin.trig
Sarven Capadisli
@csarven
How do you use foaf:Agent? Does the system read the profile and check for foaf:Agent?
Martynas Jusevicius
@namedgraph_twitter
no
foaf:Agent is used if no WebID client cert is present

based on the WAC https://www.w3.org/wiki/WebAccessControl

Servers are required to recognize the class foaf:Agent as the class of all agents. This indicates that the given access is public. In some cases this will mean that authentication is therefore not required, and may be skipped. When a resource is being written, however, it may be necessary to associate the change with some kind of ID for accountability purposes.

Aaron Coburn
@acoburn
acl:AuthenticatedAgent makes sense if the server constrains the identity providers that are trusted. In traditional web applications with external identity providers, this tends to be a closed set (e.g. login with Google, FB and Twitter but not any arbitrary identity system), and there, acl:AuthenticatedAgent makes sense. If, however, identity in Solid is entirely decentralized and if resource servers need to be able to negotiate auth tokens from an open set of identity providers, then there is effectively no difference between an “authenticated” agent and an unauthenticated agent: I can create an ephemeral identity provider with an ephemeral WebID and call that an acl:AuthenticatedAgentwhich could get a higher level of access just because I have some scripts running this ephemeral infrastructure
Sarven Capadisli
@csarven
It seems that the current definition of acl:AuthenticatedAgent is more like IdentifiedAgent. For AuthenticatedAgent to be truly authenticated, server needs to be able to verify the authenticity of the identity claim.
Martynas Jusevicius
@namedgraph_twitter
well we only support WebID-TLS
so the presence of a valid WebID cert is the verification
i think the class name is appropriate
what’s the difference between “identification” and “authentication” really?
Sarven Capadisli
@csarven
Generally: claiming and verifying
Dmitri Zagidulin
@dmitrizagidulin
given how trivial it is to generate an ephemeral web id, I do think the AuthenticatedAgent term is useless.
Justin Bingham
@justinwb
+1
Martynas Jusevicius
@namedgraph_twitter
@csarven WebID-TLS does both
@dmitrizagidulin not sure what you mean
with WebID-TLS, you need to generate a certificate and host the WebID profile somewhere
that requires some effort at least
and you know which domain it is coming from
Martynas Jusevicius
@namedgraph_twitter

So W3C (Sir Tim, no less) turned down the opportunity to host the JS standard because they felt the web should be declarative-only. Imagine a declarative-only web today.

"Javascript: the first 20 years" https://buff.ly/30TpkPu (Brilliant article in a brilliant journal!)

https://twitter.com/technosophos/status/1273614442874445825?s=20

Sarven Capadisli
@csarven
Are they cases where either one (or both) would be preferable for servers to share request error details with clients: i) in response body ii) link relation using ldp:constrainedBy with target URI identifying the constraints?
Dmitri Zagidulin
@dmitrizagidulin
does ldp:constrainedBy have anything to do with errors?
Sarven Capadisli
@csarven
Server is supposed to include that header in 4xx responses.
Dmitri Zagidulin
@dmitrizagidulin
oh really? is that from LDP?
Sarven Capadisli
@csarven
LDP doesn't specify the details for the representation. In fact, it doesn't even need to be in RDF. In Solid, I think we are leaning on having the details in RDF.
Dmitri Zagidulin
@dmitrizagidulin
q+
Dmitri Zagidulin
@dmitrizagidulin
q-
Sarven Capadisli
@csarven
Sarven Capadisli
@csarven
I think this PR on how constrainedBy can be used in Solid is a good start solid/specification#185 . If there is nothing out of the ordinary for the rough consensus, can we get that merged?
For Problem Details (client error), we can do another PR once we have more specifics on the message schema.
Dmitri Zagidulin
@dmitrizagidulin
@csarven what's the pain point that #185 solves?
Sarven Capadisli
@csarven
It was for issue solid/specification#44
Sarven Capadisli
@csarven
I think it would fall under the UC here: https://www.w3.org/TR/ldp-ucr/#dfn-uc1 -- access guidance, https://www.w3.org/TR/ldp-ucr/#dfn-nf1.1
Dmitri Zagidulin
@dmitrizagidulin
@csarven I guess my main question is, why is it a MUST?
(given that we don't have need for this yet, don't have vocab to define how to constrain or what to constrain, etc)
Sarven Capadisli
@csarven
@dmitrizagidulin For the constraints defined in the Solid spec, that's not much of an issue because whatever is defined in the spec will be common to all servers and clients in the ecosystem.
In the case of a response body describing the problem details, yes, it;d be necessary provide the vocab. That's covered in solid/specification#28
Sarven Capadisli
@csarven
Even just making it possible to describe the problem details can help clients without necessarily having prior knowledge of the vocab.
Dmitri Zagidulin
@dmitrizagidulin
I think what might help me is an example