csarven on main
Add version scheme Simplify pre-release example Merge pull request #407 from so… (compare)
csarven on version-scheme
Simplify pre-release example (compare)
csarven on main
Add missing 'Primer' to Solid-O… Merge pull request #415 from so… (compare)
csarven on solid-oidc-primer-title
Add missing 'Primer' to Solid-O… (compare)
csarven on main
Fix URL label for notification … Merge pull request #414 from ac… (compare)
csarven on main
Add 2022-06-15 minutes (compare)
The authorization-panel is currently/generally transitioning from the Use Cases that was proposed to coming up with (Non-)Functional Requirements. The Requirements will actually be what all proposed solutions need to address as normative spec text. There is also the UC survey to determine which UCs the Community Group is interested in seeing/using/developing for servers/applications so as to help determine and prioritise which UCs the authorization-panel should focus on. At the same time, ACP is a WIP proposal addressing some of the UCs in which are not deemed to be covered by WAC. The details pertaining to delta/overlap between WAC and ACP are also being worked on. To make things even more interesting, there is the possibility of an Authorization Framework for the Solid Ecosystem which might tie up the work, allowing wider coverage of UCs by different (mostly/hopefully orthogonal) authorization systems.
So, it is all moving forward. Things should clear up in the next weeks/month(s?) As for the current Solid Ecosystem, WAC is currently a MUST for Authorization. The output of the authorization-panel will be proposed for the Ecosystem.
The spec says that if there is /public , /public/ can't be created. And, vice-versa. It also says that servers may want to redirect when requesting the non-existing resource (eg. /public ) to the existing one (eg. /public/ ). Now, only after that, it would be possible for client to receive the representation of /public/index.html if the client for example requested Content-Type: text/html for /public/ (after the redirect) , and if server uses Content-Location: index.html in response to /public/ . That's of course this particular server stores the HTML representation of /public/ at /public/index.html and wired up to be served through Content-Location.
Above is certainly possible and would still conform to the spec or at least there are no conflicts. It is not necessarily how every server might behave. Simple case being that server just won't redirect from /public to /public/ to begin with or associate /public/index.html as the HTML representation for /public/ .
If /public/index.html is an HTML representation of /public/ then all write requests targeting /public/index.html must be redirected to /public/ - the spec doesn't allow representations to be updated directly / separately. Updates are routed through the resource URL as opposed to representation URLs.
@timbl We could change "MAY" into non-normative may or just remain silent about it. Redirecting /public to /public/ is a fairly common implementation pattern. Redirect helps people to not trip over slash or no slash diffs or refer to one when the other exists.
Text from the specification:
If two URIs differ only in the trailing slash, and the server has associated a resource with one of them, then the other URI MUST NOT correspond to another resource. Instead, the server MAY respond to requests for the latter URI with a 301 redirect to the former.
apologies in advance for a question that is not fun answering.
I am just wondering about a rough estimate on the level of completion of the Solid specifications.
It is for me very difficult by only reading and going over the open issues to make such an assumption. Also, I do not have enough experience developing servers to spot a shortage in specific sections of the specifications, that I could say for example: “The WAC section is too vague for me to implement it correctly”.
I am aware that these specifications are active and conversations are happening all the time about the Solid Ecosystem and that the specifications will probably be worked on for a long time, but I am just trying to get a rough overview of where we are today.
@janschill That's indeed a tough one but I'll give it a shot (and others can shot me down if they like). The short answer is that the key aspects of the ecosystem are for the most "complete". There are some rough edges indeed, some nice to haves or unknowns but that's to be expected. Bear in mind that what makes a spec a spec is not just that there is a nice/readable document to look at but all the work that goes into it, anything from all supporting documents, to publicly demonstrating working implementations based on the specs, as well as actual usage in the wild. There is a lot of iteration on that front. We could call it "ready" at any point but that doesn't serve us or anyone in the end. So, to answer your question more concretely, I would say in 2021Q1, or more realistically Q2 we'll be in a position to wrap up majority of the current work and make a wide call for implementations - not to be confused with the idea that call for implementations/experiences/feedback hasn't been done already or needed on an ongoing basis. To me, the wide call marks a point where we feel the specs are mature enough and expect minimal / hopefully non-breaking changes to the specs based on implementation experience. We need to eventually get a lot of input from users - yes, that includes anyone dogfooding the specs to anyone that only needs to get their tasks done. Think along the lines of whether the servers,.. apps being developed have a net positive effect or harming users.. This is why ethical checks on the path to developing the specs are important. We don't want to be in a situation where we think we are ready for wide use - I don't mean just few isolated users or environments, but for the Web.. - and then deal with major privacy, security, ethical implications. We need to work our way up.. scale up. Don't need to have everyone implementing and using at the same time either. It can happen in phases.. gradually, so that gives us time to improve. When people developing servers, apps etc. can look at the specs and get reasonable coverage. We will weed out stuff that no one is using - and put them into the research/homework/experimentation bucket for later.
Various specs are in the works and they are at different maturity. More specs will come forward. There is no fixed "end" date or completion for the Solid specifications. Just as there is no particular end date for standardisation. W3C is still going after all for obvious reasons. The point of the Solid project is to help towards changing the course of the Web. We are learning about what's broken and propose ways to fix things.
Folks on the authorization panel might want to check out the discussion about auth from command line apps at https://forum.solidproject.org/t/authorisation-for-a-mobile-app/3692/9