Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jun 22 11:35

    csarven on main

    Add version scheme Simplify pre-release example Merge pull request #407 from so… (compare)

  • Jun 22 11:35
    csarven closed #407
  • Jun 22 11:34
    csarven synchronize #407
  • Jun 22 11:34

    csarven on version-scheme

    Simplify pre-release example (compare)

  • Jun 16 16:32
    acoburn commented #415
  • Jun 16 16:29

    csarven on main

    Add missing 'Primer' to Solid-O… Merge pull request #415 from so… (compare)

  • Jun 16 16:29
    csarven closed #415
  • Jun 16 16:29
    csarven edited #415
  • Jun 16 16:29
    csarven edited #415
  • Jun 16 16:26
    csarven opened #415
  • Jun 16 16:22

    csarven on solid-oidc-primer-title

    Add missing 'Primer' to Solid-O… (compare)

  • Jun 16 16:19
    csarven closed #414
  • Jun 16 16:19

    csarven on main

    Fix URL label for notification … Merge pull request #414 from ac… (compare)

  • Jun 16 16:11
    acoburn opened #414
  • Jun 16 14:51
    elf-pavlik commented #407
  • Jun 15 13:58

    csarven on main

    Add 2022-06-15 minutes (compare)

  • Jun 14 14:47
    VirginiaBalseiro review_requested #413
  • Jun 14 14:46
    VirginiaBalseiro synchronize #413
  • Jun 14 14:44
    VirginiaBalseiro synchronize #413
  • Jun 14 14:33
    csarven edited #413
Michiel de Jong
@michielbdejong
Thanks, that's what I thought :) So it's ESS that's ahead of us, not NSS that is behind. I'll ask Oz to rectify his statement.
Henry Story
@bblfish
There are some good ideas in ACP, but as we are going through the documentation made available we are finding issues (as the one discussed above for example).
Also I am not yet sure it needs to diverge as dramatically from WAC as it does, there is a lot more in common than appears on first sight.
Ruben Verborgh
@RubenVerborgh
The other difference is authentication, where CSS uses DPoP.
Michiel de Jong
@michielbdejong
I think all servers now support DPop, and NSS is the last server to additionally still support legacy-pop.
PSS and Nextcloud also don't support legacy-pop.
But they do support WAC. :)
Sarven Capadisli
@csarven
@michielbdejong Cool. Ccould you mention the WAC implementations at the issue Henry shared earlier?
Michiel de Jong
@michielbdejong
Has there been a spec change where "Shape Validation with Shex" became required?
Sarven Capadisli
@csarven
No, Shex is one possibility. Justin can fill in on data-interoperability-panel though.
Michiel de Jong
@michielbdejong
OK, thanks!
Justin Bingham
@justinwb
spec submission for shape and shape tree validation is in the work :slight_smile:
Michiel de Jong
@michielbdejong
Thanks.
Justin Bingham
@justinwb
*works
matrixbot
@matrixbot
aveltens Is serving index.html from container URI mandated by the spec? I am surprised ESS does not do that. It's basically standard on the web to do so
Sarven Capadisli
@csarven

@aveltens:matrix.org

The spec says that if there is /public , /public/ can't be created. And, vice-versa. It also says that servers may want to redirect when requesting the non-existing resource (eg. /public ) to the existing one (eg. /public/ ). Now, only after that, it would be possible for client to receive the representation of /public/index.html if the client for example requested Content-Type: text/html for /public/ (after the redirect) , and if server uses Content-Location: index.html in response to /public/ . That's of course this particular server stores the HTML representation of /public/ at /public/index.html and wired up to be served through Content-Location.

Above is certainly possible and would still conform to the spec or at least there are no conflicts. It is not necessarily how every server might behave. Simple case being that server just won't redirect from /public to /public/ to begin with or associate /public/index.html as the HTML representation for /public/ .

If /public/index.html is an HTML representation of /public/ then all write requests targeting /public/index.html must be redirected to /public/ - the spec doesn't allow representations to be updated directly / separately. Updates are routed through the resource URL as opposed to representation URLs.

matrixbot
@matrixbot
aveltens Ok thanks
Tim Berners-Lee
@timbl
"that servers MAY want to redirect when requesting the non-existing resource (eg. /public ) “ — MAY? The Spec MUST not use “May”
Every “may” is a weakness in the system
I generalize.
But there should be a high bar for a May
Tim Berners-Lee
@timbl
:-)
Sarven Capadisli
@csarven

@timbl We could change "MAY" into non-normative may or just remain silent about it. Redirecting /public to /public/ is a fairly common implementation pattern. Redirect helps people to not trip over slash or no slash diffs or refer to one when the other exists.

Text from the specification:

If two URIs differ only in the trailing slash, and the server has associated a resource with one of them, then the other URI MUST NOT correspond to another resource. Instead, the server MAY respond to requests for the latter URI with a 301 redirect to the former.

Jan Schill
@janschill

Hello,

apologies in advance for a question that is not fun answering.

I am just wondering about a rough estimate on the level of completion of the Solid specifications.
It is for me very difficult by only reading and going over the open issues to make such an assumption. Also, I do not have enough experience developing servers to spot a shortage in specific sections of the specifications, that I could say for example: “The WAC section is too vague for me to implement it correctly”.
I am aware that these specifications are active and conversations are happening all the time about the Solid Ecosystem and that the specifications will probably be worked on for a long time, but I am just trying to get a rough overview of where we are today.
Thank you.

Sarven Capadisli
@csarven

@janschill That's indeed a tough one but I'll give it a shot (and others can shot me down if they like). The short answer is that the key aspects of the ecosystem are for the most "complete". There are some rough edges indeed, some nice to haves or unknowns but that's to be expected. Bear in mind that what makes a spec a spec is not just that there is a nice/readable document to look at but all the work that goes into it, anything from all supporting documents, to publicly demonstrating working implementations based on the specs, as well as actual usage in the wild. There is a lot of iteration on that front. We could call it "ready" at any point but that doesn't serve us or anyone in the end. So, to answer your question more concretely, I would say in 2021Q1, or more realistically Q2 we'll be in a position to wrap up majority of the current work and make a wide call for implementations - not to be confused with the idea that call for implementations/experiences/feedback hasn't been done already or needed on an ongoing basis. To me, the wide call marks a point where we feel the specs are mature enough and expect minimal / hopefully non-breaking changes to the specs based on implementation experience. We need to eventually get a lot of input from users - yes, that includes anyone dogfooding the specs to anyone that only needs to get their tasks done. Think along the lines of whether the servers,.. apps being developed have a net positive effect or harming users.. This is why ethical checks on the path to developing the specs are important. We don't want to be in a situation where we think we are ready for wide use - I don't mean just few isolated users or environments, but for the Web.. - and then deal with major privacy, security, ethical implications. We need to work our way up.. scale up. Don't need to have everyone implementing and using at the same time either. It can happen in phases.. gradually, so that gives us time to improve. When people developing servers, apps etc. can look at the specs and get reasonable coverage. We will weed out stuff that no one is using - and put them into the research/homework/experimentation bucket for later.

Various specs are in the works and they are at different maturity. More specs will come forward. There is no fixed "end" date or completion for the Solid specifications. Just as there is no particular end date for standardisation. W3C is still going after all for obvious reasons. The point of the Solid project is to help towards changing the course of the Web. We are learning about what's broken and propose ways to fix things.

Jan Schill
@janschill
Wonderful answer, this helped me so much. Thank your for going the extra mile in really explaining it thoroughly – greatly appreciated!
Henry Story
@bblfish
I think there could be an ACL spec, which limits access control to Access Control Lists. That is what exists at present, and so could be specified clearly quite quickly. It may be useful just to know where things are going from there on, so as to make sure there is a smooth transition from ACLs to AC Policies.
Alain Bourgeois
@bourgeoa
@csarven Is there something about OS supported by solid, in particular linked to characters supported by POSIX and not supported by Windows like colon ? There is a use case in solid/chat-pane#50
Fred Gibson
@gibsonf1
A quick question on Solid servers response given an accept */* from the client - are there any guidelines on that? For example, if the request node resolves to a type of file, would it be appropriate to download that file. Or if the file has rdf content, to return turtle of the content?
Fred Gibson
@gibsonf1
the CRUD tests seem to want turtle when request with accept */* so thats what we're doing at the moment
Sarven Capadisli
@csarven
@gibsonf1 I believe the requirements from RFC applies in that.. server will select a representation for the response.
Fred Gibson
@gibsonf1
Thanks @csarven , so I guess we'll choose turtle so we pass the CRUD tests
Sarven Capadisli
@csarven
If the resource was created with a representation encoding RDF, server could respond with Turtle or JSON-LD for Accept */*
Sarven Capadisli
@csarven
Ultimately client didn't indicate any preference, so server says 'whatevah, take this.. imma get back to chillin'
Fred Gibson
@gibsonf1
lol :)
Fred Gibson
@gibsonf1
Can anyone point to some documentation like https://github.com/solid/webid-oidc-spec/blob/master/application-user-workflow.md for solid-client-authn-js with PKCE?
Sarven Capadisli
@csarven
Fred Gibson
@gibsonf1
@csarven Thanks!
markjspivey
@markjspivey
after reading through and exploring more existing and proposed implementations of Solid and apps I’ve been trying to grasp “what data is the data that users own and control in Solid?”, my question is detailed here: https://forum.solidproject.org/t/what-data-is-the-data-that-users-of-solid-own-and-control/3690
stencil
@stencil:matrix.org
[m]
Is there a torrent client type app, that I can use to make my own server or db easily?
Jeff Zucker
@jeff-zucker
Folks on the authorization panel might want to check out the discussion about auth from command line apps at https://forum.solidproject.org/t/authorisation-for-a-mobile-app/3692/9
Jeff Zucker
@jeff-zucker
@stencil:matrix.org - there are a number of servers you can install locally - Node Solid Server, Community Solid Server, etc. Not sure what you mean by a "torrent client type app"
2 replies
Justin Bingham
@justinwb

Folks on the authorization panel might want to check out the discussion about auth from command line apps at https://forum.solidproject.org/t/authorisation-for-a-mobile-app/3692/9

Responded

Benoît Alessandroni
@balessan
Hi all, I remember seeing a paragraph in one of the existing specifications document about a "FOLLOW" activity, but I cannot find it back.
Does it sound familiar to someone ? I'd like to cmpare that to existing ActivityPub implementations.
Tim Berners-Lee
@timbl
Is the interop spec completely compatible with the solidos works at the moment with type indexes?
Justin Bingham
@justinwb
it’s similar, but it uses a different index structure so that data can be compartmentalized for authorization and validation
functionally it works the same - in that you follow your nose from the identity document to data you need
Justin Bingham
@justinwb
i’ll work on getting some time sectioned off to start walking through it
Martynas Jusevicius
@namedgraph_twitter
@justinwb that is already the case
re. @base