-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comment on proposed specification document structure #5
Comments
Awesome start @RubenVerborgh!!! 👍 👍 Some quick thoughts after making a (very cursory) first pass:
|
Thanks @justinwb 🙂
That was a terrible omission. Did not yet create a Forms document as I feel that will be less mandatory, but I expect that to be created at some point.
Indeed; that section was intended as non-normative advice about what shapes/ontologies to use in the short term.
Likely not; that would probably a normative section.
Unsure and no strong opinion either way. The idea was to give every yet-do-be-spec'ed technology its own section.
I would think that DID would just be a way to do WebID. Currently, WebID is compatible with HTTP URLs. (But WebID ≠ HTTP URL.) In other words, I see WebID as a name for "an identifier that leads to a document about you in RDF", regardless of whether that identifier is a URL or a DID.
No strong opinion, just my two cents:
|
I am strongly supportive of the proposed structure. 👍 I do have a few minor comments. Since there is no text (yet) in the relevant sections, this is rather tentative feedback.
|
Thanks, @acoburn!
Good point; however, this was meant from the perspective of access control, not as IDP. But indeed, these things would need to be clarified as the text is written; they are just placeholders for now.
Yes, indeed. I wonder whether that could also be seen as an optional part, cfr. the other specs listed at the end. Tracking in #7.
Good point; no strong opinion. Can be filled out as we go.
Absolutely; added in c382725.
Great point; added in 8d68c15. |
I think there's a legitimate reason to include ShEx now along with SHACL. I don't think the two are mutually exclusive and have some different strengths / weaknesses when applied to different use cases.
Have to give this a bit more thought, but I really like the idea of incorporating server-side validation directives with WAC rules. It comes at the expense of making WAC a little bit more complex, but the fit seems natural to me 👍
Are we picking up the WebID specification effort and incorporating it here? Since active work on the WebID spec outside of Solid seems to have tapered that might not be a bad idea.
I think we're probably agreeing on the macro point - that the notion of identity should be fairly generic, with more than one option available as long as it gives you an identifier that leads to a document about you in RDF. I think the current WebID specification would need to be updated to address this generality though.
Fair point, especially when we're covering both server and client in one document. Is it right to combine all into one? I could see having a server, client, and data model spec. Not arguing for this just yet - but think it might be worth a discussion. I do realize we run the risk of too many specs flying around so that may be a legitimate reason not to. |
A few other items we may want to consider including. These are also things that I do think could go into a Standard Pod Data Model spec document if we decided to break out into one.
|
I haven't had time to read your comments, I just wanted to note one thing that we forgot to discuss before I forget it again: URI Normalization. RFC3986 gives some guidelines, but it is hardly enough, as we already noticed with the We cannot eliminate false negatives but we should minimize their impact by being strict when we can. |
Oh, actually, we did have it up and dismissed it, don't you remember, @RubenVerborgh :-) The following is an elaboration of my opinion on it: So, with this bunch of specs (pending decision on The Name), it would define the client-proxy-server interface, not the app-app interoperability. That should be a different matter. How SHACL and/or ShEx is used may be specified, but other than that, I'm very much doubting that it makes sense to spec the various shapes, forms and footprints in any similar manner to these foundational documents at all. Developers need to be free to augment and pillage to quickly meet their needs, and a spec is too rigid a structure for that. If they have to go and ask to add a predicate and have a process around having it accepted for their application to work, they are unlikely to develop on Solid, the interoperability has to be emergent, not mandated. If you have a Task list that needs another field, then sure, go and add it, if your apps gets popular, or indeed to make your app popular, you need interoperability, and then, make sure it is in a shape that others can use. Preferably, that should all happen in-band if you ask me. It is a very different process than what is needed for the foundational specifications. Since it is also a pretty clearly defined area, I think the whole problem complex should be separate. |
We did exclude spec'ing that indeed, I remember that discussion. But the generic mechanisms of shapes and footprints can/should still be discussed, right? |
We should, but I think it might well happen in a different "Panel". |
True, but main spec should link to them? |
👍 , this is great stuff! |
Not sure... The way that I think about it is that "The Spec" is what you need to implement a certain artifact. A different artifact needs a different "The Spec", and an overview of "all specs" is a documentation thing, not a specs thing. So, the critical question is what the artifact is, and that's why I'm not completely sure. |
As an outsider that has never contributed to the solid repos, but that has been following the project and is currently working on a server implementation, I want to say this initiative is very appreciated! A single overall document that would allow to get all the required knowledge and specification documents is much needed. At the moment, it's a lot of reverse engineering, but not yet successful into building something compliant with the node implementation. One item which I don't see being covered, but also don't see a standalone document for, is how pods actually federate with each other, and how messages/requests are being authenticated - am I missing something? |
In the sense of query? That would be https://solid.github.io/specification/#query |
I meant in general. Query is a specific call (if I understand this right), but I was more thinking in a general sense of "how does one pod send/write data to another pod, being the The idea is really to know from which IRI the request is coming from. So per example, the pod |
Writing to other pods is general auth. |
I think that's exactly the thing that should be expanded on in this repository, to explain how such mechanisms work at the Solid level. The document has section for "Clients and apps", and it could use a "Servers" section too. How servers are supposed to exchange data is non-obvious at the moment for someone who just picks up the spec. |
It does; it's called “Authenticated Resource Access”. It's both a server and client matter though, since the interface exposed by a server is accessed by a client.
The moment they write, they act as a client. This diagram might help clarify that: https://rubenverborgh.github.io/WebFundamentals/architecture/#client-server-relative |
Really glad to see the high-level directional concerns and proposals as raised in https://lists.w3.org/Archives/Public/public-solid/2019May/0015.html made its way here. Personally, that's AWWW's Orthogonality, and relatively the bottom-up approach how the specs will come about. I think the title along the lines of "ecosystem", "overview" or maybe even very loosely a "primer" fits for this document for now. We can decide on the exact terminology later once more things settle down. Any non-normative content can stay in this document. I can't particularly think of how or why any normative can be in this document, and that all normative content most likely deserves its independent document which can be referred from this document. We also need to think of terms how each atom spec will continue down the line eg. if a W3C WG can adopt one of the specs under a Rec track - which would be an idea scenario for all specs mentioned in this document. Re WebID-OIDC/MUST, WebID-TLS/MAY... this is meaningful and useful today, however subject to change down the line if WebID-Foo comes along. For example, will WebID-OIDC become MAY then or continue to be a MUST and thereby expecting all systems to have the know-how for both OIDC and Foo - increased complication while being backwards compatible. I think addressing #8 can shed light on how the ecosystem approaches the conformance levels for these mechanisms over time. Re SHACL vs ShEx (or similar seemingly equivalent but different) specs.. we approach that based on use cases and requirements as a guide #9 , so, eg. to achieve x, use S. The Social Web Protocols does this nicely: https://www.w3.org/TR/social-web-protocols/ and doesn't dictate. Guides. Will write more later.. |
Saw no concerns specifically related to structure; feel free to open new issues for the points raised above. |
No description provided.
The text was updated successfully, but these errors were encountered: