See also: IRC log
<trackbot> Date: 03 March 2010
can you chair actually today?
I am happy to scribe.
<scribe> Scribe: Dan
<hhalpin> scribe: DKA
<scribe> ScribeNick: DKA
<hhalpin> scribenick: DKA
<hhalpin> PROPOSED: to approve SWXG WG Weekly -- 24 February 2010 as a true record
<hhalpin> APPROVED: SWXG WG Weekly -- 24 February 2010 as a true record
<hhalpin> PROPOSED: to meet again Wed. March 10th: Social APIs and Mobile Widgets: Thomas Roessler on DAP, Scott Wilson on OpenSocial Shindig, and Robin Berjon and Marcos Carecas on W3C Widgets.
Harry: Next week - interesting
week - there's been a lot of talk of OpenSocial and its
connection to w3c widgets.
... current work in the Apache foundation might [be a bridge]
<hhalpin> Not 4:00UTC?
Harry: the issue is - because of everyone's schedule, they won't be able to come online until 5:00 pm UTC, not 4:00 UTC.
Harry: are people familiar with w3c widgets and open social.
Harry: we could do an intro session on opensocial and w3c widgets...
Dan: maybe we should just do it at 5:00 instead next week.
Harry: So should we have it at a special time next week - 17:00 UTC to 18:00 UTC
<hhalpin> Assuming 5:00 next is fine.
Harry: That should be a one-off-move.
<hhalpin> APPROVED: Move meeting to 17:00 UTC next week
I am very much looking forward to this call.
<AnitaD> not yet
<hhalpin> ACTION: [DONE] mcarvalh to look at Contact API and put those in Google Doc [recorded in http://www.w3.org/2010/03/03-swxg-minutes.html#action01]
<AnitaD> we will get something by end March
<AnitaD> wasn't it the deadline we agreed?
<hhalpin> ACTION: [DONE] Anita to draft XMPP and mobile notes and put them on wiki [recorded in http://www.w3.org/2010/03/03-swxg-minutes.html#action02]
Harry: Tim, use case stuff? Danbri and Dan, coordination proposal, Anita on XMPP, etc...
Dan: I will work on this.
Harry: I put the WBS questionnaire on there - about the importance of various social web standards - would appreciate answers.
<hhalpin> ACTION: [DONE] hhalpin to make WBS survey on ranking future topics to be continued afterwards [recorded in http://www.w3.org/2010/03/03-swxg-minutes.html#action03]
<danbri> oh hey, it's 5pm+ already
Dan: "architecture of social web based on linked data" was the headline proposal from Tim at Santa Clara f2f.
<FabGandon> slide 37 http://www.slideshare.net/fabien_gandon/semantics-in-social-networks
Dan: and there was a diagram (posted by Fabien above).
Fabien: rely on linked open data infrastructure. Transparent API for any rich client of app to access the profile of the user independently of how and where they are stored.
<hhalpin> #swxg on irc.w3.org port 6665
<hhalpin> since there is nothing written down, we're happy to write it up for you!
Tim: I've got a few slides and I wrote a "design issues" document...
<hhalpin> can hear you
Got the slides up.
Tim: Starting with the talks...
<danbri> from a glance, it looks like what i've been hoping oauth+atompub will give us...
Tim: Social networks are doing
well but [disconnected...]
... e.g. Twitter vs. Identi.ca
... There are APIs but they are tweet-specific.
<hhalpin> notes that even the Tweets now have URIs so they can be forwarded...
<hhalpin> i.e. tweets as linked data
<danbri> 'APIs are poor, because the hide the nature of the underlying data'
Tim: APIs are poor because APIs hide the nature of the underlying data. This isn't scalable to new things. The Linked Data Way is to represent it as data.
<hhalpin> wonders about access control and linked data
Tim: In a sane, clean design, the data is linked data and the access control list is linked data.
Tim: ...so the data and the access control are examples of the same stuff...
<hhalpin> as in how access control can *be* linked data, rather than a policy language operating over access control.
Tim: And the access control for the data is controlled by this other access control resource...
<bblfish> what's the URL?
Tim: So keep that architecture diagram in one window and follow along.
<bblfish> thanks :-)
<melvster> i have them
Tim: So the design of this - going on to [slide 6].
Tim: I would like to build on the cool things the community has developed. WebID- FOAF+SSL, RDF, WebDAV, SPARQL Update, Widget libraries, Application Builders.
Tim: Access control: read, write and control...
<hhalpin> can we get links to those apache modules?
Tim: implementation has been written in an apache module[ of this kind of access control on top of] WebDAV.
<FabGandon> http://twitpic.com/16eebm #w3c #tbl #tpac09
<oshani> Apache module for authentication: http://dig.csail.mit.edu/2009/mod_authn_webid/
<timbl> MS-Author-Via: WevDAV
<oshani> Apache module for authorization: http://dig.csail.mit.edu/2009/mod_authz_webid/
<timbl> MS-Author-Via: SPARQL
<bblfish> I think the access control is here: http://esw.w3.org/topic/WebAccessControl
Tim: There is a header that MS has used to tell their applications not to use front-page extensions.
<melvster> header('MS-Author-Via: SPARQL');
Tim: Idea is to use the HTTP link
header to point to the access control list.
... Someone can read it and write it and tweak it using SPARQL updates.
<hhalpin> need a SPARQL update in C to make the implementation really work
Tim: Web Groups - how do they
work? - URIs - if I look up a group name, I get back a document
which has the URIs of the people in the group.
... ...or I get back URIs of sub-groups...
... There's a question of how much RDF processing do you want the system to do?
<timbl> RDFsS inference
Tim: You log on with a WebID -
WebID tells you who user is pretending to be but can't be
... You can imagine doing very complicated rule-based systems, but there is tremendous advantage on being really simple.
... This will be an application-independent architecture.
... So imagine you're designing Twitter. The first thing you need to create is a public list of tweets. We need conventions of generating URLs that won't clash with other applications.
... you need to have an "incoming drop box" so when someone tweets about you, you can [be alerted].
... in a centralized application all links are automatically both ways. When I follow you on Twitter you know that because it's the same application.
... in a distributed way, you need to duplicate this with messages.
... Social networks [are] a partially public, partially controlled view of [their activities.]
... cross-application is valuable. [Allowing other applications to access all this data]... creates an app market for this data.
... they should be portable but should not have to each make their own data space. This architecture allows them to work in a context where they are using data which is being produced and managed by other applications.
<hhalpin> increasing innovation in apps over open space is a good business case.
Tim: When we have this open system and open linked data architecture, we will see a [jump] in innovation in these apps.
<Zakim> danbri, you wanted to ask about exact definition of webid:, does it assume user control of the URI? and to mention foaf:membershipClass re Web Groups - defined groups by membership
[slide talk ends]
<timbl> A WebID is a a URI for a person which can be used for single sign-on
Danbri: WebID - I have a mixed sense of what a WebID is. Is it a euphemism for a URI? Or is it a specific technology?
<timbl> using foaf+ssl
<bblfish> thought the same ID could be both
Tim: A WebID is specifically a FOAF+SSL ID. It's an alternative to an openID.
<bblfish> rather the OpenId could be the foaf:homepage where the WebId is described
Tim: I can imagine there will be WebID you get because you visit a web site and you have control over it and you will have WebIDs for specific reasons - e.g. a WebID for W3C or for your business.
Danbri: If I copy your FOAF file and put it on my website. It still says true things about you - is it a webid?
Tim: No - when you look up a WebID it gives you a public key. And when you look up that [FOAF] file it will give you the wrong public key.
<timbl> The certificate and the FOAF file are cross-linked
<bblfish> It's a WebId from the users point of view because a ID selector will pop up asing him which ID he wants to choose. This is what users will remember
Danbri: Second question - one of your slides you talk about groups. In FOAF we have [a mechanism] for this.
Tim: Is a group a class?
Danbri: No it's related to a class...
Tim: That's a design issue.
<timbl> Keep it simple --> the group is the class
Tim: The question of whether you want a group to have a class or be a class...
<bblfish> A class is not set
<bblfish> so I think it's ok
<danbri> apache code url?
<bblfish> I think the url is on foaf+ssl wiki
<melvster> did you want the apache_mod URIs?
<timbl> <#ThisGroup> is rdf:type of Joe, Fred, Albert.
Harry: 2 quick questions. I think the concept is good and I want to make it part of the final report. But 2 critiques from some working on the open stack.
<bblfish> You can have as many certificates as you want
<pchampin> yes, but how do you conveniently create one when you need it?
Harry: first problem with certificates - they vary between machines, different devices, if I go to an Internet cafe how can I use my certificate... So this is in support of the username/password.
<hhalpin> (ben laurie)
<bblfish> you have a password or one time password on the Identity Provider site
<hhalpin> so a one-time password would be the way to go here?
BBlfish: You have an identity provider site - your openID home page - you have a password or you have it able to send you a one-time password to your mobile phone - and then you can create a new certificate which you can set the TTL for -
<hhalpin> so a one-time OpenID-style login would create the certificate...could we just have the certificate then automatically put through to other apps with minimal user-intervention?
BBlfish: so if you're in an Internet cafe you can set up a new certificate for only an hour... You can have as many certs as you want and you can disable certs just by removing the public key from your profile.
<pchampin> a little hard to explain to my mother, but technically sound, yes :)
Tim: If the thing is set up to
use public-key cryptography then it's easier to down-grade it
to openID like systems and you can cross-link OpenID and
... of course going into an Internet cafe and logging into your common provider is [low security].
<hhalpin> so Google says, single-sign on us with us and trust us :)
Tim: SSO means you can do a lot
of damage with just one login.
... When you're at the bank, typlically you can look at your statement but then [an extra level of security is requried] when you want to make a payement.
... "These are two versions of Harry - the strong and the weak one."
<danbri> openid has some specs in this direction - http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html
Harry: 2nd question - about APIs
and data formats -
... we need to have a good answer.
<bblfish> yes, one could have some interesting reasoning engines that work out the level of security someone has, given how they have logged in, if their webid is http, or https...
Harry: I agree it's better if you
want control of your data and have infinite descriptive power a
URI is as good as it gets. On the other hand, some developers
just want a string name - a first name
... and "you're forcing me to do all this work."
<timbl> RDFHTTPRequest and a great RDF API
Harry: If you start mixing up the cloud with linked data then it starts getting out of hand for developers. The linked data community needs to answer these questions...
<hhalpin> no definitely doesn't devalue it
Tim: there is a cloud - web services - that people are using - but it doesn't devalue the linked data cloud.
<danbri> http://www.oreillynet.com/pub/wlg/3005 'Amazon has both SOAP and REST interfaces to their web services, and 85% of their usage is of the REST interface.'
<hhalpin> we just need to make it as easy-to-use Linked Data as possible
<danbri> (let's not get bogged down on soap vs rest)
<hhalpin> (ah, good pointer danbri!)
<hhalpin> (maybe back to API vs. Linked Data format issue)
<timbl> user = weblogin(); name=user.foaf:name
Sorry but I actually have to leave the call right now... :(
Hope someone else can take over scribing...
<hhalpin> any more questions?
Very highly enriched information.
<timbl> Ok, thanks for coming ... sprry the note isn't finished yet
Also wonder how this interoperates with OneSocialWeb XMPP-based architecture...
<petef> thanks timbl
But this is too big a quetion for today.
<cperey> bye for now!
<danbri> we normally ask aout role of w3c
<hhalpin> Yes, that would have been a good question...
<hhalpin> oh, good point!
<hhalpin> TimBL, if you can answer this one :)
<yoshiaki> TimBL: W3C is engaging community in general.
<hhalpin> we've invited them to calls and TPAC :)
<yoshiaki> ... and invite them to TPAC.
<danbri> http://www.w3.org/News/2009#entry-8674 fits in?
<timbl> It isn't ready yet, don't review it until we have it more finishde
<hhalpin> but the problem is that with most of these Social APIs, and even W3C DAP API, we have these descriptive features mied in
<bblfish> good point
<melvster> makes sense
<hhalpin> big deal
<hhalpin> take care timbl!
<hhalpin> ACTION: hhalpin to send Team a simple e-mail overview for Social Web API [recorded in http://www.w3.org/2010/03/03-swxg-minutes.html#action04]
<trackbot> Created ACTION-132 - Send Team a simple e-mail overview for Social Web XG [on Harry Halpin - due 2010-03-10].
<petef> bye all
<hhalpin> bye all!
<hhalpin> trackbot, end meeting
This is scribe.perl Revision: 1.135 of Date: 2009/03/02 03:52:20 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/RDF/RDFs/ Succeeded: s/API/XG/ Found Scribe: Dan Found Scribe: DKA Inferring ScribeNick: DKA Found ScribeNick: DKA Found ScribeNick: DKA Scribes: Dan, DKA Default Present: +41.79.200.aaaa, MacTed, +049173900aabb, +049173537aacc, AnitaD, tpa, oshani, melvster, hhalpin, DKA, yoshiaki, Carine, +49.173.537.aadd Present: +41.79.200.aaaa MacTed +049173900aabb +049173537aacc AnitaD tpa oshani melvster hhalpin DKA yoshiaki Carine +49.173.537.aadd Found Date: 03 Mar 2010 Guessing minutes URL: http://www.w3.org/2010/03/03-swxg-minutes.html People with action items: hhalpin[End of scribe.perl diagnostic output]