Socialwg/LDP-SWAT0

How to implement SWAT0 ( Social Web Acid Test - Level 0 ) using a set of standards based around the Linked Data Platform.

With his phone, Dave takes a photo of Tantek and uploads it using a service

Dave uses a native app or webapp to take a picture. That app does an HTTP POST of the image.

To what URL?

Does the app post to that URL, or does it follow links from there? Which links?

Clearly it's posting to an LDPC.

sandro: app just posts to the URL which the user used in authentication ( e.g. Dave's http://dave.example/ or https://dave.service.example/ or http://service.example/dave )

bblfish: we can assume that the app or webapp knows the users WebID. This can have a relation ( to be defined ) to one or more LDPCs to which the client can post a picture. The user would have to choose which LDPC to post to. The client could use the previous selection by default for future posts.

Authentication

Dave must be authenticated in some way that gives the app a URL for him.

bblfish: That might be his WebID, or a profile page at some service, or his own site URL.

sandro: I don't think we should assume use of WebID. I'd just say the user has SOME identity URL

bblfish: Web Access Control can be generalised to allow any number of authentication mechanisms. WebID over TLS is a very efficient mechanism and nicely decentralised, but other mechanisms can work too. One can find logical relations between different authentication protocols and the Identities they allow as sketched by the Identity Interoperability section of the WebID specs

How is access control set?

Include a Link header on the post, of some sort?

bblfish: the LDPC's Web ACL can allow any number of agents to post to the container and can determine a default ACL for created resources. Different Authentication protocols can be used. The Web ACL of the container and the created resources can be edited using PATCH or PUT as with other LDP resources.

Dave tags the photo with Tantek

We create a triple like { photo foaf:depicts: tantek }

Where does this metadata go?

Do we POST this as a new resource?

Do we PUT/PATCH the photo metadata to include this? (How?)

(What would we do if someone else did the tagging)

bblfish: Some folks at the Web Annotation group are interested in using LDP as an API. It would be great to ask them for ideas on this.

Tantek gets a notification on another service that he's been tagged in a photo

Notification up to Dave's app or Dave's server?

sandro: it should be the server; the app's less reliable

What vocab?

Can we rdf-ize WebMention, treating web mention's form-data posts as RDF via an implicit json-ld context? Also see Friending on the Social Web for a very simple API that also would need to be tied closer to LDP.

Spam control?

Tantek shouldn't get notification JUST because he's been tagged, because this could be spam. Does he follow Dave? Or at least have Dave in a trusted portion of his social graph?

bblfish: The notification container can have an web access control rule to allow anyone to post, or only friends of friends, or only colleagues, or only family, or only members of a group, etc... A person who wishes to be open to the world will need at least one container that is publicly accessible - there is no way to be open and not to be spammable. But one could also require just WebID authentication to remove totally anonymous posts

Evan, who is subscribed to Dave, sees the photo on yet another service

Subscription mechanism?

What vocab, and what layout?

• Client-Integrated MicroBlogging Architecture offers two examples.
• can Activity Streams be helpful here?

Client or Server based?

Is it Evan's client who fetches the picture from Dave's site, or Evan's site/service?

Evan comments on the photo

Much like step 1+2, Evan does a POST of triple like { photo eg:comment "Some comment" } to his own site. Are there any new issues with comments?

David and Tantek receive notifications that Evan has commented on the photo

Spam control?

As above, what makes it so David and Tantek are available to be notified of anything, since Evan might be a spammer?

bblfish: as above David and Tantek's profiles can point to LDP Containers specialised for notifications that have Web Access Control restrictions to avoid spam.

Is Tantek interested?

By what logic should Tantek be notified? That might have to be application logic -- because this is a comment on a photo, everyone related to the photo should be notified. Or is it that Tantek queries for every comment on every photo he's tagged in?