<ericP> scribe: Kellyo
<bengo> ? https://www.w3.org/TR/ldp/#dfn-linked-data-platform-container
<ericP> justinwb: this is a topic i've been working on.
<ericP> ... two indepent apps need to know where to write their data
<ericP> ... they must not corrupt the info so no other app can use it
<ericP> ... without this safety, you create silos
<ericP> ... the only apps that can participate are the ones that interoperate
<ericP> ... this belongs in the spec
<bengo> Plz link to existing work on this?
<ericP> ... i've been doing some work. looking for collaborators
<ericP> ... organizing for type alone is not enough as folks store things in different contexts.
<ericP> ... you need to account for type and context.
<ericP> ... the notions of discovery and authorization tend to cross paths
<ericP> ... people need to know how to intuitively use and find stuff
<ericP> ... we need it intuitive enough that folks don't give away too much or so little that it's of no value
<ericP> Mitzi: where are you working on it?
<ericP> justinwb: been talking to folks. close to sharing
<ericP> veltens: agree that type is not enough
<ericP> veltens: i gave markbook.org access to my bookmarks but nothing else
<ericP> ... user experience is bad. took me ~30 mins to work it out
<ericP> ... maybe something like how OAuth works
<ericP> ... something like "to use this app, you need to give X access"
<ericP> ... some redirector to the pod
<ericP> Alex_Bourlier: isn't openid + clever ontologies enough?
<ericP> ... i know we can define @@1 and scope in openid
<bengo> Agree. Great to build on top of OIDC "Authorization Request", but not authorization to authenticate, but authorization to read/write into Solid. https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthorizationEndpoint
<ericP> ... don't we just need the right ontologies on top of that?
<ericP> dmitriz: you're right that OAuth + openid mechanism gives that
<ericP> ... the main problem is coming up with identifiers for e.g. @@lost-conn
<ericP> ... we need a notion of categories
<ericP> ... or we need to pre-define some @@3
<Sabrina> The following paper on Access Control for RDF might be useful http://www.semantic-web-journal.net/system/files/swj1280.pdf
<Sabrina> I'm biased but it provides a nice SOTA on AC
<bengo> A candidate solution is to use OIDC AuthorizationRequests, 'scopes', but define a vocabulary of 'solid authorization scopes' (perhaps just URLs) with useful enough semantics to describe specific ACL's into specific collections
<ericP> Sabrina: i've been discussing this with many folks.
<dmitriz> bengo: agreed, that's definitely the way to go
<ericP> ... i'm a researcher at U Vienna, was at DERI doing access controls for linked data.
<Alex_Bourlier> @Dmitri: Thank you for your explanation
<dmitriz> bengo: the tricky part is how to define the scopes
<ericP> ... just posted a survey paper
<megoth> someone need to mute - we can hear you typing
<ericP> ... i moved from access control to usage control
<megoth> eric?
<dmitriz> @Sabrina: that was an excellent paper, I'm a big fan of it
<ericP> Sabrina: i can help with access control, but we need usage control
<ericP> ... at issue is where the data is cached and what happens when i change a policy
<ericP> ... super happy to hear this discussion
<bengo> dmitriz: Agree. Wonder if these scopes can just be URLs to LD (using webACL vocab? I don't know that so well). Would be invaluable to try writing a program that can render that fetched scope as an HTML Form a user can read to understand 'who wants authorization and for what'? Any good solution to this needs to be able to present a consent form to the user. A good constraint to get too theoretical and anchor in human centeredness.
<ericP> pmcb: you've looked at the state of the art for RDF. have you looked at capabilities (which seems to be growing)?
<ericP> Sabrina: no just access to RDF stors
<ericP> ... am working on an ODRL profile for regulatory compliance
<ericP> ... ODRL is heavily influenced by liscencing; am working on extensions for access control
<ericP> pmcb: what should we use for a code base today?
<ericP> Sabrina: Thompson Reuters has invested in ODRL
<ericP> ... it will be shared
<ericP> dmitriz: Sabrina, you bring up an important of usage rights, but i want to make sure we don't bundle it with app permissions
<ericP> Sabrina: was at a dagstuhl seminar on semantic access where we reallized we didn't even have access control
<bengo> https://w3c-ccg.github.io/ocap-ld/
<ericP> dmitriz: +1 to pmcb's suggestion to look at object capabilities
<dmitriz> Sabrina: ah, ok, looks like Ben already posted the link. Object Capabilities for Linked Data - https://w3c-ccg.github.io/ocap-ld/
<ericP> ACTION: michielbdejong to find a place for this discussion to happen
<trackbot> Sorry, but no Tracker is associated with this channel.
<dmitriz> there's already a solid test spec repo, is there not?
<ericP> Mitzi: we can have more targeted mailing lists for e.g.
<ericP> ... .. specs
<ericP> ... .. pod providers
<ericP> ... .. app developers
<megoth> ack
<bengo> Write a proposal as wiki page or GitHub issue with specific channels, semantics, etc that we can vote on?
<ericP> dmitriz: usually mailing lists play out so that you break out when there's too much volume.
<ericP> ... given our low volume, propose to keep on one channel
<aveltens> I wasn't aware, that there are so many mailing lists at all :=
RESOLUTION: use single mailing list
<michielbdejong> Philip Laszkowicz (Omnijar)and Bandon Whitehead (Popokotea).
<bengo> If anyone includes proposals on future agenda, will you please link to a canonical version of the proposal? Otherwise assumes some context not all might have. That way we're all talking and thinking about the same thing.
<dmitriz> bengo: I think there aren't yet links, I think we're using the calls to sort of gauge whether a proposal makes sense to start :)
<dmitriz> bengo: or at least that's how I'm doin git
<bengo> got it
<megoth> @ericP your keyboard again ;)
<ericP> Mitzi: there's a wiki for app providers
<Alex_Bourlier> :-)
<justinwb> now it's just toying with you @ericP
<bengo> dmitriz: Still, presenting on the phone is the most expensive way of introducing a topic (synchronous). For same amount of time commitment for proposer, take 60seconds and type something that is a complete sentence out, even if just in the agenda. Lets audience get to it asynchronously, ahead of time, and with more than just a few seconds to consider and weigh in.
<ericP> veltens: want to discuss a roadmap for the next few month (priorities)
<ericP> ... ACLs could be on there
<dmitriz> bengo: hmmm I think you're right (re cost of communication)
<ericP> ... of course folks can work on what they want but this can give us more focus
<Zakim> michielbdejong, you wanted to respond to aveltens
<ericP> michielbdejong: i see your point. it helps us have a plan
<ericP> ... when i hit "q+", i was thinking "there can't be *one* plan"
<ericP> ... but then we want to be as coordinated as possible
<ericP> ... we could form groups of people that work on a topic
<ericP> ... and ask each other what's important now
<ericP> ... build apps, in particular whatever app you want to use
<ericP> ... doesn't have to be one plan, but it can be a consensus about what folks want to work on
<ericP> justinwb: a lot of the prioritization that lead to e.g. working on access control came from building stuff
<dmitriz> veltens: I really like even just the idea of 'here's what I'm working on' list from people. like, that alone would be soo helpful
<bengo> The kubernetes community does this well with "Special Interest Groups" https://github.com/kubernetes/community/blob/master/sig-wg-lifecycle.md
<dmitriz> bengo: interesting
<michielbdejong> +1 to what justinwb is saying, 'the best ways to surface things that are important, is to just start making stuff'
<ericP> ... nothing is more important for the spec and tooling than being able to build stuff
<ericP> dmitriz: just a list of what folks are working would be hugely helpful
<dmitriz> pat: there isn't :)
<megoth> FYI Kjetil is here ^_^
<ericP> pmcb: is there a best of breed for ACLs and policies (not necessarily RDF)
<ericP> Sabrina: my focus was on SemWeb
<ericP> dmitriz: i believe there isn't one now
<bengo> Minimizing work-in-progress (e.g. by encouraging new community members who don't care where they start to rally around a specific single effort) can have a *very* big effect on increasing the rate of flow of meaningful work across the community ("production system"). Much on this in industrial engineering and lean manufacturing. https://medium.com/@nikolaos.raptis83/try-to-minimize-work-in-progress-during-sprint-a44b2d004ec4
<ericP> ... industry is role-based (unix), attribute-based (but no software we could use -- tried to write a js lib for that)
<ericP> pmcb: so then were back to justinwb's point that we need to just figure it out as we go
<ericP> veltens: we won't have *one* plan, but it would be nice to have a list
<bengo> Earlier this morning I found myself looing for a prioritized backlog or kanban over here: https://github.com/orgs/solid/projects It's pretty good, but unclear how to govern it (who makes the call?). I think any given interest group could make their own repo/project board
<ericP> ... would give us transparency and ability to team up on projects
<ericP> Mitzi: would like you to lead that, suggest W3C Solid wiki
<ericP> kjetil: been talking about a "surface test suite" to verify that an application is compliant with the specs
<ericP> ... i volunteer to produce such a test suite
<dmitriz> bengo: yeah, the governance is the tough part, tools wise it's easy enough :)
<ericP> kjetil: the LDP test suite has some critics
<ericP> pmcb: arron coburn (Trellis) has developed a test suite for WEB ACL
<bengo> dmitriz: There's a good middle ground of 'federalism' where there doesn't have to be one big prioritized backlog, but several depending on your 'interest area'. Better than having nothing. I think the call to action is encouraging everyone to "publish your priorities and, if possible, commitments" so that others can discover them and help out. (as you have done by messaging me)
<ericP> kjetil: think that a DSL would be ideal
<ericP> ... not sure it would cover everything we need
<aveltens> +q
<ericP> ... e.g. a part that would be probing for expliots
<ericP> ... the community (or me) will have to answer that
<ericP> timbl: i think it's reasonable to have an RDF manifest so you can keep track of impls
<dmitriz> bengo: yeah, exellent points, re federalism / loose interest groups. absolutely
<ericP> ... need to import suites from Turtle, RDF/XML, etc.
<dmitriz> bengo: maybe we can start the conversation on the mailing list?
<ericP> ... they come with RDF manifests
<ericP> kjetil: the summary in EARL would be nice as well
<ericP> ... (which formulates test results rather than tests themselves)
<ericP> Alex_Bourlier: is the test you want on the ACL part only or the whole server?
<Sabrina> +q
<bengo> test.activitypub.rocks is official ActivityPub test suite. It's a web app? It's often down. Lesson: make sure it's easily runnable by others, not just that it exists.
<bengo> https://github.com/w3c/activitypub/issues/337
<ericP> Alex_Bourlier: when it be ready?
<ericP> timbl: ask "when will it be 80% done?"
<bengo> Also: I would start just by writing a couple test cases in English. Or a prioritized list of 'thing in the spec to test'. i.e. encode the test cases such that a human can follow them. Then different test suites in different languages/methods can test the same things. (it's not always obvious even how to test a single normative statement)
<ericP> ... you can tell someone who works on GoLD what need to be done
<bengo> Finally, I think the ideal program of this can work on `docker run solid/test http://anyurl.com` and exit code 0 or 1 (not a webapp like test.activitypub.rocks)
<ericP> ... strongly encourage this work. feel free to help kjetil
<ericP> ... i.e. create tests or cataloging them
<Sabrina> -q
<ericP> kjetil: dmitriz created a doc for this. tx
<dmitriz> noooo no cucumber!! :)
<ericP> aveltens: look at cucumber tests
<Sabrina> Maybe talk to the R2RML people, they had a nice test suite and process
<Alex_Bourlier> I've got to go. Thank you everyone for this very insightful call.
<ericP> kjetil: had probs with cucumber; prefer RDF DSL
<bengo> +1 cucumber (in addition to whatever else). Plain english beats all. https://www.protractortest.org works great. I can help with that version
<Alex_Bourlier> I'll make sure we put our struggles on the agenda
<Alex_Bourlier> ++
<ericP> aveltens: if you reconsider cucumber, i can help
<dmitriz> +1 to looking at ActivityPub's test suite
<bengo> See above. (don't need to speak audio on this)
<ericP> bengo: activity pub tests got started late.
<dmitriz> (-1 to cucumber tho :P )
<ericP> ... not something you can integrate with your CI tests
<dmitriz> Sabrina: do you have a link to their suite?
<ericP> Sabrina: look at the R2RML tests. seemed comprehensive
<bengo> Don't need headless browser testing to test the HTTP API necessarily. But all of the janky solid ui stuff is impossible to test for regressions without actually running in a browser.
<michielbdejong> aveltens: to start your list, you can add: Jackson Morgan is working on node-solid-server (responding to bug reports, not implementing new features at this time), I'm working on npm modules for use in node-based Solid servers, Kjetil Kernsmo is working on the test suite, and Arne Hassel is working on the data browser. All four of us are doing so full-time, and employed by inrupt.
<Vincent> bengo: Protractor is a wrapper around Webdriver/Selenium to deal with Angular's lifecycle. If you're not using Angular, regular Webdriver/Selenium is probably more appropriate :)
<aveltens> @bengo I would not right browser based end-to-end test when it's about the solid-server/spec only. Just describe the expected API
<michielbdejong> aveltens Sabrina justinwb dmitriz initial place for discussing collections / partial access to your pod: https://github.com/solid/solid-spec/issues/150
<bengo> Vincent: I use protractor without angular on a daily basis. It's fine.
<aveltens> +q
<megoth> https://github.com/solid/solid-panes/issues/64
<ericP> action kjetil to lead the test suite
<trackbot> Sorry, but no Tracker is associated with this channel.
<ericP> ACTION: kjetil to lead the test suite
<trackbot> Sorry, but no Tracker is associated with this channel.
<bengo> Vincent: Specifically protractor will also call out to cucumber-js for you in a way you don't have to maintain yourself. https://www.npmjs.com/package/protractor-cucumber-framework
<bengo> Yes you could write it yourself from the underlying libraries, but... why?
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: Sabrina WARNING: Fewer than 3 people found for Present list! Found Scribe: Kellyo WARNING: 1 scribe lines found (out of 251 total lines.) Are you sure you specified a correct ScribeNick? WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: kjetil michielbdejong WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]