W3C

- DRAFT -

SV_MEETING_TITLE

11 Apr 2019

Attendees

Present
Mitzi, TallTed, dmitriz, elf-pavlik, michielbdejong, justinwb
Regrets
Chair
SV_MEETING_CHAIR
Scribe
elf-pavlik

Contents


Mitzi: we have two items on agenda proposed via wiki page, any other points ?
... quick update on action items from last week
... I've met with the solid team and we setup a milestone
... first one to tackle PRs going in chronological order

<scribe> Agenda: Define the specifications editors

TallTed, did you mean chronological, oldest first?

Mitzi, correct!

<justinwb> queue not working for me - can I speak :)

<TallTed> trackbot, who's here?

<trackbot> Sorry, TallTed, I don't understand 'trackbot, who's here?'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.

justinwb: we try to have process on how things get proposed and merged in, plus attribution of the people who have contributed

<dmitriz> +1 to that

<dmitriz> (to adopting the w3c convention of spec authors etc)

PROPOSAL: add editors and authors to the spec (explicit)

+1

<justinwb> +1

<dmitriz> +1

<scribe> Agenda: one *epic* issue to track it with more specific issues PRs as needed (Trusted Apps and Delegation)

megoth: would it be better to have something like github project
... work on trusted apps have various assets
... having one epic issue might not work as well as projects

<michielbdejong> :D

<dmitriz> @elf-pavlik - it sounds like you'd like to see at least 2 epics, one for per-app permissions, and a second one for delegation

dmitriz, i see them in many ways related, but project sounds good

justinwb: we should have one place where we articulate security model
... not by implementation but by use cases
... in a way going top down from bird eye view not bottom up from implementations
... we could have github project or area to define security model by use case and then map it to implementation work

TallTed: there is a substantial blur on what is getting done as solid server and how it maps to filesystem
... for example user, group, work vs, multiple groups of users etc.
... i see both necessary but i don't see that everyone has the same clarity of how it supposed to work

<dmitriz> @TallTed: I think that might not yet be in the specs, though.

bblfish: maybe one can formalize logic and define proofs of security
... i don't see problem that i was done informally but i think we can add some formal high level logic proofs

<TallTed> ack michielbdejong bblfish megoth

megoth: i think having formalized tests could be part of current efforts for solid tests

<Zakim> michielbdejong, you wanted to respond to elf-pavlik's point about web-delegation and server-side agents

michielbdejong: going back to elf's point about trusted apps and web delegation
... i think we currently work now on bug in WebID-OIDC
... we can talk about web delegation, not sure how it should work
... maybe WebID-TLS would work better here
... we should add to many since everyone should implement it

TallTed, solid servers have implemented both WebID-TLS and WebID-OIDC

scribe: no one fully implemented plus some implementation bugs

michielbdejong, WebID-TLS only seems supported for authentication with OP

TallTed, some UCs don't see possible with WebID-TLS

michielbdejong: we can use projects or milestones as discussed
... possibly on a wiki or adding notes directly in a spec

<megoth> +1 on notes in spec

<codenamedmitri> +1

+1 notes in spec

justinwb: back to what we said in the beginning, changes to the spec go through the same process even if just notes
... we can use discussed w3c process

bblfish, few years i implemented HTTP Signatures

scribe: which would work more web friendly than WebID-TLS

dmitri: I actually work with Manu Sporny right now and also involved in web signatures libraries
... i would say yes it is coming along but in my opinion not ready yet

bblfish, WebID-TLS brakes http layers

dmitri: we need better wallet spec, better private key handling

TallTed, people tend to treat specs as bible, Solid spec didn't go through W3C process so didn't get a 'wide review'

scribe: we can consider it far from perfect

<TallTed> ack

<Zakim> TallTed, you wanted to note this spec has not gone through W3 process, has not reached 1.0, etc.

<megoth> dmitri: I reckon that means we might want to wait a bit for something like WebID-WEBAUTHN as well, right?

<justinwb_> +1 to elf-pavlik point

elf-pavlik, we should clarify current state of WebID-TLS maybe event consider marking it as 'at risk'

TallTed: i suggest issue first before PR

michielbdejong: I think we should consider making changes slowly

<megoth> +1 to TallTeds point on issue before PR

michielbdejong: we should try avoid making breaking changes as much as possible

other issues

Jaxon: I'm about to make PR dealing with proxy redirects of solid server, which shouldn't affect how apps work

<Mitzi> https://github.com/w3c/EasierRDF/issues/64

Mitzi: I see this shapes related issue in repository of different project

justinwb: I think the spirit of the post was that one shouldn't expect that at some point one will become what everyone uses
... one should expect equally legitimate approaches

<codenamedmitri> heh heh i think eric is shex :)

elf-pavlik, JSON-LD has little different purpose thatn ShEx or SHACL

https://www.slideshare.net/jelabra/shex-vs-shacl

justinwb: we do a lot of work with ericP incorporating ShEx into solid sdk-toolkit
... once we really get that experience, then we can work out how we can apply it to other approaches as well
... we still have some work to do on that

megoth: i probably will reuse the work on ShEx and SHACL from solid-sdk in my future work on solid-panes

Mitzi, with the time change time in americas is very early now, can we push meeting forward let's say two hours?

<justinwb_> +1

<bblfish> fine

scribe: so from 14:00 to 16:00 current european time CEST

<codenamedmitri> yeyyy! (re moving forward)

scribe: next week is easter and i will be traveling, should we skip it last week?

<justinwb_> +1 to skip

+1 to skip

Mitzi, W3C event in japan where we could meet f2f

scribe: I think most of the people may not find meeting in Japan very cost effective
... in December there will be conference in Paris
... we could arrange f2f a day before or after

<codenamedmitri> ooh what conference is this (in paris)?

<bblfish> +1 for paris

<bblfish> (I am in Bavaria, so Paris is a lot closer than Japan)

I know people of APIdays, presented there in 2015: https://www.slideshare.net/elfpavlik/api-standardization-work-in-w3c-groups

<michielbdejong> ah that's a cool conf i think, yes. also i think Paris is a great location in terms of mindshare

<justinwb_> +1 paris

<codenamedmitri> thanks everyone!

<megoth> have a great day, weekend, and break ^_^

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/04/11 12:50:18 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/reverse chronological/chronological/
Succeeded: s/might be outside of/might not yet be in/
Succeeded: s/include ShEx or SHACL in solid-sdk, possibly also in solid-panes project/reuse the work on ShEx and SHACL from solid-sdk in my future work on solid-panes/
Present: Mitzi TallTed dmitriz elf-pavlik michielbdejong justinwb
No ScribeNick specified.  Guessing ScribeNick: elf-pavlik
Inferring Scribes: elf-pavlik

WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting


WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)


[End of scribe.perl diagnostic output]