<scribe> scribe: elf-pavlik

Update on 5.1.1 work, review suggestion on deployment of solid.community, request for volunteers to join a project team to talk about granular authorization

Jackson: 5.1.3 adds dialog that shows what you are allowing app, currently for global scope eventually for more granular scopes
... we want community input before deploying it to solid.community and main inrupt.net

elf-pavlik: how does it work

Jackson: WAC still has the trustedApp implementation
... this change adds new login flow
... if you already logged in it will skip directly to authorization page
... you can select from: read, write, append, control access for this app
... it breaks some applications which try to automatically log in to NSS
... already created fix for solid-auth-cli

timbl: if you you use trusted app pane, you can edit list of apps
... if you have very trusted app you can give it full access
... you don't have to give global permissions
... you could grant access to particular container

Mitzi: can you explain about new project team for granular authorization

Jackson: this subject sparked a lot of conversation

<michielbdejong> https://github.com/solid/solid-spec/issues/176

Jackson: current pane has very global scope
... apps need to communicate what kind of things they need access to
... we want to form a panel to address this problem - granular authorization panel
... i have gdoc which i will post in issue mentioned by michielbdejong
... we don't want for my chat app to read chat have access to read everything
... core solid team will help determine those panels

<bblfish> sorry for being late

elf-pavlik: how does it relate to Type Registry

michielbdejong: TR helps to discover where information stays located
... but type index is about data types
... it's a large part which app you would want to use with that
... chat app will usually just present resources with type related to chat
... but you could have chat related to music or medical records and you might not want to mix authorizations for those

<justinwb> i'm here

<justinwb> already raised my hand

justinwb: two things, first we're in process of governance model
... putting together what you proposing, what is the scope, what you looking to produce
... does it overlap WAC spec, WebID-OIDC
... you talk about authorization but you also talk about types of data, which also overlaps with discoverability
... we don't want to end up with two different models for describing types of information

RubenVerborgh: in terms of Type Registry we have to see it from more generic perspective
... we expect that we can replace those manual accesses by shapes and footprints
... to make it as automatic as possible

elf-pavlik: asks about triple level access control @bergos developed for LDApp

RubenVerborgh: Type index works more for discovery
... triple level access would be more substantial change

Mitzi: maybe you could put description of the aim, people would know what they sign up for

<bblfish> I suppose one could have them be orthogonal, but also allow ACL rules which allowed people to create a group of resources to which they could assign one Access type.

Jackson: please check authorization page on dev subdomain

<Mitzi> agenda item: https://github.com/solid/solid-spec/issues/188

Representation of a federation in the Solid universe

<Mitzi> presented by Benoit from Startin'blox

balessan: we implement linked data using Solid
... some use cases require federation, in particular distributed project management tools
... Solid seems more about personal data pods, not sure how we can go to architecture where you have something like diaspora and other federated systems
... we have custom implementation what would be a list of sources
... I look for something similar to ActivityPub

RubenVerborgh: I replied in issue, I don't fully understand
... within solid we on purpose don't identify pods as concepts

<bblfish> A pod could just be the root folder of a pod?

RubenVerborgh: since we focus on layer of linked data - linked documents

<bblfish> +1 for concrete examples

RubenVerborgh: you could add concrete example

balessan: we have two instances where you can get directory of people working on some projects
... we share across those instances similar projects
... we can't get lists of projects without knowing lists of pods

RubenVerborgh: I think we need to iterate in issue more
... I think you may need to link to projects

balessan: I'll add more details in issue
... I can present quickly what we work on

justinwb: when i read this issue i had question if you want to describe peer discovery network
... example would be really great

balessan: as StartinBlox we work on applications using linked data
... client apps using web components
... we did some work in non standard way
... we would like to switch to Solid
... we investigate RubenVerborgh's work on LDFlex

Mitzi: Matthias_Evering you wanted to talk about ethical web principles

Matthias_Evering: I've read email about principles we could adapt

Mitzi: it's possibly that we could create community group to talk about those ethical principles and related topics

RubenVerborgh: great idea, let's not forget that Tim is looking to come back to original vision of The Web
... Solid wants to empower people
... Solid Team, i see them as stewards of the project
... having those principles would be very needed

justinwb: I second RubenVerborgh, its very in line with the spirit what we all trying to do

RubenVerborgh: within community group we can have different task forces
... I wouldn't recommend a separate CG

<TallTed> +1 task force or the like. no need for another CG

Mitzi: how would you recommend setting it up

<TallTed> a/k/a sub-committee

RubenVerborgh: different taks forces can have separate meetings, use same mailing list for coordination
... I don't think we should have multiple CGs for Solid specific topics

<RubenVerborgh> Example: DCAT W3C working group, has subgroups, for instance Content Negotiation for DCAT

justinwb: I think we can just have action item to look at ideas how to incorporate ethical web principles
... i like how straight forward and concise they are

KjetilK: separate CG could be broader than Solid
... bunch of technologies could be interested
... for example fediverse with ActivityPub etc.
... we could also have solid CG more technical oriented
... this dedicated CG would stay more socially oriented
... many people with social interest could find technical discussions overwhelming
... we need broad societal angle

<RubenVerborgh> RubenVerborgh: I talked with an ethics research today, they are looking at ethics of data sharing, consent, GDPR etc. independently of technology as well

Mitzi: My could setup one call for that topic and repository to document conversation

<RubenVerborgh> +1 to what Mitzi said

<bblfish> +1

<KjetilK> +1

Mitzi: if it starts growing beyond solid we could move it out into dedicated workspace

+1

<armando> +1

<RubenVerborgh> https://github.com/solid/query-ldflex/issues/26

<RubenVerborgh> https://github.com/solid/solid-spec/issues/189

Security/provenance issue with Extended Profile

RubenVerborgh: only looks at single profile document, why doesn't it query linked documents
... if you automatically start fetching related data, we can have trust problem here
... if we fetch data what should be the scope of the query
... I don't see easy answer to it
... more important to first study the problem

bblfish: in my thesis I look at it for access control rules
... you can see it as monads from category theory which you can flatten
... it depends what you do if you want to follow links aggressively or not

justinwb: I see it as very context dependent thing
... client which asks stays probably in the best position to determine how they want to approach it
... data could inform client if 'there is not enough already'

TallTed: this gets very complex very quickly
... it stays related but not directed tied to Verifiable Claims and Verifiable Credentials
... for example to verify if RubenVerborgh said that I'm an excellent scholar

<bblfish> A guard following access control rules would need a well defined logic as to what links to follow as in that case the client wants to know ahead of time how the guard will reason so that it can guess what the right credential to show is.

TallTed: you may trust individual no matter what they say, or only on some topics (eg. of expertise)
... the more factors you have to consider the more difficult it becomes

RubenVerborgh: the problem is that apps ask questions
... depending how my data is organized it will come from one or more documents

<Zakim> RubenVerborgh, you wanted to nuance Justin's point ;-)

justinwb: shapes really help since they provide more structure of the data
... request could rely on those shapes

<justinwb> https://w3c-dvcg.github.io/ld-signatures/

justinwb: this work is really important - Linked Data Signatures

RubenVerborgh: please look at issues I linked and share you ideas

This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/rrs, draft minutes//
Succeeded: s/but have/but also allow/
Succeeded: s/Starting Blocks/Startin'blox/
Present: Matthias_Evering elf-pavlik TallTed KjetilK RubenVerborgh armando justinwb
Found Scribe: elf-pavlik
Inferring ScribeNick: elf-pavlik
Found Date: 06 Jun 2019
People with action items: 

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)