13:56:45 RRSAgent has joined #lws 13:56:49 logging to https://www.w3.org/2025/03/10-lws-irc 13:56:49 RRSAgent, make logs Public 13:56:50 please title this meeting ("meeting: ..."), laurens 13:57:11 meeting: Linked Web Storage 13:57:14 agenda: * Aaron Coburn 13:57:14 acoburn, sorry, could not get * Aaron Coburn (code 400). 13:57:27 agenda: https://www.w3.org/events/meetings/a19ab7dc-1753-433d-bac5-64e3ad8c0a43/20250310T100000/#agenda 13:57:29 clear agenda 13:57:29 agenda+ Introductions and Announcements 13:57:29 agenda+ Actions Items 13:57:29 agenda+ Glossary 13:57:29 agenda+ Terminology, use cases and requirements relevant to identity 13:58:22 chair: laurens 14:00:01 hadrian has joined #lws 14:00:15 eBremer has joined #lws 14:00:25 present+ 14:00:32 present+ 14:00:36 RRSAgent, make minutes 14:00:38 I have made the request to generate https://www.w3.org/2025/03/10-lws-minutes.html acoburn 14:00:45 present+ 14:01:23 present+ 14:02:36 bendm has joined #lws 14:03:01 scribe: bendm 14:03:16 RRSAgent, make minutes 14:03:18 I have made the request to generate https://www.w3.org/2025/03/10-lws-minutes.html acoburn 14:03:34 present+ 14:04:49 Wonsuk has joined #lws 14:05:38 laurens: agenda: intros, announcements / action items / glossary PR / terminology relevant to identity eg with respect to data portability (localstorage vs offline store, scoping) 14:05:49 ...: first agenda item: announcement 14:06:04 zakim, open adendum 1 14:06:04 I don't understand 'open adendum 1', acoburn 14:06:21 zakim, open agendum 1 14:06:21 agendum 1 -- Introductions and Announcements -- taken up [from agendabot] 14:06:49 laurens: there is a breakout scheduled for 26/3 14:07:00 ...: there is time till 12/3 to propose a breakout session 14:07:12 ...: there are only 7 proposals until now, nothing LWS related 14:07:23 ...: do we want to propose a breakout session about LWS? 14:07:43 https://github.com/w3c/breakouts-day-2025/issues 14:08:00 q+ Random newsish re Considerations in specs: Likely that the W3C TAG Societal Impact Questionnaire will be incorporated. 14:08:10 ack csarven 14:08:12 laurens: https://github.com/w3c/breakouts-day-2025/issues to propose session 14:09:09 See https://w3ctag.github.io/societal-impact-questionnaire/ , https://csarven.ca/presentations/societal-impact-questionnaire-tag-f2f , https://github.com/w3ctag/meetings/blob/gh-pages/2025/03-Paris/minutes.md 14:09:09 csarven: TAG has security and privacy and so on sections, and is considering societal impact questionnaire 14:09:41 ...: this questionnaire is supposed to be a more practical way of looking at the consequences of our designed standards 14:10:11 ...: this questionnaire is a draft, we anticipate that this will be incorporated in the explainer, as part of the design of the technical report 14:10:40 ...: I also shared the minutes of last week's TAG meeting 14:10:58 ...: even at the use case level, it matters, so we might want to revisit these questionnaires later on 14:11:13 ...: we already need to look at the implications of these designs 14:11:30 ...: please have a look, in the solid protocol there is an empty section for it, still to be done 14:11:46 ...: TAG will ask later if the group has looked at it 14:12:01 ...: it's still fuzzy at the moment, but it's important 14:12:29 present+ 14:13:08 laurens: coming back to the breakout sessions: I was wondering whether we could propose something 14:13:46 pchampin: breakout sessions are not specific to WG, more to bring topics to the broader community 14:14:10 ...: there's no expectation that this group submits something, but if someone here has something they want to discuss with the community, this is an opportunity 14:14:18 zakim, open agendum 2 14:14:19 agendum 2 -- Actions Items -- taken up [from agendabot] 14:14:36 s$solid protocol there is an empty section for it$solid protocol had a section for it: https://solidproject.org/ED/protocol#societal-impact-review but we haven't worked it out at back then 14:14:55 s/solid protocol there is an empty section for it/solid protocol had a section for it: https://solidproject.org/ED/protocol#societal-impact-review but we haven't worked it out at back then 14:15:01 laurens: open action items: adding owner and controller to glossary, has that happened? 14:15:20 hadrian: that has happened, I do most visible work in the weekend 14:15:25 https://github.com/w3c/lws-protocol/issues/15 14:15:25 https://github.com/w3c/lws-protocol/issues/15 -> Action 15 introduce both the term owner and controller in the glossary, and clarify their meaning. (on hzbarcea) due 2025-02-24 14:15:46 ...: there is an issue 122 I wanted to talk about 14:15:52 dmitriz has joined #lws 14:16:00 present+ 14:16:06 ...: since the PR is closed, I wonder what the process is to close issues 14:16:16 ...: I think 122 can be closed 14:16:20 https://github.com/w3c/lws-ucs/issues/122 14:16:20 https://github.com/w3c/lws-ucs/issues/122 -> Issue 122 Glossary draft (by hzbarcea) [needs-discussion] 14:16:47 laurens: I think your PR mostly addressed the scope of 122 14:16:54 ...: does the group agree? 14:17:00 q+ provenance 14:17:07 ack csarven 14:17:17 ack provenance 14:18:00 csarven: what remains is the part about having a trace from the requirements/terms came from use cases A, B, C 14:18:11 ...: I haven't seen these back-references 14:18:17 hadrian: I wanted to talk about that 14:18:34 ...: there is the DID use cases document, that is very well organized (issue 119) 14:18:49 https://github.com/w3c/lws-ucs/issues/119 14:18:50 https://github.com/w3c/lws-ucs/pull/119 -> MERGED Pull Request 119 Template for requirements (by hzbarcea) 14:19:08 ...: it references three other documents, that has a matrix that connects requirements with use cases 14:19:15 ...: I'm working on that matrix now 14:19:27 ...: the only way to close them is to provide the traceability matrix 14:19:44 -> https://www.w3.org/TR/did-use-cases/#requirements DID requirements matrix 14:20:07 csarven: I agree, as long we know why certain terms or requirements we not taken up 14:20:26 hadrian: indeed, once you do the traceability matrix, the use case proposer can see whether their use case is fully covered 14:20:52 ...: that's why I don't want to close issues as long as the proposer hasn't agreed that its use case was fully covered 14:21:33 hadrian: I still have the question about the process for closing the issue 14:21:52 ...: OK if the editor just closes? 14:21:59 ...: you can always reopen issues 14:22:04 ...: eg to correct mistakes 14:22:18 RRSAgent, make minutes 14:22:20 I have made the request to generate https://www.w3.org/2025/03/10-lws-minutes.html pchampin 14:22:26 laurens: it would be good to have some agency on closing the issue 14:23:10 hadrian: we made the comment that issues can be closed once they are handled and no one complains 14:23:22 ...: would be good if the closed issues can be added to the minutes 14:23:48 laurens: yes, would be good if you can create such an overview, i'll make an action item 14:23:50 ACTION: hadrian to present a weekly overview of closed issues in the https://github.com/w3c/lws-ucs/issues repository 14:23:58 Created -> action #16 https://github.com/w3c/lws-protocol/issues/16 14:24:50 laurens: so yes, at editor's discretion, agreement 14:25:14 zakim, open agendum 3 14:25:14 agendum 3 -- Glossary -- taken up [from agendabot] 14:25:51 hadrian: the glossary is pretty much done, most discussion needed related to identity and visible structure of a storage 14:25:56 s/TAG has security and privacy and so on sections/Specs have the Considerations sections including Security and Privacy, Accessibility, Internationalization, and so on, and TAG looks at them as part of Explainers 14:26:07 ...: ie taking up the discussion from last week 14:26:30 zakim, open agendum 4 14:26:30 agendum 4 -- Terminology, use cases and requirements relevant to identity -- taken up [from agendabot] 14:26:31 s/we not taken up/were not taken up 14:26:49 laurens: there are identity-related issues in our ucs repo 14:27:09 ...: also the interrelation between identity provider, identity documents, authentication, etc 14:27:39 ...: I wanted to focus on the requirements concerning identity for agents in LWS 14:27:57 ...: requirements for identifiers, identity documents, agents, and services, in the LWS ecosystem 14:28:22 ...: it's not about WebID vs DID, it's about having objective criteria for when we need an identifier 14:29:01 ericP has joined #lws 14:29:04 hadrian: I think my opinion on identity is stable for the last 18 months, but a bit different from Solid's idea 14:29:06 present+ 14:29:23 ...: the terminology is general enough, but we need to be more specific to get to consensus 14:29:31 ...: eg 126 and 125 14:29:32 https://github.com/w3c/lws-ucs/issues/126 14:29:33 https://github.com/w3c/lws-ucs/issues/126 -> Issue 126 [REQ-F] Guaranteed globally unique Identifier Storage(s) (by hzbarcea) [triage] 14:29:34 https://github.com/w3c/lws-ucs/issues/125 14:29:35 https://github.com/w3c/lws-ucs/issues/125 -> Issue 125 [REQ-F] Guaranteed globally unique Identifier for Entities (by hzbarcea) [triage] 14:30:05 ...: eg 'an identifier' is just a string, I don't think anyone can object to that 14:30:17 https://github.com/w3c/lws-ucs/issues/136 14:30:18 https://github.com/w3c/lws-ucs/issues/136 -> Issue 136 [REQ-F] Resources shall have one ore more addresses tied to Identities (by hzbarcea) [triage] 14:30:20 hadrian: 136 14:30:53 ...: when you talk about 'Hadrian', you talk about an identifier 14:31:02 ...: but that doesn't help you communicate with me 14:31:20 ...: my identifier doesn't change often, but my addresses can change a lot 14:31:57 ...: using identifiers for the purpose of authentication: it should use identifiers, not necessarily the address 14:31:59 q+ 14:32:22 ...: LDP didn't make the difference on purpose 14:32:45 ...: then you don't need additional infrastructure, but it's a bit of a bastardization 14:32:51 ack laurens 14:32:52 q+ "unique identifier" is too lower level for a requirement IMO. We already have https://www.w3.org/DesignIssues/Axioms#Universality2 14:33:34 laurens: to clarify: you talk about locators such are URL/URI, when you talk about address? 14:33:59 hadrian: yes, my point is that it's not necessarily the identifier of yourself 14:34:17 ...: there is a strong correlation between you and your phone number, but it's not the same, and at scale you see problems 14:34:21 ack csarven 14:34:45 csarven: How much will we get out of a requirement that we should use globally unique identifiers? 14:34:54 ...: isn't that a given? 14:34:56 >Any resource of significance should be given a URI. 14:35:18 q+ to say that portability requirements lead us to identity requirements: no portability or DNS portability (10Bs of DNS entries) -> DNS-backed identity reqs; user portability -> late-binding (DNS|)ledger-based user ids, no resource reqs; doc portability () -> late-binding (DNS|)ledger-based document (and ACL) ids 14:35:37 ...: so anything that should be referenceable/dereferenceably should get an identifier 14:35:48 q+ to ask about unique vs. unambiguous 14:35:58 ...: I'm not sure we should spend too much time, won't that be a given from the spec? 14:36:32 q? 14:36:45 ...: eg 'i want to look into my address book': your application needs to know who you are, so you will have a globally unique identifier 14:37:20 hadrian: I agree, not all these requirements will be put in the document, but they can ignite conversations 14:37:36 q? 14:37:49 csarven: then I propose a single requirement that "Any resource of significance should be given a globally unique identifier" 14:37:53 ack ericP 14:37:53 ericP, you wanted to say that portability requirements lead us to identity requirements: no portability or DNS portability (10Bs of DNS entries) -> DNS-backed identity reqs; user 14:37:56 ... portability -> late-binding (DNS|)ledger-based user ids, no resource reqs; doc portability () -> late-binding (DNS|)ledger-based document (and ACL) ids 14:38:26 ericP: portability requirements lead us to identity requirements 14:38:45 We should use IPV6 only 14:38:49 ...: eg the DNS route: no portability or DNS portability (10Bs of DNS entries) : we don't add additional requirements 14:39:27 ...: user portability, we're stuck with ledger-based user ids, so that if they go from one provider to another, so all their context will go with them 14:39:59 ...: if you want document portability, if you don't want to reset all your ACLs etc., then we need the option of ledger-based identity for documents 14:40:13 q+ 14:40:37 q? 14:40:41 ...: we need to check what we need from the portability requirements 14:40:43 ack pchampin 14:40:43 pchampin, you wanted to ask about unique vs. unambiguous 14:41:16 pchampin: i'm not sure we want 'globally unique', rather 'globally unambiguous' 14:41:22 ack hadrian 14:41:54 hadrian: ericP, do you mean blockchain such as Ethereum? 14:42:24 ...: there is Kerry? which would be a good option, used in legal context 14:42:31 s/that "Any resource of significance should be given a globally unique identifier/as with the design issues Axiom "Any resource of significance should be given a URI 14:43:26 q+ "prove control of its Identity" is orthogonal 14:43:38 ...: concerning 'unambiguous': yes, there could be multiple identifiers for an identity 14:43:54 ...: I agree on the meaning, we should agree on the phrasing 14:44:17 s/Kerry?/keri/ 14:44:22 q+ i tried to avoid the work "blockchain" and use the more fundamental term "shared-ledger", i.e. something serving as a replacement for the IANA-distributed DNS roots 14:44:39 hadrian: concerning public ledger, are you meaning merkle trees? 14:44:46 qN 14:44:47 ericP: i tried to avoid the work "blockchain" and use the more fundamental term "shared-ledger", i.e. something serving as a replacement for the IANA-distributed DNS roots 14:45:04 s/qN// 14:45:09 q? 14:45:12 ...: ie we have an out-of-band communication of identities, just like DNS gives out of band communication of domain names 14:45:42 csarven: I'm looking at issue 125 14:45:48 https://keri.one/ 14:46:00 ...: I'm not sure the description reflects the requirement 14:46:41 ...: if the intention is that someone is in control of their identifier, that's orthogonal to the mechanism to prove that, i.e. identifying something 14:47:26 ...: why is cryptographic method in particular important to prove the identity? why is that rolled into this description? Can't there be different ways? 14:47:31 q+ to add (for posterity) the other parameter i had forgotten was the distinction between well-behaved data providers vs. those that disappear suddenly (à la purl.org) 14:48:03 ...: I think the intention is 'significant things have an identity' 14:48:19 ...: we need to do identity that are compatibel with the Web 14:48:28 RRSAgent, make minutes 14:48:29 I have made the request to generate https://www.w3.org/2025/03/10-lws-minutes.html acoburn 14:48:50 ...: I think we should stay within that scope 14:49:03 ack ericP 14:49:03 ericP, you wanted to add (for posterity) the other parameter i had forgotten was the distinction between well-behaved data providers vs. those that disappear suddenly (à la 14:49:06 ... purl.org) 14:49:36 ericP: final portability issue: the distinction between well-behaved data providers vs. those that disappear suddenly (à la purl.org) 14:50:13 s/that "Any resource of significance should be given a globally unique identifier/as with the Design Issues Axiom, "Any resource of significance should be given a URI 14:50:14 q? 14:50:20 ...: so if that is in scope, we need more late-binding methods 14:50:57 laurens: I think the identity issues closely relates to a (pod/webid) provider that goes bust: how do we combat that? 14:51:24 ...: most methods rely on a resolver infrastructure 14:51:50 TallTed has joined #lws 14:51:56 q+ 14:52:13 q+ to ask whether that's important to nail down, e.g. can't we just have multiple identifier options that have different trade-offs? 14:52:30 dmitriz: i think the resolver part is irrelevant to us, just as the underlying dns resolvers are 14:52:37 jeswr has joined #lws 14:52:41 present+ 14:52:42 ...: we can just say 'stable' or 'resolvable' identifiers 14:52:49 present+ bendm 14:52:50 ...: and that's enough 14:52:51 q? 14:52:56 ack hadrian 14:53:05 kaefer3000 has joined #lws 14:53:11 hadrian: I agree with Dmitri in spirit 14:53:18 ...: but there will be an issue in portability 14:53:44 ...: we have to somehow address: if you move between providers with different identity systems, you need to handle that 14:53:47 ack bendm 14:53:47 bendm, you wanted to ask whether that's important to nail down, e.g. can't we just have multiple identifier options that have different trade-offs? 14:54:04 present+ ericP 14:54:22 bendm: I wanted to say the same thing as Dmitri, a stable or resolvable identifier might be sufficient for our scope 14:54:27 q? 14:55:03 hadrian: for next week, expect more on the matix 14:55:08 present+ 14:55:09 s/matix/matrix/ 14:55:21 ...: expect more requirements, and I will start closing more issues 14:55:25 q? 14:55:41 laurens: all right, we can close the session for today 14:56:13 RRSAgent, make minutes 14:56:14 I have made the request to generate https://www.w3.org/2025/03/10-lws-minutes.html pchampin 14:57:07 acoburn has left #lws 14:58:08 s/agenda: * Aaron Coburn/ 14:58:10 RRSAgent, make minutes 14:58:11 I have made the request to generate https://www.w3.org/2025/03/10-lws-minutes.html pchampin 15:17:34 Wonsuk has joined #lws