12:47:49 RRSAgent has joined #lws 12:47:53 logging to https://www.w3.org/2025/03/24-lws-irc 12:47:53 RRSAgent, make logs Public 12:47:54 please title this meeting ("meeting: ..."), laurens 12:48:11 meeting: LWS WG Meeting - 24/03/2025 12:48:27 agenda: https://www.w3.org/events/meetings/a19ab7dc-1753-433d-bac5-64e3ad8c0a43/20250324T100000/ 12:48:28 clear agenda 12:48:28 agenda+ Introductions and Announcements 12:48:28 agenda+ Action Items 12:48:28 agenda+ Use Cases and Requirements 13:55:38 acoburn has joined #lws 13:58:32 eBremer has joined #lws 13:59:16 hadrian has joined #lws 14:00:46 bendm has joined #lws 14:00:53 present+ 14:01:45 -> https://www.w3.org/groups/wg/lws/ LWS 14:02:38 present+ 14:02:42 jeswr has joined #lws 14:02:48 present+ 14:03:02 present+ 14:03:13 present+ 14:03:27 RRSAgent, make minutes 14:03:28 I have made the request to generate https://www.w3.org/2025/03/24-lws-minutes.html acoburn 14:03:50 chair: laurens 14:04:06 present+ 14:04:26 ericP has joined #lws 14:04:30 present+ 14:04:33 present+ 14:05:08 scribe+ 14:05:24 rrsagent, make minutes 14:05:26 I have made the request to generate https://www.w3.org/2025/03/24-lws-minutes.html ericP 14:06:08 scribe+ 14:06:56 agenda? 14:07:04 next agendum 14:07:17 TallTed has joined #lws 14:07:33 laurens: no announcements on my side 14:07:43 q? 14:07:44 ... anyone lese? 14:07:45 [crickets] 14:07:55 next agendum 14:07:58 s/lese/else 14:08:11 Zakim, take up agendum 2 14:08:11 agendum 2 -- Action Items -- taken up [from agendabot] 14:08:32 bendm7 has joined #lws 14:08:39 https://github.com/w3c/lws-protocol/issues/16 14:08:40 https://github.com/w3c/lws-protocol/issues/16 -> Action 16 present a weekly overview of closed issues in the https://github.com/w3c/lws-ucs/issues repository (on hzbarcea) due 2025-03-17 14:09:08 acoburn: hadrian, any closed issues? 14:09:26 hadrian: i closed 112, 126, 133 last week 14:09:29 s|https://github.com/w3c/lws-protocol/issues/16|topic: https://github.com/w3c/lws-protocol/issues/16 14:09:37 https://github.com/w3c/lws-ucs/issues/112 14:09:37 https://github.com/w3c/lws-ucs/issues/112 -> CLOSED Issue 112 [UC] Storage portability from a provider to another (by hzbarcea) [duplicate] [usecase] 14:09:39 s/topic:/subtopic: 14:09:41 https://github.com/w3c/lws-ucs/issues/126 14:09:42 https://github.com/w3c/lws-ucs/issues/126 -> CLOSED Issue 126 [REQ-F] Guaranteed globally unique Identifier Storage(s) (by hzbarcea) [duplicate] 14:09:43 https://github.com/w3c/lws-ucs/issues/123 14:09:44 https://github.com/w3c/lws-ucs/pull/123 -> MERGED Pull Request 123 Updated glossary (by hzbarcea) 14:09:48 hadrian: tx to ted for lots of comments 14:09:55 RRSAgent, make minutes 14:09:56 I have made the request to generate https://www.w3.org/2025/03/24-lws-minutes.html pchampin 14:10:03 present+ 14:10:37 TallTed has changed the topic to: LWS WG -- 2025-03-24 agenda: https://www.w3.org/events/meetings/a19ab7dc-1753-433d-bac5-64e3ad8c0a43/20250324T100000/ 14:10:47 https://github.com/w3c/lws-protocol/issues/15 14:10:47 https://github.com/w3c/lws-protocol/issues/15 -> Action 15 introduce both the term owner and controller in the glossary, and clarify their meaning. (on hzbarcea) due 2025-02-24 14:11:04 discussing PR https://github.com/w3c/lws-ucs/pull/137 and issue 15 14:11:05 https://github.com/w3c/lws-ucs/pull/137 -> MERGED Pull Request 137 Definitions for owner and controller (by hzbarcea) 14:11:13 I have made the request to generate https://www.w3.org/2025/03/24-lws-minutes.html TallTed 14:11:27 s|https://github.com/w3c/lws-protocol/issues/15|subtopic: https://github.com/w3c/lws-protocol/issues/15 14:11:54 https://github.com/w3c/lws-protocol/issues/15 14:12:03 laurens: closing issue 15 14:12:32 hadrian: csarven commented that we have too many terms that point to a specific solution 14:13:05 ... i see his point of view. those glossary terms are there right now. if anyone wants, i can remove them temporarily 14:13:12 hadrian: table to next agendum 14:13:27 ... status of categories? 14:13:48 https://github.com/w3c/lws-protocol/issues/11 14:13:49 https://github.com/w3c/lws-protocol/issues/11 -> CLOSED Action 11 add categorization to the needs discussion labeled issues (on hzbarcea) due 2025-01-13 14:13:53 hadrian: you can close that. we have a critical mass of categories 14:14:26 Zakim, take up next agendum 14:14:26 agendum 1 -- Introductions and Announcements -- taken up [from agendabot] 14:14:37 Zakim, close item 1 14:14:37 agendum 1, Introductions and Announcements, closed 14:14:38 I see 1 item remaining on the agenda: 14:14:38 3. Use Cases and Requirements [from agendabot] 14:14:39 Zakim, take up agendum n3 14:14:40 'n3' does not match any agenda item, ericP 14:14:44 Zakim, take up item 3 14:14:44 agendum 3 -- Use Cases and Requirements -- taken up [from agendabot] 14:14:48 s|https://github.com/w3c/lws-protocol/issues/11|subtopic: https://github.com/w3c/lws-protocol/issues/11 14:15:17 laurens: i see progress over the weekend. update, hadrian? 14:15:31 hadrian: 1st, two probs: 14:16:05 https://github.com/w3c/lws-ucs/pull/139 14:16:06 https://github.com/w3c/lws-ucs/pull/139 -> MERGED Pull Request 139 add minimal CSS for readable tables (by pchampin) 14:16:30 ... .. pchampin's patch for tables was good but doesn't fully work because of respec limitations 14:16:50 ... gonna play with HTML tables 14:17:03 https://github.com/w3c/lws-ucs/pull/143 14:17:04 https://github.com/w3c/lws-ucs/pull/143 -> Pull Request 143 Add requirements and requirements matrix (by hzbarcea) [needs-discussion] 14:17:08 present+ joined at 14:17 UTC 14:17:12 ... there's only one UC because i'm experimenting with the requirements matrix 14:17:36 .... i couldn't create anchors in the matrix (of course, i can do it in HTML) 14:18:11 ... i added a few requirements 14:18:18 ... we can select any for today 14:18:48 q? 14:18:55 ... i didn't work on authentication requirements. once i've done them, we can add them to lots of UCs and mark them complete 14:19:15 ... happy to discuss and close any issues 14:19:36 https://github.com/w3c/lws-ucs/issues?q=is%3Aissue%20state%3Aopen%20label%3Aneeds-discussion 14:19:56 https://github.com/w3c/lws-ucs/issues/141 14:19:57 https://github.com/w3c/lws-ucs/issues/141 -> Issue 141 [REQ-F] Consent based sharing (by hzbarcea) [needs-discussion] 14:20:09 laurens: let's start with https://github.com/w3c/lws-ucs/pull/141 14:21:10 ... the input documents have ACL mechanisms but no protocol for granting access in the input documents 14:21:19 q+ to asy that the low bar is that we do nothing 14:21:50 ... do we see it as part of the requirements to provide a mechanism to request access 14:22:01 q? 14:22:04 ... i think it's important to have and make interoperable 14:22:06 ack ericP 14:22:06 ericP, you wanted to asy that the low bar is that we do nothing 14:22:22 scribe+ 14:23:11 ericP: if you move your data from provider A to provider B, you may have to learn a new way to setup your ACLs 14:23:12 q? 14:23:23 ... and we don't have the "google docs" mechanism to request access 14:23:29 ... those are the known pain points 14:23:39 scribe- 14:23:40 q+ There was a mechanism proposed for requesting access: https://github.com/solid/specification/pull/253#issuecomment-895062229 14:23:42 https://github.com/solid/specification/pull/253 -> CLOSED Pull Request 253 Add Inbox Discovery on Client Error (by csarven) [doc: Protocol] [topic: resource access] [topic: events and notifications] [status: Nominated] 14:23:52 laurens: i think the lack of standard way to req access is the primary pain point 14:23:59 q+ to ask whether we have (industry) standards to start from 14:24:02 q+ csarven 14:24:04 q? 14:24:18 ... nothing analogous to the Google Doc req for access 14:24:44 q- 14:25:06 ack csarven 14:25:24 present+ 14:25:58 csarven: i think the proposed req issue is unclear but the things that folks have said here seem familiar 14:26:33 ... SolidCG made an attemt to build on Solid protoocol to req access 14:26:54 q+ to note Inrupt's incubation of this feature 14:27:13 ... in Google Docs, if you try to access a doc you don't have access to, [there's a button to request access] 14:27:37 +1 to csarven, I think there has been several incubated work around consent request; I don't think I heard anyone say it hadn't been incubated, though, only "not standardized" 14:27:38 ... 403 gives you a link to req access 14:28:14 ... in Solid CG, we had a notification sent to the resource owner 14:28:22 -> https://solid.github.io/data-interoperability-panel/specification/#access-request Interoperability Panel incubation 14:28:32 ... this is the low-tech approach to requesting access 14:28:33 q+ to talk about access permission request elements as primitives, rather than specifics 14:28:51 ... what to put in the payload is a data-modeling exercise 14:29:09 ... the solution incubated in the SolidCG was based on WAC 14:29:19 laurens has joined #lws 14:29:24 q? 14:30:05 q+ to mention SAI 14:30:09 q? 14:30:15 ack bendm 14:30:15 bendm, you wanted to ask whether we have (industry) standards to start from 14:31:07 bendm: csarven's approach is sort of a minimum thing to add to the protocol 14:31:39 q? 14:31:45 ack acoburn 14:31:45 acoburn, you wanted to note Inrupt's incubation of this feature 14:32:02 ... wanted to mention other industry standards 14:32:36 acoburn: we have access reqs with tamper evidence. simiarl to interop panel's tech 14:33:08 ... these aren't industry standards but they are used in production environments at scale 14:33:17 q? 14:33:22 ack TallTed 14:33:22 TallTed, you wanted to talk about access permission request elements as primitives, rather than specifics 14:33:23 q- 14:33:28 s/resource owner/resource owner. There is implementation experience / still in use, e.g., in https://dokie.li/ 14:34:10 q+ 14:34:15 TallTed: rather than taking about interactions, i think we should talk about a resource and an agent trying to delete or append 14:34:51 ... the controler and owner may have different interactions 14:35:10 ... may be useful to create a Mermaid diagram 14:35:49 primatives are more likely to be generically applicable 14:36:43 q? 14:36:44 ... the looser this can be speciified, the better. how to make it interact and how to make it portable 14:36:46 ack hadrian 14:37:33 q+ 14:37:35 hadrian: agree. was careful with phrasing to say "verifiable proof" and "audit trail" 14:37:46 ... i'm not personally interested in the flows 14:38:34 +1 on focusing on the proofs of access request/grant so you have portability, eg for the audit trail 14:38:46 ... jessie, acoburn and few others wanted to avoid specific mechanism in the spec 14:39:05 jeswr has joined #lws 14:39:25 q+ 14:39:30 ... can we just prescribe the proof of an agent's access ? 14:40:04 TallTed: just saying we need a "verifiable proof of consent" doesn't tell me the required functionalities 14:40:06 RRSAgent, make minutes 14:40:08 I have made the request to generate https://www.w3.org/2025/03/24-lws-minutes.html pchampin 14:41:05 hadrian: as the server, i need to say that i granted an agent access and a proof for how the grant was appropriate 14:41:38 q? 14:41:57 ... we have two providers, A and B 14:42:04 i|let's start with|subtopic: w3c/lws-ucs#141 14:43:26 ...if storage provider A grants TallTed access to hadrian's resource, ... 14:43:38 ryey has joined #lws 14:43:44 TallTed: that seems like ACLs 14:43:56 q? 14:44:28 present+ 14:44:43 hadrian: should we say that there should be a way to req access or should we prescribe it? 14:45:11 ... i think the former because it will change monthing as providers innovate 14:46:02 q+ to follow-up on primitives, e.g., notification, unit of information, actors, kind of access 14:46:05 q? 14:46:12 ack laurens 14:46:14 TallTed: what happens when you move your data from detailed provider to minimal provider 14:47:04 laurens: i'm concerned by the spread between a minimal provider and a detailed provider 14:47:16 ... diff betwen consent and ACLs: 14:47:43 ... .. concsent: i wanna give user Alice access to my health records 14:47:54 q? 14:47:57 ack jeswr 14:48:03 q+ to note that consent is often time-constrained and bound to a specific purpose 14:48:04 ... .. ACLs: specific documents and agents 14:48:14 jeswr: i think we're conflating: 14:48:32 .... .. portablily 14:48:43 ... .. auditability 14:48:47 +1 jeswr re not conflating requirements 14:49:00 ... .. access management 14:49:03 ... .. consent 14:50:15 +10 jeswr for making an excellent attempt at reverse-engineering the requirement 14:50:24 ... for access controls and consent, i'd like to differentiate hadrian:proof (ESS gramt model, with proof-carrying-authentication) vs. WAC-like mechamisms where you only show up with an identity 14:51:18 .... when't we're taking about access conbtrol, we need to discuss attempting to access a resources and the server deciding or not to give access 14:51:53 q? 14:51:58 ack csarven 14:51:58 csarven, you wanted to follow-up on primitives, e.g., notification, unit of information, actors, kind of access 14:52:08 +2 jeswr for distinction between proof and access control, and stages of access (control) evaluation, for more flexible policy mechanism 14:52:12 ... also need to determine how we achieve interop on request consents, then we can ground our audit discussion 14:52:24 csarven: +1 ot unpacking the reqs 14:53:31 ... the first sentence in issue 141 could say "to allow access to an entity" 14:53:55 ... sencond sentence talks about "proof of consent" 14:54:15 q+ 14:54:16 ... i think we're using the word "consent" with different perspectives 14:54:28 ... +1 to focusing on the primatives 14:54:58 ... if i want to req access, i need to make a call, click a button, .... 14:55:47 ... are we asking for a specifc way to request access? 14:56:01 q? 14:56:15 q? 14:56:20 ack acoburn 14:56:20 acoburn, you wanted to note that consent is often time-constrained and bound to a specific purpose 14:56:30 ack laurens 14:56:37 acoburn: more to unpack. continue in following weeks 14:56:58 laurens: we need to ensure we understand the terminology, e.g. "consent" 14:57:32 ... we need to not conflate reqs. this issue relates closely to data and permission portability 14:57:55 ... this discussion has layers. we'll need to scope 14:58:25 hadrian: i'll add more thoughts in issue 141 14:58:33 acoburn: as will i 14:58:41 RRSAgent, make minutes 14:58:42 I have made the request to generate https://www.w3.org/2025/03/24-lws-minutes.html ericP 14:59:53 ... anything we want to see more of? 15:00:01 laurens: data discoverability 15:00:06 pchampin: Note "joined at 14:17 UTC" in the Attendees / Present :) 15:00:16 RRSAgent, make minutes 15:00:17 I have made the request to generate https://www.w3.org/2025/03/24-lws-minutes.html ericP 15:00:24 scribe- 15:00:25 acoburn has left #lws 15:00:34 RRSAgent, make minutes 15:00:35 I have made the request to generate https://www.w3.org/2025/03/24-lws-minutes.html pchampin