13:57:47 <RRSAgent> RRSAgent has joined #lws
13:57:51 <RRSAgent> logging to https://www.w3.org/2025/08/18-lws-irc
13:57:51 <Zakim> Zakim has joined #lws
13:58:06 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
13:58:50 <TallTed> previous meeting: https://www.w3.org/2025/08/11-lws-minutes.html
13:58:50 <TallTed> next meeting: https://www.w3.org/2025/08/25-lws-minutes.html
13:59:01 <TallTed> meeting: Linked Web Storage WG
13:59:24 <TallTed> agenda: https://www.w3.org/events/meetings/a19ab7dc-1753-433d-bac5-64e3ad8c0a43/20250818T100000/
13:59:24 <agendabot> clear agenda
13:59:24 <agendabot> agenda+ Discussion of authorization mechanisms (proposed by Jesse Wright)
13:59:32 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:01:47 <bendm> bendm has joined #lws
14:01:55 <bendm> present+
14:01:58 <gibsonf1> gibsonf1 has joined #lws
14:02:05 <gibsonf1> present+
14:03:07 <gibsonf1> scribe+
14:03:13 <jeswr> jeswr has joined #lws
14:03:23 <TallTed> present+
14:03:27 <jeswr> present+
14:03:59 <gibsonf1> TallTed: since this is not an official meeting, just to capture discussion as it goes
14:04:21 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:04:53 <TallTed> chair: jeswr
14:05:19 <TallTed> Zakim, next item
14:05:19 <Zakim> agendum 1 -- Discussion of authorization mechanisms (proposed by Jesse Wright) -- taken up [from agendabot]
14:07:03 <gibsonf1> jeswr: Current LWS: Two focuses, R/W interfaces for LWS (similar to Solid) but will separate content transformation, Authorization system for LWS should look like (prior art: ACP, WAC, interop, zerocap, etc)
14:08:06 <gibsonf1> ... A few different layers to specifiy: Abstract datamodel https://github.com/jeswr/lws-acp/blob/main/docs/layering.md#how-this-fits-with-linked-web-storage-lws
14:11:26 <gibsonf1> ... ACP has combined some layers which may not be ideal.   Having LLM generate paradigm profiles of these things.  Does this approach make sense?
14:12:44 <woutslabbinck> woutslabbinck has joined #lws
14:13:09 <termontwouter> termontwouter has joined #lws
14:15:30 <gibsonf1> woutslabbinck: Looked at the architecture, in general looks like a good approach.  Have questions about what falls in LWS scope.  For 0 & 1 layer, looks like ODRL has been doing, do we need to redo or incorporate?    Level 5: Too many to support in LWS
14:18:08 <gibsonf1> jeswr:  LLM generated it, and haven't edited carefully yet.  For scoping, need well defined layer 2, layer 1 may not need to be defined here.  Will ODRL work in this context as its mainly semantic web users, and may be too complex?  XHTML
14:19:22 <TallTed> s/woutslabbinck:/termontwouter:/
14:19:42 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:22:14 <bendm> q+ can't we start from the other way around?
14:22:18 <gibsonf1> ... Scoping need to specify a couple at layer 4 and 5.  Ideally separate specification can be used for other than only LWS, precondition for policies very similar, only postconditions are different (then for agents).  Need to define layer 1 - 5 for current LWS.  So what can we reuse, ACP conflates layers, WAC missing some features, are others
14:22:18 <gibsonf1> available to look at?
14:22:20 <bendm> q+ to ask can't we start from the other way around?
14:23:56 <gibsonf1> termontwouter:  Most has an equivalence in Oauth.  Only lower level need to tie in semantically - no unifying semantics there.
14:24:40 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:24:46 <gibsonf1> ... https://oauth.net/specs/
14:25:04 <TallTed> s/available to look at/... available to look at/
14:25:17 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:27:07 <gibsonf1> jesswr:  Does GNAP do what we need?
14:27:31 <gibsonf1> termontwouter: yes, the flows should work
14:29:08 <gibsonf1> woutslabbinck: Can be the whole enforcement mechanismn, access control framework all tied together - XACML  (architecture used under the hood)
14:30:11 <gibsonf1> jesswr: Is this correct: XACML  enables defining concepts that give an admin engine and interface, gives an Oauth flow back to come to server?
14:30:34 <gibsonf1> s/jesswr:/jeswr
14:31:44 <gibsonf1> woutslabbinck: mainly refer to XACML as a Policy engine and baseline (espically in academia)
14:32:08 <gibsonf1> jeswr:  Can we fill gaps with XACML?
14:34:48 <gibsonf1> woutslabbinck:  For a modular approach, it makes sense.  (Layers 0-3)  Can add dynamic components (have seen in papers and presentations)  Don't know other frameworks with same impact  (Survey paper from Sabrina 2020 - with good summary - at semantic web and looks broader)
14:36:02 <gibsonf1> jeswr: Is XACML implementable (not just academic)?
14:38:04 <gibsonf1> bendm: Don't think we have theoretical things in ODRL, can we come the other way around instead of solving all problems at once, would it be more practical to start from WAC, add exstensions we need and see how far we get.  It might be otherwise to theoretical and non-implementable.  I assume whatever we propose will be out of date in 3 years, why
14:38:04 <gibsonf1> not focus on secure achievable that currently works (is deployed)
14:38:21 <gibsonf1> jeswr:  Is a reason for WAC as a starting point?
14:38:51 <gibsonf1> bendm: WAC is least complexity, but don't have a preference over ACP
14:39:31 <gibsonf1> jeswr: an exact split in deployment between ACP and WAC in current implementations
14:42:29 <gibsonf1> termontwouter:  Why do we need to choose between wac or acp?
14:44:34 <gibsonf1> jeswr: Not sure how the choice can be skipped.  You have an authorization graph, and need to define semantics on how to evaluate and build up the graph.
14:45:10 <gibsonf1> gibsonf1:  For WAC on TrinPod, we are having no issues (after a PR years ago to correct and algorithm error as well as with triple level resources)
14:46:19 <gibsonf1> termontwouter:  For LWS its not the interface, its the furtherst thing in the back of the server, so choice not needed
14:47:02 <gibsonf1> jeswr: I think a minimum needs to be specified for interop.
14:47:37 <gibsonf1> termontwouter:  Can define logic and not implementation specifics
14:48:37 <gibsonf1> woutslabbinck:  It's quite important to have a choice for interop
14:49:11 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:49:37 <TallTed> s/jeswr Is this correct/jeswr: Is this correct/
14:49:53 <gibsonf1> termontwouter:  Client doesn't care whats happening under the hood on an implementation
14:49:59 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:50:20 <TallTed> s/not focus on secure/... not focus on secure/
14:50:33 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:51:13 <gibsonf1> termontwouter:  scope is just a string, what happens on implementation under hood no one cares
14:51:18 <TallTed> s/For LWS its not the interface, its the furtherst/For LWS, it's not the interface, it's the furthest/
14:51:45 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
14:51:51 <gibsonf1> jeswr:  But what about client editing permissions?
14:52:44 <gibsonf1> ... Do you mean to say that LWS should not allow (specifiy) how client edits permissions?  And in practice is coupled with service provider?
14:53:58 <gibsonf1> termontwouter:  Yes.  Editing permissions is not a positive.  Negative as it forces client to see control policies as resource on a server
14:54:32 <gibsonf1> ... Restrictive:  couples authorization to resource server, ACP couples policies to resource on a document level.
14:57:35 <gibsonf1> gibsonf1: Triple level security via state as a resource, uses standard Solid ACL writing as for any resource.
14:59:17 <gibsonf1> jeswr:  Option 1: Start with bendm's approach of starting with WAC.  Option 2: Come up with layer 2 to rule them all.  Option 3: Start with UMA flow of today, and what would better profiles in WAC look like.  I don't know what best option is
14:59:27 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
15:00:12 <gibsonf1> termontwouter:  We're working on UMA for sure.  Actively working level 5, some on level 4,  1 and 0 moving a bit to URDL.
15:01:00 <gibsonf1> jeswr: anything close to paradigm profile to use for LWS?
15:01:12 <gibsonf1> termontwouter: No
15:02:50 <gibsonf1> woutslabbinck: No decision made for how to translate to reusable attributes, logical groupings of resources is what we've been working on, the others not as much.  ODRL group not focused on constraints and further formalization on how to get attributes and proper roles in there or in the UMA server.
15:03:22 <gibsonf1> ... Is on the roadmap, not clear on which priorities will dictate these matters currently
15:05:09 <gibsonf1> jeswr:  Can do some research in the meantime on the different options, and from that see if a layer 2 can be derived for further discussions (potentially for profile in UMA to get implemented around this)
15:05:16 <TallTed> s/exstensions/extensions/
15:05:16 <TallTed> s/correct and algorithm/correct an algorithm/
15:05:16 <TallTed> s/specifiy/specify/
15:05:27 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html TallTed
15:06:29 <TallTed> Zakim, end meeting
15:06:29 <Zakim> As of this point the attendees have been bendm, gibsonf, TallTed, jeswr
15:06:31 <Zakim> RRSAgent, please draft minutes
15:06:32 <RRSAgent> I have made the request to generate https://www.w3.org/2025/08/18-lws-minutes.html Zakim
15:06:38 <Zakim> I am happy to have been of service, TallTed; please remember to excuse RRSAgent.  Goodbye
15:06:39 <Zakim> Zakim has left #lws
15:06:43 <TallTed> RRSAgent, bye
15:06:43 <RRSAgent> I see no action items