SWICG/2017-05-05/minutes

From W3C Wiki
Jump to: navigation, search

W3C

Social Web Incubator Community Group

05 May 2017

Attendees

Present
cwebber
aaronpk
ben_thatmustbeme
dmitriz
eknutson
FrankMurphy
Gargron
geppy1
maloki
masoud
MMN-work
nightpool
sandro
Regrets
Chair
cwebber
Scribe
aaronpk, cwebber

Contents



<aaronpk> scribenick: aaronpk

<sandro> (done)

cwebber: we have kind of a loose agenda today but let's start with introductions
... co-chair of this group and editor of activitypub

aaronpk: co-chair of this group, editor of micropub, webmention and co-editor of websub

<ben_thatmustbeme> i'm good

ben_thatmustbeme: ben roberts, involved in indieweb, member of the Social WG

<KevinMarks> Ouch, sorry

dmitriz == codenamedmitri?

dmitriz: at MIT with sandro, one of the developers on Solid, interested in decentralized authentication

eknutson: I'm working on an activitypub microblog in javascript that will hopefully also be compatible with gnusocial and mastodon if we can figure out what compatible means

Gargron: I'm Eugen. I work on Mastodon, I live in Germany.

geppy1: i'm working on microblogging using web annotations

KevinMarks: i'm part of the SWWG and indieweb, and helped design opensocial

maloki: i'm a project manager for mastodon, I like social stuff

masoud: I'm a scientist but generally interested in decentralized stuff

<cwebber> also if there is anyone who's on irc-only and would like to introduce yourself, I can relay for you

MMN-work: my name is Michael. I maintain GNUSocial and make sure it keeps working even with OS updates.

cwebber: as some people may know, evanpro is co-chair of the Social WG

nightpool: i'm one of the moderators of a service based on mastodon, i'm interested in activitypub support in mastodon

sandro: I work for MIT and W3C, I'm the main W3C staff on social. i'm sandhawke online. I like to code in node.js

<nightpool> (s/a service/cybre.space/)

cwebber: the social web community group (CG) is continuing the work of the working group (WG)
... i work on activitypub, a client-to-server and server-to-server federation protocol

<cwebber> scribenick: aaronpk

<cwebber> scribenick: cwebber

<sandro> https://github.com/w3c/activitypub

<Loqi> [w3c] activitypub

aaronpk: for those who don't know I'm workign on MicroPub, a client to server system, which is on the second to last stage of the formalization process

<sandro> or spec at https://github.com/w3c/activitypub

<Loqi> [w3c] activitypub

aaronpk: webmention is a w3c recommendation right now, it's used for doing cross-site comments, more or less an evolution of pingback but more tightly specified

<Gargron> I LOVED THE OLD NAME

aaronpk: the third spec I'm editing is websub, which is basically pubsubhubbub, with a few but few functional changes

<maloki> I can't even say it... I just skip half of it

aaronpk: I should also add that one of the goals of this community group is to continue the work of these specs after this workign group chapter is over

<MMN-work> Gargron: Pubsub my hub!

<ben_thatmustbeme> Gargron, non-native speakers tended to not love it

<Gargron> it sounded like you were summoning the dark lord

<FrankMurphy> Sorry about that... I did the audio test before the call while my laptop was on a dock, but I took it off the dock so something must have gotten thrown off... Hi everyone, my background is a little unorthodox: I'm an attorney by trade (though one with a CS degree) specializing in technology matters and open source. I'm a lifelong techie and became interested in decentralized social networking because of Mastodon. Stumbled onto ActivityPub from there.

aaronpk: one is to develop and formalize extensions around these specs. Many of our specs are designed to be relatively small at what they describe, but are designed to be extensible
... so that's we expect as apart of this cg

<MMN-work> Gargron: PS, you can mute the mic (there's a mic icon in the toolbar in Mumble) so your keystrokes don't reach the audio level for broadcasting. .)

<maloki> FrankMurphy: :> <3

<MMN-work> (or configure push-to-talk, https://tserverhq.com/clients/knowledgebase/100/How-to-setup-push-to-talk-in-Mumble.html)

<Zakim> sandro, you wanted to talk about multistack

sandro: i wanted to explain one thing that may not be obvious

sandro: normally in the standards process you expect all the players to get together and come to conensus around one way

<maloki> 15th standard! :o

sandro: the WG found that pretty difficult, as everyone knows getting consensus is difficult, so we settled on a compromise. we allowed multiple approaches to be developed in the group to be able to make progress.

https://www.w3.org/TR/social-web-protocols/

<Loqi> [Amy Guy] Social Web Protocols

<sandro> https://www.w3.org/TR/social-web-protocols/

<Loqi> [Amy Guy] Social Web Protocols

sandro: we don't know enough about the space to be able to make the right calls so we hope that having multiple specs instead of no specs will move things forward

sandro: the social web protocols document is an overview of the relationships between all the specs

cwebber: the WG agreed that if we do extensions then this group would be the place to do it

cwebber: does anyone have questions about the working group and its relation to the community group?

<nightpool> just as a quick, 30,0000 foot view: micropub is more about client-to-server communication, right?

<scribe> scribenick: cwebber

aaronpk: yes micropub is specifically about client to server
... you'll notice a recurring theme about the specs I'm working on is they're very broken up into discrete parts

<KevinMarks_> composable specs

aaronpk: federation and client to server are in separate parts

cwebber: activitypub by contrast bundles both C2S and S2S in the same document but you can implement one and not the other

https://www.w3.org/wiki/SocialCG/2017-05-05#Topics

<KevinMarks_> you're gapping a lot

<aaronpk> this section is a nice side-by-side comparison https://www.w3.org/TR/social-web-protocols/#how-do-the-specs-relate-to-each-other

<ben_thatmustbeme> note that it is entirely possible to do micropub for C2S and activitypub for S2S or activitypub for C2S and webmention or LDN for S2S, etc

<MMN-work> KevinMarks: I think he's just pausing. .)

cwebber: feel free to queue up if you want to bring up any topic

<KevinMarks_> hm, maybe it's my client

cwebber: one example of an extension would be mastodon's content warnings, so we could do that as an extension in activitypub and formalize how that works in this group

nightpool: what are the specific extension points of activitystreams and activitypub?

cwebber: it can be the verbs, or any object or property. activitystreams uses JSON-LD to do its extensions

cwebber: however one of the things we agreed on is if we have common extensions in activitystreams, then this group is allowed to define extensions to add to the JSONLD context so that people don't have to keep tacking on JSONLD contexts

cwebber: that could be new verbs, new nouns, or extensions in activitypub for defining new behaviors and side effects

nightpool: <scribe missed the question>

<KevinMarks_> Q was 'what can we extend? is it just verbs?'

<Gargron> +q

geppy: last time i checked in there were some tests in progress, but i haven't seen any implementations of activitypub, maybe i;m looking in the wrong place?

<nightpool> question was "just so I make sure I have this correctly, if I implement a linked set of extensions, I'm allowed to include a new context, and that works somewhat like an xml schema?"

<nightpool> aaronpk ^

cwebber: there's a test suite in progress. we have an activitystreams report template.

<nightpool> (that was the followup for the question about extension points)

cwebber: it's my responsibility to get that up and is what i'll be working on for the next few weeks

sandro: do people have test suites they use for ostatus?

sandro: that could be repurposed?

MMN-o: we have tests for gnusocial but they haven't been updated in forever

<sandro> o

<sandro> ok

<KevinMarks_> mostly they try and interoperate and grumble about it ;)

MMN-o: since they are ostatus it would be a huge rewrite to update for activitypub

Gargron: there is a work in progress activitypub impelemntation in mastodon. it's read only right now, it exposes some objects through the JSON api

Gargron: there is some effort to make that work for server-to-0server implementaiton. mastodon is not looking to implement client-to-server APIs since we're quite happy with how our own APIs work and the app ecosystem around it

Gargron: there is no one test suite people can use to test whether their software is compatible with OStatus. mastodon has its own test suite for compatibility with various specs like Salmon and PubSubHubbub

Gargron: so tests like that could be written for activitypub as well

<MMN-work> WebSub has a test suite that's being worked on afaik, which is a part of OStatus (in practice).

<nightpool> (meta question: is there a place where we can add topics for later that's less immediate then queuing? or should we just queue?)

<MMN-work> Good, KevinMarks .)

<Zakim> aaronpk, you wanted to talk about tests

<nightpool> (geppy: your earlier one didn't go through for syntax reasons)

<KevinMarks_> ack websub.rocks

KevinMarks_, were you queuing yourself?

ah

ok

<scribe> scribenick: cwebber

<KevinMarks_> I thought I was

aaronpk: these aren't tests that are like unit tests, more functional tests

<geppy> (nightpool: thanks! I didn't realize I need to say "... to ...".)

aaronpk: you can see examples at webmention.rocks and micropub.rocks

<nightpool> (yeah, you can elide the person if you're queueing yourself, but you do need to say "to")

aaronpk: those are good examples of tools that people can use

KevinMarks_: what I meant to say is that websub.rocks is to test for conformance for mastodon gnu social etc

KevinMarks_: websub.rocks is a way to test the websub implementation of mastodon and gnusocial which should already pass it

<Zakim> geppy, you wanted to ask do you need help with AP tests?

geppy: do you need help with the ap tests?

<geppy> Shiny, thanks!

<Zakim> sandro, you wanted to clarify q syntax

cwebber: yes, let's talk more after meeting (and it's in scheme)

<Gargron> +q websub.rocks, server authorization/trust

sandro: so you do "q+ to: foo" to remind yourself about a topic

<geppy> (Oh, thanks for explaining q!)

<Gargron> oops

<KevinMarks_> https://toot.cat/users/cwebber/updates/21078

<Loqi> [[MOVED] Christopher Webber] Hey everyone! So the first call of the Social Web Incubator Community Group is at 4PM GMT this Friday, May 5th. I hope you can make it! https://www.w3.org/community/swicg/2017/05/01/social-web-incubator-community-group-kick-off-call/ This will be a...

Gargron: I'm reminded of websub.rocks which is an amazing resource
... it's not really a test you can add any account and it work
... The problem is that websub.rocks does not work for mastodon, which is mainly because the implementation of private status in mastodon
... the problem is if you have ??? only then is the push done to the server
... so status is done not only to anyone who subscribes, but this accidentally breaks websub.rocks
... so I have no problem doing this change

<ben_thatmustbeme> would be good for public statuses for subscription between services

Gargron: one problem with OStatus is nothing about reachability is not specified in the spec, so I had to invent my own xml tag, and no other software understood that tag

<nightpool> "if you have at least one authorized follower" for the if you have at least one authorized follower cwebber

Gargron: ActivityPub solves this
... but the problem still remains that the user has to be aware of what servers the status travels to
... because a rogue implementation can simply be modified to leak/reveal them
... so I'm bringing up that concern

<aaronpk> scribenick: aaronpk

cwebber: to clarify, rogue implementations can be modified to leak, if i sent something to mallory's server but she also runs it for 5 other people, she's CC'd on this, she can post it publicly. is that the problem you're taling about?

Gargron: yeah the server can decide to ignore any privacy settings

<nightpool> For the record, the specific question was about how subscription confirmation works

cwebber: in activitypub, each message is suppoes to go into individual people's inboxes. but yeah a badly written server could dump it into a public timeline or whatever

email has this problem as well but email doesn't have public lists

it's an easier mistake to make when you have a public feed

my understanding is the only way to completely get around it is end to end encryption

Gargron: on the other hand, something related to trustworthiness of servers and conveying that

cwebber: not everyone is excited about the "web of trust" idea

<ben_thatmustbeme> yikes queue

this kind of ties in to anti-abuse tooling. it's something worth exploring. this is a topic in itself.

<Zakim> MMN-work, you wanted to discuss public web content accessibility

<KevinMarks_> previously

<KevinMarks_> https://indieweb.org/private

MMN-work: there's always the question of what's the threat model
... given the OStatus problem of posts being not protected enough, the use cases are very different for privacy for public communication.
... i'm not sure if it's within the scope of activitypub to discuss these things, since of course public discussions should be available like a URL can point to a resource that is a discussion. of course ostatus only covers this specific use case. activitypub addresses private messaging, but i dont think its within scope to say how to protect these messages to be redistributed. since they might be

redistributed by rogue people vs rogue admins.

dmitriz: one thing i noticed in a lot of these decentralized social specs is the spec starts with authenticaiton/authorization/access control are out of scope

so there's definitely a need to point implementers to some sort of solution

i think private messages are a serious problem that needf to be solved

one possible solution is end to end encryptioon and the PKI which comes with its own set of problems but does work

another solution that requires more standards is interoperable cross domain authentication and authorization

we have a version of that in the Solid project but it's RDF based and not necessarily applicable to the people here

but how this applies to private messages is if we agree on how to identify users across federated instances and how to express access control on a message we can have a higher level of protection than doing web of trust for servers

<Zakim> KevinMarks_, you wanted to mention twitter history here

KevinMarks_: one of the reasons twitter turned off their public stream is it was too complciated to maintain with a mix of public and private posts in the stream

the indieweb approach to this is to have a server person, but that means you trust the server admin in that case

i linked to the private posts experiments https://indieweb.org/private

<nightpool> not only does it not scale, it doesn't even make sense for non-technical users.

<Zakim> sandro, you wanted to mention standard TOS

sandro: there are some interesting technical problems that kevin and dmitri mentioned

<MMN-work> +q to ask about scalability of per-person-distribution and ActivityPub's POV

<nightpool> +1 social problems

i'm interested in the legal/social problems of trusting server admins

there are 1000+ mastodon instances, and most of them seem to use the default terms of service

<KevinMarks_> well, it depends on multiusers trysting admins - withknown does the same

i'm curious whether the admins even know they are using the default ToS

we could have a couple standard ToS like creative commons style, and you as an admin pick the one you want that you're willing to commit to your users

then users hasve a reaonsable legal/social level of expectation

<KevinMarks_> eg https://teach.kqed.org/ has many users that trust kqed as admin

of course this doesn't stop bad actors but it sets the bar for what's legal and whats the expecation of appropraite behavior

<Zakim> nightpool, you wanted to clarify subscription question

<FrankMurphy> Agree with your observations on the ToS issue. Happy to lend my expertise on that front.

nightpool: to clarify around fthe original question. the question was about how mastodon currently concept of a "confirmed follow"

and it uses that to pre-vet servers

the idea was mastodon does somewhat solve this problem already

<KevinMarks_> Salmon--

<Loqi> salmon has -1 karma

<Gargron> +q to: follow requests via salmon

<Gargron> +q to follow requests via salmon

<Zakim> aaronpk, you wanted to clarify the server per person

<nightpool> salmon++

<Loqi> salmon has 0 karma

<cwebber> scribenick: cwebber

<nightpool> :P

<sandro> "q- later" is a trick to move yourself to the end of the queue :-)

aaronpk: KevinMarks_ mentioned the indieweb approach of one server per person, but that's not exactly it, each user has one url

<KevinMarks_> I was being uncelar, sorry

<FrankMurphy> q to cwebber: Somewhat relatedly, is data portability within the scope of the ActivityPub spec? Textbook use case is a user wanting to take his content from one ActivityPub-compliant instance to another.

aaronpk: each person has a top level url, but might be a subdomain or suburl... the point is your user is a url, so you can have your own site, but it works with multiple users on sites.

FrankMurphy: could you q+?

<Zakim> MMN-work, you wanted to ask about scalability of per-person-distribution and ActivityPub's POV

MMN-work: regarding public posts, which are readable by anyone with the URL and private posts which require authentication

MMN-work: in gnusocial you distribute a post one time to one server, even though there are multiple users on that server

MMN-work: that's very efficient

MMN-work: but if you have a private account and distribute to 100 followers, i assume activitypub sends one per person?

<KevinMarks_> websub works for public posts between servers; for private posts you would need to send one per subscriber

MMN-work: my question is whether activitypub addresses the distirbution issue for public/private posts

cwebber: we do have a separate endpoint users can set up for public endpoints

<Zakim> Gargron, you wanted to follow requests via salmon

cwebber: servers can short-circuit to send to each individual person, so if 100 people share a public endpoint then you can send to that one endpoint to reach all 100 users

<ben_thatmustbeme> https://mastodon.social/@kevinmarks/4937649

<Loqi> [Kevin Marks] @lambadalambda @Ronkjeffries @KevinMarks which is why I made unmung.com/mastoview

Gargron: follow requests weren't difficult to implement because activitystreams already contained all the necessary verbs

Gargron: the only missing part was specifying when a profile is "locked", thereby requiring authorization in the first place

Gargron: you send a "request friend" group with the target as the person you want to follow

Gargron: the server displays it as a follow request and the end user can reject or authorize it

Gargron: it's either an authorize verb or reject verb, and it goes back via salmon to the requester

<KevinMarks_> is this why remote follow takes 3 clicks?

Gargron: the way public/private URLs work in mastodon is public posts have public URLs, but private posts don't. they always return 404 regardless of who accesses them unless they use authentication

Gargron: the private posts are distributed one time when they are created using pubsubhubbub, and that's the only way the other servers receive that content. they can't access it later via public urls because there is no authentication mechanisms for servers to access that content later

<KevinMarks_> https://botsin.space/users/quinn/updates/582

<Loqi> [quinn ❎] Why do I have to follow someone three times to follow them once?

<Zakim> sandro, you wanted to talk about future meetings -- seems like there's a lot to talk about -- how many weeks between meetings would you like, and how many minutes should the

sandro: we have 3 minutes left in this call

sandro: it's great having everyone on the call

<nightpool> oh, yikes, it was only an hour?

<dmitriz> hahaha

<Loqi> awesome

<sandro> Poll for next meeting time: http://doodle.com/poll/vvn2rn36ikgpx96b

2 (every 2 weeks)

<sandro> 1 120

sandro: maybe we can do a strawpoll in IRC, how often do you want to come to a meeting? 1-every week, 2- every 2 weeks. and how long would you want the calls to be?

<geppy> 1 120

<cwebber> I could do every 1 week if people find it helpful

<nightpool> 1 / 120

<dmitriz> do we have a mailing list or message board to have async discussions on this stuff?

<aaronpk> 1 60 or 2 120

<ben_thatmustbeme> 1 / 60 or 2/120

<maloki> 2 120

<MMN-work> I'll jus read the minutes, I probably don't have more time than 1/month .)

<ben_thatmustbeme> you can also leave messages here too

<nightpool> http://socialwg.indiewebcamp.com/irc/social/today

<nightpool> logs ^

<sandro> https://www.w3.org/wiki/SocialCG

<geppy> 1 week, 120 minutes

<cwebber> 1 90

<FrankMurphy> 2/120

<Gargron> 1^60

<Gargron> oops

<Gargron> 1 60

<dmitriz> 1, *

<eknutson> 2 60

<ben_thatmustbeme> 8 / 600

<ben_thatmustbeme> :P

<KevinMarks_> 2w 60

<nightpool> 1 90 is good actually. I think this meeting should probably go a little longer though

<nightpool> because it's a kickoff

<maloki> Maybe it's popular because people want to get through all these "pent up" discussions :)

<dmitriz> is the lack of mailing list / message board incidental, or intentional?

<ben_thatmustbeme> also as a "social" group, its good to use social methods

<nightpool> I think github works pretty well as async

<nightpool> re: mailing lists

<sandro> github issues are pretty good for ML-type stuff

<scribe> scribenick: cwebber

aaronpk: I think you covered most of it, mailing lists tend to drag out whereas github links tend to allow for resolutions; irc tends to be great when you have the logs

<dmitriz> do we have a CG github repo?

<sandro> star this: https://github.com/swicg/general

<Loqi> [swicg] general: General issue tracker for the group

<dmitriz> aha

aaronpk: I'm not inclined to add another channel, mailing list free has worked great for indieweb

<nightpool> +1

<geppy> +1

<aaronpk> proposed: 30 minute extension

<eknutson> +1

<Gargron> +1

<cwebber> +1

<aaronpk> +1

<sandro> +1 extend half an hour

<FrankMurphy> -1

<maloki> +1

<MMN-work> +0.5

<Zakim> FrankMurphy, you wanted to cwebber: Somewhat relatedly, is data portability within the scope of the ActivityPub spec? Textbook use case is a user wanting to take his content from

<FrankMurphy> (mic not working) is data portability within the scope of the ActivityPub spec? Textbook use case is a user wanting to take his content from one ActivityPub-compliant instance to another.

<MMN-work> PS. I'm not a customer with GitHub so if I were to start discussing issues I guess I'd have to relay it through others. But I also realise I'm probably not going to be the one taking on issues .)

<ben_thatmustbeme> https://socialwg.indiewebcamp.com/irc/social/today <-- logs

<nightpool> Having client-to-server in the spec gives it some amount of data portability, right?

cwebber: the spec doesn't say anything about data portability. it can be done in pump.io with a script that exports/imports everything. you could do the same in activitypub. what you'd want is to set up redirects.

<Gargron> +q to follower portability

<MMN-work> aaronpk: Yes, but I started cleaning out accounts at proprietary disservices a couple of years ago.

<KevinMarks_> https://github.com/w3c/websub/issues/98

<Loqi> [kevinmarks] #98 Subscription migration is unclear

<dmitriz> incidentally, cross-domain identity is a pre-requisite for being able to export/transfer your followers & contacts list

<Zakim> Gargron, you wanted to follower portability

<KevinMarks_> https://github.com/tootsuite/mastodon/issues/177#issuecomment-292780728

<Loqi> [kevinmarks] The logical thing to 301 is the user's URL so systema.com/@usera 301s to

<Loqi> systemb.club/@userb (and the atom feed, obviously). This does rely on the

<Loqi> site being migrated from to co-operate, yes, but ti is less fiddly than

<Loqi> requiring a new webfinger call....

Gargron: about follower portability. i've been looking into that. one of the main concerns was that if someone gained access to your account, if follower migration existing you could move followers to someone else which would basically be forever

<nightpool> yeah follower exfil is a big deal.

Gargron: nothing else you can do on mastodon has such a destructive action

<dmitriz> export & import is slightly different, though, than destructively “moving” followers

Gargron: the other concern with moving followers (in ostatus), obviously this should be a salmon slap or a message in the feed, but the problem is there is no activitystreams verb or object to describe "moved" or "migrated"

Gargron: another approach is to do some sort of redirect

Gargron: but we want to do webfinger lookups as little as possible

Gargron: then handle that account without doing additional networking

<MMN-work> dmitriz: I guess export is just "download my activitystream" .)

Gargron: recently we added a one-day cooldown for doing webfinger lookups because we found issues with people changing URLs on their servers

<dmitriz> but specifically export for the followers list / contact book

<MMN-work> (that's how data portability - but not identity moving - is done (when it works) in GNU social)

Gargron: which meant that their accounts would be broken unless you do a second webfinger lookup

Gargron: so now the next day it will do a second webfinger lookup to update the URLs

Gargron: i'm not sure if doing http redirects is in the spec for webfinger or how it should be treated

<maloki> Right now it's actually just follows on export. Not your posts.

Gargron: the main problem i can foresee is in mastodon the assumption is the username and domain is a unique combination

<dmitriz> globally unique? or unique per domain?

<dmitriz> oh ok

Gargron: changing it from one to another in the database çould lead to collisions

Gargron: i'm open to suggestions and brainstorming on this part

<Zakim> cwebber, you wanted to talk about antiabuse

<dmitriz> for one, sounds like we need to clarify, with regards to WebFinger and redirects

<sandro> Maybe we want a Follower Migration github issue?

<dmitriz> yes please!

cwebber: one of the topics id like to see addressed in this group is filtgering and antiabuse

<sandro> https://github.com/swicg/general/issues/1 created

<Loqi> [sandhawke] #1 Follower Migration

cwebber: both helping people discover things in the firehose or helping people who are being harassed

cwebber: we don't have enough time to talk about it in this meeting but i wanted to put it out there

<Zakim> sandro, you wanted to ask about future of webfinger

<geppy> (speaking of which, is rhiaro/Amy here? or is she defending her thesis?)

<cwebber> geppy, she got her thesis in and is now on a meditation retreat :)

<geppy> (Nice!)

<ben_thatmustbeme> https://github.com/swicg/general/issues/1 created, thanks to sandro

<Loqi> [sandhawke] #1 Follower Migration

sandro: we have a bit of an impedance mismatch between mastodon/gnusocial vs activitypub around identifiers of individuals

<dmitriz> that’s not quite a mismatch, in that WebFinger is just a mechanism to *resolve* an email to a URL

sandro: ostatus uses email-like identifiers, whereas activitypub and indieweb the idea is just use a URL rather than email-like identifiers

<cwebber> we have an issue about this in activitypub btw https://github.com/w3c/activitypub/issues/194

<Loqi> [cwebber] #194 Include informative section suggesting how WebFinger users can migrate towards ActivityPub adoption?

sandro: i think we could use webfinger to map between the two but my guess is that mastodon has no intention of giving up email-like identifiers so webfinger is around for the long haul

<MMN-work> +q to explain acct: usage and user URI

sandro: this is going to show up when users refer to people, like on the sides of billboards or whatever. having two different end-user visibility standards is going to be a bit of an issue

dmitriz: i wanted to clarify that webfinger is just a protocol to turn an email into a URL

dmitriz: part of the reason why openid 1 and 2 failed was that it turns out that using raw URLs as identifiers had incredible usability problemns

dmitriz: yahoo spent a lot of money on usability studies to ask is it okay to use URLs as identifiers

dmitriz: webfinger was used by openid connect to address this usability problem

dmitriz: so let's solve the problem from openid 1 and 2 and set up this protocol to resovle from one to the other

dmitriz: google at the time was part of the working group, and said they'd enable webfinger but then backed off

dmitriz: i think we should remember the usability studies and the general difficulty of just using URLs

<Zakim> MMN-work, you wanted to explain acct: usage and user URI

MMN-work: in gnusocial, both work. you can give just a domain or an email address

MMN-work: and they both will find the feeds

MMN-work: anyone can implement both

<sandro> aaronpk, maybe we can move forward with this BOTH approach, with tests for both

<cwebber> sandro, see PM btw

<maloki> Which is why you should be me@aaronpk.com ;)

MMN-work: the follower migration thing, the problem is if your URL is the identifier, how do you update this huge body of statuses to the new URI or how do you keep the old URI

<cwebber> ack nightpool;

<Zakim> nightpool, you wanted to migration faq in general

<dmitriz> useful link explaining WebFinger and using WebFist as a fallback mechanism: http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-with-webfist.html

nightpool: the CG should think about migration and creating migration guides

nightpool: i'd be willing to help work on that

<Zakim> cwebber, you wanted to talk about webfinger

<KevinMarks__> webfist.org is down :(

<dmitriz> dohhh

cwebber: this is something i'm interested in, obviously we have important federated systems that use webfinger, we have a bug open to discuss whether this is osmething that should be handled in activitypub itself or as an extension

<KevinMarks__> see also https://www.w3.org/wiki/Socialwg/AccountDiscovery

cwebber: it's something i'd really like to get right, so i'd like to sit down with people who are already implementing this and looking to implement activitypub

<Zakim> sandro, you wanted to ask if ActivityPub should be kept open a few more months for more input, esp re c2s

<KevinMarks__> I would love to replace webfinger with a small rel template

sandro: the social web working group was chartered through the end of june, which means activitypub is in its final stages

<maloki> *yes*

sandro: with the recent success of mastodon, i've been talking to w3c management to say maybe we should not close the door just yet

sandro: the divergence between the mastodon c2s and activitypub c2s protocol maybe if we give it a few more months we could converge the two

<ben_thatmustbeme> Gargron++ "thanks to mastodon"

<Loqi> gargron has 1 karma

<KevinMarks__> yes to what, maloki?

sandro: so i'd like to ask for quick feedback as to whether you think slowing down activitypub to make some changes that bring everyone in this call closer

<maloki> My reaction to "thanks to mastodon" :>

<Zakim> Gargron, you wanted to importance of webfinger

Gargron: there's a history of emails hacving username@domain syntax, and xmpp as well

Gargron: that's why when I started looking into ostatus it clicked right away

Gargron: it's easy enough to say I'm gargron at mastodon.social

Gargron: rather than a URL which contains a protocol and scheme

<MMN-work> Btw, WebFinger lets you do a URL lookup and not just acct: (the acct: uri is separate from WebFinger/RFC7033

Gargron: it's really important to keep that and it should be part of activitypub going forward

Gargron: it will be confusing if some implementations can address people in that format and some don't

<MMN-work> since it just says "a domain name should respond to resources on this URL" not speciying the format of the resource

nightpool: i think there's a lot of work that can be done in extensions, but some of this core stuff around webfinger or subscription would be useful to address in the core standard

<Zakim> KevinMarks__, you wanted to say why webfinger is creaky and overkill

KevinMarks__: i agree that being able to look up a username at a domian is useful, but the way webfinger does it is overkill

KevinMarks__: there is a simpler way to do it rather than webfinger wrapping it in 3 levels of indirection

KevinMarks__: the account structure is something you can explain to people

KevinMarks__: the thing that doesn't make sense is the well-known URLs when you've got perfectly good ways of doing things with link rels and link headers

<KevinMarks__> I wrote a bit at https://www.w3.org/wiki/Socialwg/AccountDiscovery

cwebber: this meeting has been a success in my view. there certainly won't be a shortage of things to discuss in the future.

<MMN-work> KevinMarks: Let's talk more about the rel= stuff over OStatus, I remember you mentioning it on that videopodthing and I totally want to make sure GNU social works with indieweb if there are any implementations that desire it.

<ben_thatmustbeme> KevinMarks++

<Loqi> kevinmarks has 6 karma in this channel (273 overall)

cwebber: i'd like everyone to take a moment to fill this out

<MMN-work> KevinMarks__: *goes to link*

http://doodle.com/poll/vvn2rn36ikgpx96b

<KevinMarks__> the rel stuff I discussed at http://www.kevinmarks.com/distributed-verify.html

<Loqi> Distributed Verification 2016-09-22

<sandro> PROPOSED: Would like to extend the Social Web WG so there's time to update ActivityPub, to take into account currently exciting projects

<Gargron> +1

<nightpool> +1

<maloki> +1

<sandro> +1

<cwebber> +1

<dmitriz> +1

<KevinMarks__> +1

<ben_thatmustbeme> MMN-work, i'd definitely be interested in that discussion

<geppy> +1

<FrankMurphy> +1

<MMN-work> +/- 0

RESOLUTION: Would like to extend the Social Web WG so there's time to update ActivityPub, to take into account currently exciting projects

<Zakim> KevinMarks__, you wanted to ask if the swicg should take over https://www.w3.org/community/ostatus/ formally

KevinMarks__: there is an ostatus w3c community group, it might be worth formally redirecting it

sandro: evan said he'd do that so i'll nag him again

Gargron: can someone put all the ostatus protocols onto that web page? it currently doesn't contain any information, and ostatus.org expired.

<sandro> +1 yeah

<MMN-work> Rollerstatus tyccoon

<dmitriz> I ran into that problem as well (the ostatus specs being down)

<nightpool> that's probably not the right place for it?

<nightpool> But somewhere, yeah

<FrankMurphy> Rollercoaster Tycoon... The imagination runs wild

<nightpool> cwebber -- for puns

<Zakim> KevinMarks__, you wanted to say use the wiki https://www.w3.org/community/ostatus/wiki/Main_Page

sandro: spread the word about this group, i'm sure there are more people who would want to be involved

<dmitriz> what’s the relationship again between this group & the SocialWG?

<ben_thatmustbeme> no

<ben_thatmustbeme> you cannot i don't believe

<sandro> dmitriz, complicated :-)

<dmitriz> heh

<aaronpk> dmitriz, https://chat.indieweb.org/social/2017-05-05/1494000822923000

<Loqi> [aaronpk] cwebber: the social web community group (CG) is continuing the work of the working group (WG)

<sandro> dmitriz, basically, the WG is much more formal

<MMN-work> Cheers!

<ben_thatmustbeme> cwebber++

<Loqi> cwebber has 13 karma

<KevinMarks__> ah. well, you can always edit this wiki

<ben_thatmustbeme> aaronpk++

<Loqi> aaronpk has 77 karma in this channel (1307 overall)

<sandro> cwebber++

<Loqi> cwebber has 14 karma

<FrankMurphy> Thanks, cwebber!

<aaronpk> er

<KevinMarks__> or the indieweb one

<cwebber> aaronpk++

<Loqi> slow down!

<nightpool> cwebber: ++

<aaronpk> magic bot incantations

<sandro> aaronpk++

<nightpool> oops let me try that again

<nightpool> cwebber++

<ben_thatmustbeme> trackbot end meeting

Summary of Action Items

Summary of Resolutions

  1. Would like to extend the Social Web WG so there's time to update ActivityPub, to take into account currently exciting projects

[End of minutes]