SocialCG/2018-10-10/minutes
< SocialCG | 2018-10-10
<cwebber2> =========== MEETING LOGGING STARTS ===========
*** jdormit_mobile (~jdormit_mobile@public.cloak) has quit: Client closed
connection
<sumanah> https://www.w3.org/community/about/agreements/cla/ [11:03]
<cwebber2> scribenick: dmitriz
<cwebber2> https://www.w3.org/community/socialcg/
<sumanah> today's meeting: https://www.w3.org/wiki/SocialCG/2018-10-10
*** jdormit_mobile (~jdormit_mobile@public.cloak) has joined channel #social
[11:04]
<cwebber2> https://www.w3.org/wiki/SocialCG/2018-10-10
*** eprodrom (~eprodrom@public.cloak) has joined channel #social
<eprodrom> present+
<dmitriz> first topic: sec: prefix
<melody> present+
<cwebber2> present+ [11:05]
<dmitriz> eprodrom: there's an outstanding issue for security prefix, so maybe
I can talk a bit about that
<cwebber2> present+ sumanah
<cwebber2> present+ sandro
<dmitriz> eprodrom: where we got stuck last time, and where we can hopefully
get to this time
<dmitriz> present+
<eprodrom> https://github.com/w3c/activitystreams/issues/477
<dmitriz> eprodrom: we have a system for ActivityPub for signing requests,
using HttpSignatures [11:06]
<dmitriz> eprodrom: has become the standard way for server-to-server authn
(for push, sending messages, etc)
<dmitriz> eprodrom: we're using this external namespace (the W3C Security
namespace)
<eprodrom> https://github.com/w3c/activitystreams/pull/490 [11:07]
<dmitriz> eprodrom: somebody brought up the issue the last time, that it would
not be sufficient to just drop in the sec: namespace (because of id
parameters) [11:08]
<dmitriz> eprodrom: so the question was whether we should jump ahead & include
the entire sec: vocabulary in there
<cwebber2> q+
<cwebber2> ack cwebber2
<dmitriz> cwebber2: I agree with puckapedia (sp?) here. one of the things that
the context provides is an unambiguous way to map the type that the
term provides [11:09]
<dmitriz> cwebber2: same thing applies to IDs. linking to another object, how
do you tell that it's just a string, or it's a URL? the context
provides a default defn that can be overridden [11:10]
<dmitriz> cwebber2: things like, 'any time you see this, it's gonna be an id'.
<dmitriz> cwebber2: if you're using Linked Data Signatures, it does pay
attention to contexts of this type
<dmitriz> cwebber2: (meaning, the generated hash will be different depending
on how it resolves)
<dmitriz> cwebber2: so, two ways to resolve it. either we add a namespace to
the context, and then for all the terms we want, we copy & paste
them in [11:11]
<dmitriz> cwebber2: the alternate route is that you can recursively include
contexts
<eprodrom> +1
<dmitriz> cwebber2: so that's my summary, opening it to the floor
<cwebber2> dmitriz: which option is evan proposing? [11:12]
<dmitriz> eprodrom: let's take the terms as we need them, that's how we did it
in other contexts
<dmitriz> cwebber2: lets move it to proposal. [11:13]
<dmitriz> eprodrom: I think what we need is publicKey, publicKeyPem, and maybe
owner also?
<dmitriz> cwebber2: I'm willing to look at the issue, if that helps
<dmitriz> eprodrom: yeah, we haven't looked exactly at which ones [11:14]
<dmitriz> eprodrom: what I'll do is make a PR that includes the Security
namespace (so that's available), and then for the current
properties, I'll give aliases for those (including types)
<dmitriz> eprodrom: and then maybe at the next meeting, we can vote on the PR
<cwebber2> +1
<eprodrom> +1
<dmitriz> +1
<dmitriz> cwebber2: and if I don't respond on it, please ping me before the
meeting. [11:15]
<dmitriz> cwebber2: ok, good to go
<dmitriz> eprodrom: will take it as a task for next meeting.
<dmitriz> next topic:
*** gluedtothescreen (~gluedtothescreen@public.cloak) has joined channel
#social
<cwebber2> #TOPIC Chris Webber is diving headfirst into some next-generation
federated social web stuff, but wait what does any of that mean
https://octodon.social/@cwebber/100866264755512782
<dmitriz> cwebber2: the high level is - I was previously doing a full time job
and a half (basically, stuff I was doing for work, and then
half-time for stuff in the federation space) [11:16]
<dmitriz> cwebber2: instead, I'm switching to full time on federation stuff,
and then doing some occasional contracting on the side [11:17]
<dmitriz> cwebber2: I'm not at risk at being kicked out on the street. I'm
trying to push forward with some important stuff. (the thread has
some of it)
<dmitriz> cwebber2: feel free to ask questions, and I'll attempt to answer
<dmitriz> cwebber2: ok, so, firstly part of the goal here is - I'm taking on a
tried-and-true approach of making and interesting Skunkworks of
sorts [11:18]
<dmitriz> cwebber2: every now & then, somebody tries to make a giant
decentralized game, and regardless of whether they succeed,
interesting things come out of it
<dmitriz> cwebber2: examples - google earth, etc
<dmitriz> cwebber2: I've been researching for a while about some of the ways
to push ActivityPub spec into new areas
<dmitriz> cwebber2: for example, I'd like to change the way we're approaching
abuse and moderation tooling [11:19]
<dmitriz> cwebber2: I think right now the current approach is, if you think
about programming scope systems (like a Python approach) is - you've
got your Global community, and you've got your local instance. so,
globals and locals
<dmitriz> cwebber2: so, this gives incentive for people to run their local
space
<dmitriz> cwebber2: like, you can start a group for a community you care about
<dmitriz> cwebber2: but that also has some downsides. if you have somebody a
part of several groups (not just a global and an individual group),
[11:20]
<dmitriz> cwebber2: different groups need to protect them in different ways
<dmitriz> cwebber2: relying on instance-level mods tends to exhaust them
<dmitriz> cwebber2: we've been seeing some of this stuff on Mastodon. (which
has really good, historically, moderation tooling)
<dmitriz> cwebber2: but say somebody's a member of both the Fanfiction
community, also a member of their professional community, and also
like lgbt community
<dmitriz> cwebber2: each one of those might have different moderation
requirements
<dmitriz> cwebber2: what we're seeing right now is sort of a
nation-state-ification of the fediverse [11:21]
<dmitriz> cwebber2: like, "I have this code of conduct, and you have one, so
let's just ban that instance"
<dmitriz> cwebber2: it's getting to the point where it's easier for instance
admins to just connect to a whitelist of instance
<dmitriz> cwebber2: so there's various instances at war
<dmitriz> cwebber2: whereas in fact, the different instances just serve
different moderations needs for the user
<dmitriz> cwebber2: so I want to move to the assumption that the moderation is
not happening on instance level
*** jdormit_mobile (~jdormit_mobile@public.cloak) has quit: Client closed
connection [11:22]
<dmitriz> cwebber2: the assumption is, each person is on many different groups
& servers
<dmitriz> cwebber2: example, mailing lists
<dmitriz> cwebber2: I'm a member of many different lists, which all have
different policies, depending on their needs
<dmitriz> cwebber2: another core idea that everyone can message you opens up
the idea of Dogpiling real easily
<dmitriz> cwebber2: example, you post some message, another group doesn't like
it, and you get jumped and get all these messages
<dmitriz> cwebber2: we currently have this assumption (imported from
FB/Twitter/email) that you have /one/ identifier that's you [11:23]
<dmitriz> cwebber2: whereas in fact, people have many different avenues to be
contacted
<dmitriz> cwebber2: so like, I have a public profile. and then I create
several different shells for that, that I hand out to different
people
<dmitriz> cwebber2: and the moderation system may be different based on what
instance you're going through
<dmitriz> cwebber2: for example, I hand a shell to Evan, and the moderation is
that his computer needs to do some sort of hash/proof-of-work in
order to send me a message [11:24]
<dmitriz> cwebber2: later on, I can hand him the ability to just message me
directly, without any PoW
<dmitriz> cwebber2: another thing to consider: if you have a collection -
let's say you're running a conference, and want to curate some
images
<dmitriz> cwebber2: and I'm handing somebody a capability to add things but
not remove them [11:25]
<dmitriz> cwebber2: so, this whole design is taken from the world of Object
Capabilities (OCaps)
<dmitriz> cwebber2: pause for any questions re OCaps
<eprodrom> q+
<dmitriz> eprodrom: I'd be interested to hear the user side of this, before
the implementation side
<dmitriz> cwebber2: yes, I have that, let's get to it shortly though [11:26]
<cwebber2> ack eprodrom
*** jdormit_mobile (~jdormit_mobile@public.cloak) has joined channel #social
<dmitriz> *oh whoops, that wasn't evan asking re user side*
<dmitriz> cwebber: I'm working on access control policies based on OCaps.
<dmitriz> cwebber2: objects meaning actors.
<dmitriz> cwebber2: the OCap community has a metaphor that might be useful
[11:27]
<dmitriz> cwebber2: let me give the metaphors, then get back to user
experience
<dmitriz> cwebber2: one usecase that's commonly described in Ocap community is
that we have two fundamental forms of access control - 1) Access
Control Lists (ACLs), and 2) Object Capabilities [11:28]
<dmitriz> cwebber2: as far as ACLs - you're probably familiar with it from
Unix. if you launch Solitaire, it runs as /you/, as the user
<dmitriz> cwebber2: Object Capabilities are more like car keys. like, if you
come up to a car. instead of identity based access control (say, the
car scanning your face), it's using /possession/ based access
control [11:29]
<dmitriz> cwebber2: meaning, whoever has the key has access
<dmitriz> cwebber2: let's say I'm driving the car, and I want to lend it to
Alice, but I want to be able to revoke access later
<dmitriz> cwebber2: so I hand her a key, but it's "attenuated" in some way,
meaning, I can limit or revoke the access later
<dmitriz> cwebber2: so let's say she drives the car somewhere, comes up to a
Valet service, and wants to limit the valet's capabilities [11:30]
<dmitriz> cwebber2: so she can narrow the key's power even further. she
creates a derived object from the key, and gives it to the valet
<dmitriz> cwebber2: and it has more limitations - it can only drive X amount
of miles, and it doesn't give access to the trunk
<dmitriz> cwebber2: a good way of thinking about it is - the way we currently
program [11:31]
<dmitriz> cwebber2: if Alice is an object (in an OOP sense, for example) with
a 'drive()' method, I can hand her a wrapped key object that limits
the key's capabilities
<dmitriz> cwebber2: basically, it allows an object to maintain its own state
<dmitriz> cwebber2: how do we apply this to actors? (since Activity Pub is an
actor-based system) [11:32]
<dmitriz> cwebber2: so I can create a Car object. it gives me absolute control
over the car. we can give this car a Capability URI, or an OAuth
type bearer token
<dmitriz> cwebber2: so you can't drive the car unless you have the
(unguessable) credential - the url or token
<dmitriz> cwebber2: now I create /another/ object, which just forwards the
messages/activities to it to the original key object [11:33]
<dmitriz> cwebber2: this is not adding anything to the AP spec
<dmitriz> cwebber2: it's just assuming that sufficient security mechanisms are
already in place
<dmitriz> cwebber2: so that's the general idea. what you have possession of is
what you can do
<dmitriz> cwebber2: you maintain your own space. make decisions on what to
forward or not. and objects & actors can coordinate with others to
be able to do rich things [11:34]
<dmitriz> cwebber2: to be able to drive the car (or message me), how on earth
do you have a user experience that makes that possible?
<dmitriz> cwebber2: if you're familiar with Zooko's Triangle, it says that
names/identifiers have 3 properties:
<dmitriz> cwebber2: globally unique, human-readable, and decentralized/secure
<dmitriz> cwebber2: and you can basically only have 2 out of the 3 [11:35]
<eprodrom> I need to jump out to get to my next meeting
<eprodrom> Thanks all!
*** eprodrom (~eprodrom@public.cloak) has quit: ""
<dmitriz> cwebber2: there's a way to get around this (2 out of 3) limitation,
though
<dmitriz> cwebber2: by making changes to ActivityPub clients, not necessarily
the spec [11:36]
<dmitriz> cwebber2: think of your phone's contact list
<dmitriz> cwebber2: you can call me without actually memorizing my number. the
phone mediates that
<dmitriz> cwebber2: and if there's multiple Chrises, the phone contacts list
lets you de-ambiguate (like this is SocialCG Chris, and that one's
some other chris, etc)
<dmitriz> cwebber2: there's other details [11:37]
<dmitriz> cwebber2: like introductions / suggested names and so on
<dmitriz> cwebber2: questions so far?
<dmitriz> sandro: what my actual question was, let's imagine you're
implementing this on Twitter
<dmitriz> sandro: meaning, all of this is opaque & behind the scenes, except
for what the users are actually interact with.
<dmitriz> sandro: so, how would the UX actually be different, with this tech?
[11:38]
<dmitriz> cwebber2: ok, let's say Twitter has a global user registry
<dmitriz> sandro: wait, I'm not talking about identifiers
<dmitriz> sandro: the pain points you started with are things like dogpiling
<dmitriz> sandro: and various painpoints in moderation. so how would you
improve current (say Twitter style) moderation, with these
identifiers and ocap and so on? [11:39]
<dmitriz> cwebber2: ok, so, I have a bunch of different ideas and I'm jumping
around
<dmitriz> cwebber2: in the group scenarios (on Twitter), if you wanted to join
the fanfic community, you send a join request to the fanfic group
<dmitriz> cwebber2: and then they either accept/reject, and then your client
filters how you're getting messages from that [11:40]
<dmitriz> cwebber2: let's shift now to Mastodon, where the way we currently
interact with people is by Webfinger
<dmitriz> cwebber2: so, you'd have a similar group type thing
<dmitriz> cwebber2: so, I can join the fanfic community on Bob's server, and
Dmitri can join it on some other server, and we can communicate
<dmitriz> cwebber2: and the administrators of the group can moderate on the
group level. (instead of server level) [11:41]
<dmitriz> sandro: as a user, I don't want to care about what instance I'm on
<dmitriz> sandro: so is the idea that you limit conversation to particular
moderated spheres. do I have the right model? [11:42]
<dmitriz> cwebber2: so it's not like you can't talk to each other outside the
groups [11:43]
<dmitriz> cwebber2: more that - you can specify what kind of communications
you can request based on which group it comes through
<dmitriz> (er, what kind of communications you can receive, not request)
<dmitriz> sandro: ok, so like.. a physical metaphor is having multiple phone
numbers
<dmitriz> sandro: so I can give a different number to the fanfic group [11:44]
<dmitriz> cwebber2: right! and you can later choose to expose your personal
phone #, not the fanfic-specific one
<cwebber2> dmitriz: allow me to join in
<cwebber2> dmitriz: the fediverse one, creating new identifiers is very cheap
<cwebber2> dmitriz: combined with decent ui you create these derived
identities quickly and painlessly and they help limit moderation
[11:45]
<dmitriz> sandro: can you give another example from irl / history? [11:46]
<dmitriz> dmitriz: well in general, we're used to having context-specific
personas. in the context of the pub, in the context of work, etc
[11:47]
<dmitriz> sandro: getting back to the goal here, it's up to the employer to
police the interactions via the work phone number
<dmitriz> sandro: like, if I get harassed over my work number, the employer
can defend, etc
<dmitriz> sandro: so, ok, good analogy [11:48]
<dmitriz> cwebber2: ah, so that brings up the notion of "Pet Names", this idea
of mapping identifiers to entries on a contact list
<dmitriz> cwebber2: so like, here's my work phone, and it's labeled as "My
Work Phone"
<dmitriz> *not sure I'm following this explanation, re DNS etc* [11:49]
<dmitriz> cwebber2: let's say there 2 ways you can find me.
<dmitriz> cwebber2: lets say like, TOR onion addresses, or IP addresses, or
whatever
<dmitriz> cwebber2: one of them is a DNS Petname in your system, which you can
query to resolve dustycloud.org into that onion address [11:50]
<dmitriz> cwebber2: but the /other/ way is - you can only find me by talking
to Sandro
<dmitriz> cwebber2: so, DNS and Sandro are equal participants
<cwebber2> sandro => Chris Webber
<cwebber2> dns => dustycloud.org
<dmitriz> sandro: I'm getting hung up on the term "petname" [11:51]
<dmitriz> sandro: is likely not gonna get accepted by other communities /
contexts
<dmitriz> cwebber2: yeah, it's.. hotly debated
<cwebber2> https://www.w3.org/2005/Security/usability-ws/papers/02-hp-petname/
[11:52]
*** vt (~vt@public.cloak) has left channel #social
<dmitriz> cwebber2: for example, browser bookmarks are petnames [11:53]
<dmitriz> cwebber2: extending bookmarks to have some of these further petnames
mechanisms protects from phishing
<dmitriz> cwebber2: are there any other questions? I'm only touching on a
fraction of my ideas here [11:54]
*** vt (~vt@public.cloak) has joined channel #social
<dmitriz> melody: all of this stuff about OCaps seems to have a limitation,
compared to ACLs
<dmitriz> melody: it seems like once I have given a post to somebody, let's
say, they can do whatever they want with it [11:55]
<cwebber2> http://erights.org/elib/capability/delegations.html
<dmitriz> melody: it seems like there are systems where you can /suggest/ what
one should do with that post
<dmitriz> melody: and I'm not seeing how that works without an identity
handshake
<dmitriz> cwebber2: ocap community says: "we don't prohibit what we can't
prevent", though I'd like to say "we don't /pretend/ to prohibit
what we can't" [11:56]
<dmitriz> cwebber2: so for example, I'm a private individual, and I hand you a
capability to write to my timeline. and I say "please don't delegate
that, though"
<dmitriz> cwebber2: (and let's take as given, as current research suggests,
that it's not even theoretically possible to limit what you can do
with something, in an unconfined environment) [11:57]
<dmitriz> cwebber2: so, the OCap community has this idea/system named "Horton"
(as in, now we know who done it) [11:58]
<dmitriz> cwebber2: it's basically combining capabilities with access logs
<dmitriz> cwebber2: so we can examine it and see who's abusing a resource, and
we know who to hold accountable
<dmitriz> cwebber2: there's another concept of "split contract" [11:59]
<dmitriz> cwebber2: which is basically - there's a cheap/automated way to
enforce a contract (like current smart contracts, etc). but then
there's also a way to bring humans into the loop (say, the court of
law), that's the fallback, that's the other half of the split
contract [12:00]
<dmitriz> cwebber2: ok we're at the top of the hour [12:01]
<dmitriz> cwebber2: happy to do this again next week, same time
<dmitriz> melody: maybe I can ask my questions on IRC later
<cwebber2> =========== MEETING LOGGING ENDS =========== [12:02]