#social 2015-06-03

2015-06-03 UTC
jasnell, Arnaud, bblfish, Guest83, Arnaud1, shepazu and Arnaud2 joined the channel
#
Loqi Benthatmustbeme made 1 edit to [[Socialwg/2015-06-02-minutes]] https://www.w3.org/wiki/index.php?diff=84369&oldid=84368
#
Loqi Benthatmustbeme made 2 edits to [[Socialwg/2015-06-02-minutes]] https://www.w3.org/wiki/index.php?diff=84371&oldid=84369
jasnell, bblfish, Guest83, pfefferle, shepazu, cwebber2 and jansauer joined the channel
#
cwebber2 https://identi.ca/jankusanagi/image/UywaVlOqRdayvXBUWoFNOQ woo new dianara release but
#
cwebber2 tsyesika_: note the "limitation in the pump api" above, maybe we can address that in activitypump
AnnB joined the channel
#
oshepherd cwebber2: need good distributed auth
#
oshepherd I think hhalpin said w3c were working on something in this space?
#
cwebber2 he did say that
#
cwebber2 but I don't know what it was.
#
oshepherd Me neither
#
oshepherd And id like to know soon, and if it actually solves our problem
#
oshepherd Because so far nothing does, but we could build it from JOSE + OAuth2
guangyuan joined the channel
#
melvster1 osheperd, cwebber2: yes that was said, but I would not bet on that until there's any kind of official announcement, no one else I spoke to could confirm it
#
cwebber2 gotcha melvster1
#
oshepherd Maybe I'll draft up the stack of what we need with explanations and an example implementation
#
melvster1 currently we are using distributed auth in SoLiD, based on RSA PKI, using X.509 certificates, and the web crypto API ... it works well for my needs so far, getting to proof of concept
#
melvster1 auth is kind of broken on the web
#
oshepherd melvester1: can user@server1 authorise a client to talk on his behalf to other servers securely?
#
melvster1 because it's not always clear *what* is being authenticated, both identity and verification get mixed together meaning there's not a clean separation of concerns
#
melvster1 oshepherd: we are currently focussing on http uris for proof of concept, i think there's some work going on with email too
#
melvster1 working with flat strings user@server1 is very hard
#
oshepherd Not any specific name format
#
melvster1 first problem is that you dont know what it is, is it sip: is it mailto: is it acct: is it any number of other things, second problem is that there's not a clear way to follow your nose that's widely adopted, like with http
#
melvster1 is it xmpp:
#
oshepherd This isn't about name schemes
#
oshepherd This is about delegating credentials
#
oshepherd I.e. how do I let website.com do some things on my behalf at both my own and other servers?
#
melvster1 yeah well i dont think it's every going to scale unless it's very clear *what* is being authenticated
#
melvster1 s/every/ever
#
oshepherd This stuff is crucial. It's absolutely essential to a distributed social system
#
melvster1 no kidding :)
#
melvster1 the problem is that we dont have a distributed social system that scales, it needs to be built on top of a browsable social graph, and that first step isnt done, this is what we've learnt in the last 10 years, almost exactly since bradfitz announced openid
jasnell and jasnell_ joined the channel
#
oshepherd I think I've just come to a solution to a problem which has evaded me for a while in all of this...
#
oshepherd ... And it comes from the world's most hated W3C spec
#
melvster1 aren't they all hated? :D
#
oshepherd Yes, but this spec is the really controversial one
#
oshepherd Specifically, EME
#
melvster1 kk, yes propaganda against w3c is high at the best of times, but was particularly high on that one
#
oshepherd It solves the problem of " the video tag provides me no good way to pass credentials back to the origin "
#
melvster1 everyone seems to love to hate on the w3c, but they actually produce lots of good specs
#
oshepherd The solution is to encrypt the thing using the org.w3c.clearkey scheme
#
aaronpk haha another case of a long discussion happening in #social during the #socialig telcon
#
melvster1 oh is there a telecon on?
#
oshepherd Apparently
tantek and shepazu joined the channel
#
melvster1 what's the difference between the IG and the WG?
#
tantek melvster1 see https://www.w3.org/wiki/Socialwg#FAQ :)
#
elf-pavlik melvster1, https://www.w3.org/wiki/Socialwg/#What_is_the_role_of_the_WG_IG_CG
tilgovi joined the channel
#
melvster1 oh so the IG is a CG?
#
tantek no the IG supersedes the CG
#
tantek there was a CG before
#
melvster1 you mean the federated social web CG or another?
#
tantek yes
#
melvster1 got it
#
melvster1 that wasnt particularly active
#
tantek we dropped the federated, so we could encourage silos to join too ;) (jk)
#
aaronpk hhaha
#
melvster1 lol
#
melvster1 aren't they all silos?
#
tantek "they" ?
#
aaronpk is not a silo
#
melvster1 the members
#
tantek I'm not sure we have *any* silo members TBH
#
melvster1 i think they are all silo, but then we may have different definitions, I would say a silo restricts users in some major way, the most obvious being making connections to and from another silo
#
melvster1 so facebook is a silo because it doesnt let you link to g+
#
melvster1 and vice versa
#
tantek melvster1: I think there's more to silo than that. Would appreciate your feedback on the definition here: https://indiewebcamp.com/silo
#
melvster1 reading
#
elf-pavlik melvster1, i would like to ask you later about authentication & authorization topic i tried to capture in https://github.com/w3c-social/Social-APIs-Brainstorming/issues/8
#
melvster1 tantek: this is a great document
#
melvster1 "require you to create an account specific to that site to use it (silo identity)
#
melvster1 " -- yes!
#
tantek thanks melvster1! yes a lot of us have worked hard on it because the term is so often debated.
#
melvster1 "allow you to interact on the site only with others with accounts on the site (silo contacts / social network)" -- Yes
#
melvster1 tantek: I think there's actually two parts to the silo, one is content silos and the other is user profile / identity silos
#
melvster1 both come down to linking and connections
#
melvster1 ie restricting them
#
melvster1 but in slightly different contexts
#
tantek they seem to overlap in practice
#
melvster1 true
#
tantek if you have specific examples of just one but not the other, we can document that as a phenomenon as well
#
melvster1 tantek: I think for the user side, if you allow connections in and out, you can quickly develop a browsable social graph, among other things
#
melvster1 so we also have protocols that are a silo
#
elf-pavlik can i add github.com to Specialized Silos ?
#
melvster1 for example let's say we have a protocol based on XMPP
#
tantek melvster1 it's possible, yet I dont' think we have seen examples of that in practice
#
melvster1 that allows you to link to and from *any* XMPP account but *not* to any other type of account, that protocol becomes a sort of silo
#
melvster1 tantek: there's a very easy test, just dogfood it
#
elf-pavlik FYI: Timothée Jaussoin from https://movim.eu jump on this channel few times lately (aka. edhelas )
#
tantek melvster1: such XMPP variants / embrace-and-extend approaches would be good to document on https://indiewebcamp.com/XMPP
#
tantek specific real world examples thereof - rather than "for example let's say we have"
#
melvster1 SoLiD is designed to be unrestricted on linking to and from, so I can link to an OStatus identity like I do with GNU social, I can link to an indieweb account if I add you to my homepage, but now can an OStatus profile link out of that protocol, I've never seen that happen -- simple real world example : two way linking I link to you, and you link back to me ...
#
tantek melvster1: by real world example I mean *existing* (IE with a URL), not just "you could ..."
#
tantek real world possible example != real world actual example
#
tantek also skeptical about claims of "designed to be" vs. actually in practice.
#
melvster1 tantek: ok consider my homepage : http://www.melvincarvalho.com/ ... look under the section "People"
#
tantek the proof is in the deployment and usage
#
melvster1 it's also an indieweb homepage
#
tantek anyway - you were talking about XMPP - seemed like your next statement about SoLiD was a non-sequitor
#
melvster1 from there I link to many members of this group, to GNU social -- but I can also easily link to an XMPP account or to an email account ... it's not a silo because it does not have any artificially imposed restrictions, does that make sense?
#
tantek not sure how we got from "examples of silos" to "not a silo"
#
tantek so no, not really following
#
melvster1 tantek: my claim was that almost everyone has this artificially imposed restriction, hence are silos
#
tantek I think in most cases (actual silos) the restrictions are deliberately imposed, not artificial, or perhaps that's what you meant.
#
melvster1 tantek: in facebook they are deliberately imposed, but many systems that claim not to be silos actually the protocol is a silo, because they cant do what I do, and make a link to my profile, they are restricted ... just go through some examples from the group and we can test it, I've shown from my homepage I can link to anyone, but can anyone link to me, that's the challenge!
#
melvster1 i would challenge you to show me one profile that's not a silo
#
tantek all people's personal sites linked from https://indiewebcamp.com/irc-people :)
#
tantek as well as their user pages
#
melvster1 but that has protocol imposed views, such as 'your homepage must be your identity' -- which some people want, others dont -- but the acid test here is, could we work out a way that an indieweb homepage could link outside of indieweb to another profile, such as mine?
#
melvster1 i will agree that indieweb itself is one of the least siloish systems out there, tho
#
melvster1 but just survey the others
#
melvster1 do we have interop or balkanization, and why?
#
tantek we have growing interop among numerous indieweb implementations, due to minimum viable standards (protocols & formats).
#
tantek we have legacy balkanization due to monoculture projects/communities
#
melvster1 the only constraint of SoLiD is: if you use HTTP, obey the rules of HTTP, if you use mailto: obey the rules of mailto, if you use xmpp: obey the rules of xmpp etc.
#
tantek due to their interop only with themselves
#
tantek lack of constraints doesn't lead to success, shipping minimum viable things leads to success
#
melvster1 yes i do applause indieweb on that front, and I hope indieweb and SoLiD can interop quite soon, but even that's hard, and Im saying most systems are not like that, that's what I mean by silo
#
melvster1 im only interested in one specific constraint for the "silo" definition
#
melvster1 can two users connect to each other
#
tantek we've had that since SMTP, so I'm not interested in that definition
#
tantek clearly "can two users connect to each other" is insufficient for success on the social web (or internet)
#
tantek on a more productive note, re: SoLiD interop - when you have a chance, start documenting personal sites that are built on SoLiD, and examples of permalink URLs at those sites, and we can look at indieweb interop!
#
tantek documenting e.g. on a wiki page
#
melvster1 ok!
#
melvster1 tantek: which wiki?
#
tantek interop > debates of silo definition :)
#
tantek melvster1: presumably whatever wiki the SoLiD community is using
#
tantek but if none, I'd say go for w3.org/wiki/SoLiD to start with
#
melvster1 tantek: does there have to be a restriction on personal sites? I do that but not everyone does. For example, the identity in the spec is timbl's : http://www.w3.org/People/Berners-Lee/card#i -- does this count to you?
#
melvster1 having said that I think timbl may have originally registered w3.org :)
#
tantek there are good reasons to use subdomains rather than paths for identity
#
tantek security, cross-origin concerns etc.
#
tantek using path based identities like that is a good incremental step, but hopefully we can get whole domain<->domain interop at some point
#
melvster1 yes
#
melvster1 is what im working on right now actually
#
tantek anyway - when you start documenting a list of actively deployed / in-use real world personal sites (with domain / subdomain / or path identity) - then we can look at that list URL and start looking at possibilities for interop - preferably with folks who are active here so they are able to respond to feedback and make improvements.
#
tantek great
#
melvster1 multi domain chat
#
tantek will check back in a bit
#
tantek yeah, multi domain chat would be very cool, instead of using the w3c irc "silo" (actually more like a "commons" - see http://indiewebcamp.com/commons for the difference) :)
#
melvster1 yes, exactly!
AnnB2 joined the channel
#
tantek very glad you're thinking about that problem.
#
tantek it's a hard problem. especially with reducing all the latencies with so many servers involved.
#
melvster1 yes, i know :)
#
aaronpk ironically with talky.io webrtc video, it works better having a central server that all the peers connect to, to avoid needing all the peers to talk to each other
#
tantek elf-pavlik: oops I missed your question about github. here, if you follow your nose about github: https://indiewebcamp.com/github - note that it's already described as a}H�}cialized silo there, thus the answer to your question is yes :)
Guest83, KevinMarks, jasnell, AnnB, shepazu, Arnaud and jansauer_ joined the channel
#
Guest83 !tell elf-pavlik : saw your message. I'll be watching here when free for rest of day if you have time to advise
#
Loqi Ok, I'll tell them that when I see them next
#
bengo err that was me
#
bengo !tell elf-pavlik : saw your message. I'll be watching here when free for rest of day if you have time to advise
#
Loqi bengo: elf-pavlik left you a message on 6/2 at 4:52pm: let's discuss your AS extensions here on IRC? https://github.com/jasnell/w3c-socialwg-activitystreams/issues/134#issuecomment-108122077 http://socialwg.indiewebcamp.com/irc/social/2015-06-02/line/1433289153666
#
Loqi Ok, I'll tell them that when I see them next
AnnB, shepazu, jasnell, bblfish, bengo, tilgovi, LCyrin and jasnell_ joined the channel
#
melvster1 elf-pavlik: tl;dr authentication is a verb, not a noun :)
bengo, shepazu, jansauer, jasnell and KevinMarks joined the channel