#social 2015-06-14

2015-06-14 UTC
bblfish and shepazu joined the channel
#
cwebber2 "does anyone actually have any real examples of updating profiles in any social API implemeentations?
#
cwebber2 "
#
cwebber2 the answer is YES
#
cwebber2 bam
#
cwebber2 https://identi.ca/jankusanagi/image/tPESgZ1FRFmI-RNWQC5zaQ
#
cwebber2 check it out.
shepazu, bblfish and shepazu_ joined the channel
#
melvster we demoed profile updates in Paris
#
melvster id be happy to give details if you need
bblfish joined the channel
#
melvster cwebber2: re: https://github.com/w3c-social/activitypump/blob/master/userstories/following-a-person.md
#
melvster 1. is there a live version working, or is it just a sketch for now
#
melvster 2. "He ends up at the following URL, her internal profile" ...
#
melvster https://acmegamecorp.example/people/beth_m_bost/
#
melvster so then
#
melvster "object": {
#
melvster "@id": "https://acmegamecorp.example/people/beth_m_bost/"
#
melvster "@type": "Person",
#
melvster },
#
melvster should that not be of type "Profile"
#
melvster ie the profile contains the person
#
melvster and information about them
#
melvster i sent a mail to the list
#
rhiaro melvster: how to manage profile v person is still a fairly open issue I think, and the Profile type in AS2 was only added at the Paris f2f
#
Loqi Tsyesika made 1 edit to [[Socialwg/2015-06-09]] https://www.w3.org/wiki/index.php?diff=84468&oldid=84423
Arnaud1 and jaywink joined the channel
#
ben_thatmustbeme tsyesika: i think that was the wrong week you added that to
#
Loqi Benthatmustbeme made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=84470&oldid=84408
#
ben_thatmustbeme tsyesika: nevermind, i saw it was the "next meeting" section
#
melvster rhiaro: thanks hope we can solve it because it affects interoperability
#
Loqi Benthatmustbeme made 1 edit to [[Socialwg/2015-06-16]] https://www.w3.org/wiki/index.php?diff=84471&oldid=84467
#
rhiaro I agree
elf-pavlik joined the channel
#
ben_thatmustbeme Random question, i thought for people to be considered in good standing in th e WG they had to attend the majority of teleconfs... There are a lot of names I don't even recognize here http://www.w3.org/2000/09/dbwg/details?group=72531&public=1
#
Loqi Benthatmustbeme made 4 edits to [[Socialwg/2015-06-16]] https://www.w3.org/wiki/index.php?diff=84475&oldid=84471
#
rhiaro ben_thatmustbeme: I don't think 'good standing' is policed
#
ben_thatmustbeme clearly it isn't
#
melvster ben_thatmustbeme: Its always the way, was the same in the XG, I was the only person that attended every telecon, a fair % drops out after 6 months
#
melvster you are supposed to attend or send regrets
#
melvster but a lot of people dont
#
melvster beleive it or not, possibly this group is better than most!
#
cwebber2 melvster: most "implementation" stuff is still pump.io, so precedes activiytpump. I'm working on an implementation, but the last few weeks involved me getting out a major mediagoblin release and this week involves me moving house
#
cwebber2 so once that finishes, I'll be putting time into the AP implementation
#
cwebber2 so as rhiaro said, the profile stuff is new
#
melvster cwebber2: awesome, looking forward to it, im also implementing as we go along, so I look forward to testing
#
melvster TPAC is not till October, right? Hopefully there's enough time to get through some use cases, implement, test and have some feedback, what do you tink cwebber2, rhiaro?
#
rhiaro hey melvster, would you have time to look at what we've got so far for micropub and activitypump at https://github.com/w3c-social/Social-APIs-Brainstorming and see if there's anything for SoLiD you could add?
#
melvster looking
#
cwebber2 melvster: I hope so :)
#
melvster rhiaro: great page ... micropub is what all of indieweb use, right? is it used in other places, out of curiosity?
bblfish joined the channel
#
melvster bblfish might be able to add more on the LDP side, but in SoLiD we use GET on an LDP or LDPC (Linked data platform container)
#
melvster a cointainer is like an endpoint
#
melvster we dont have inbox and outbox but we can
#
melvster in fact it was mentioned during our last call
#
melvster we use websockets to get notifications on a container (endpoint)
#
rhiaro If you or bblfish have time to contribute we'd really appreciate it
#
melvster using sub <URI> ; pub <URI>
#
rhiaro so far aaronpk and tsyesika have put the most in, so it'd be good to balance contributions from the solid perspective
#
melvster rhiaro: bearer tokens, we dont use them, but we could ... one question: am I correct in OAuth you can derive the user from the bearer token?
#
melvster we use PUT to create and DELETE to delete too
#
rhiaro "all of indieweb" is a pretty vague box to draw, but I don't know of any say mainstream products that use micropub
#
rhiaro I don't know much about OAuth, you'd have to ask aaronpk
#
melvster ok, when doing authentication it's helpful to know what's being authenticated
#
elf-pavlik hola! last two days i implemented quick Unhosted Micropub Client http://elf-pavlik.github.io/unmpc/ it leaves to authorization server to chose how one authenticates (IndieAuth, WebID-*, Mozilla Persona, OpenID Connect ...) and uses Bearer tokens for API interaction
#
elf-pavlik i plan to also add LDP and Hydra APIs for it for comparison
#
elf-pavlik http://elf-pavlik.github.io/unmpc/
#
rhiaro elf-pavlik: nice!
#
elf-pavlik i will aslo try to post tomorrow some diagrams on authentication / authorization and using Bearer tokens
#
melvster thanks
#
melvster elf-pavlik: id appreciate it if you included identification with authz and authn that gives a context of exactly what is being authenticated
#
elf-pavlik melvster, using Bearer tokens can also allow to restrict permisions for SoLiDd apps
#
melvster it could be added
#
melvster Endpoints
#
melvster Similar but different:
#
melvster :)
#
elf-pavlik I start with HTTP URI based identity, used both by IndieWeb and WebID, but I can also add acct: to work with webfinger (+ remoteStorage) as well as mailto: which can use Mozilla Persona
#
melvster rhiaro: perhaps endpoint title should say 'endpoint discovery'?
#
rhiaro PRs with fixes and additions welcome :)
#
melvster nods
#
rhiaro or issues
#
elf-pavlik melvster, https://www.w3.org/wiki/Socialwg/Social_API/Comparison#Endpoint
#
melvster elf-pavlik: im not sure the future of mozilla persona i asked 2 days ago and they met with the mozilla CEO and will know in a few weeks, I suspect it will be sunset
#
elf-pavlik melvster, i don't put much faith into it ... more interested in identity credentials which IndieAuth also seems to use in a way http://opencreds.org/specs/source/identity-credentials/
#
elf-pavlik so Mozilla Persona provided just EmailCredential verification
#
melvster not even email
#
melvster it was user@host string
#
melvster without the mailto:
#
melvster but that was assumed to be email
#
elf-pavlik just as https://indiecert.net provides X509Credential verification service
#
melvster elf-pavlik: that's a nice page, I think it's all correct
#
melvster the endpoint page
#
elf-pavlik GpgCredential verification https://indieauth.com/gpg
#
elf-pavlik etc.
#
melvster although of course SoLiD can point to an ap:outbox or micropub endpoint also
#
elf-pavlik rhiaro, do you have HTTPS working?
#
rhiaro no
#
elf-pavlik you could try posting to https://phubble.tuxed.net/w3c-social/ via http://elf-pavlik.github.io/unmpc/ but that requres identity on HTTPS
#
elf-pavlik enforced by authorization server used by phubble.tuxed.net (ATM indiecert.net but later moving to something like as.tuxed.net)
#
melvster elf-pavlik: I look forward to when indiecert recognizes my x.509
#
elf-pavlik if you want indiecert.net to use it you may need to enable HTTPS for your identity document
#
melvster ill let others test it then and give feedback
#
elf-pavlik melvster, I see you saying "Thanks. Will test again when I upgrade." in https://github.com/fkooman/indiecert/issues/6
#
melvster elf-pavlik: its not a priority right now to me, and dont expect it will be in the short time, im working with the telegram protocol for secure privacy aware chat, and merging it with SoLiD, advantage is a bootstrap of a large user base
#
melvster if you'd like to try telegram, you can test my fork at http://webid.im/t
#
melvster (if you dont use it already that is)
#
melvster my username is @melvincarvalho
#
melvster they use quite advanced PKI, this interests me right now, more than indiecert, but id be happy if indiecert was shown to work with webid, i dont think ill ever see that day tho
#
ben_thatmustbeme rhiaro: https://github.com/dissolve/w3c-socialwg-activitystreams/tree/fixmicroformats my current work
#
ben_thatmustbeme if you wanted to know
#
rhiaro melvster: I thought indiecert did work webid
#
rhiaro thanks ben_thatmustbeme, gonna look at that
#
melvster rhiaro: not as far as im aware, but if someone does get it working id love to read about it
#
elf-pavlik indiecert.net requires HTTPS for identity documents (just as webfinger does makes HTTPS a MUST)
#
melvster webfinger--
#
Loqi webfinger has -7 karma
#
elf-pavlik onde day once I find on http://webid.info/ *information* about generating WebID-TLS compatibile X.509 i'll test if indiecert.net works with it...
bblfish joined the channel
#
rhiaro from this thread https://github.com/fkooman/indiecert/issues/6 it seems like a webid cert should work with indiecert with https
#
rhiaro (I don't have https so I can't test)
#
melvster not me
#
melvster s/not/nor
#
rhiaro ah right
#
elf-pavlik indiecert.net also allows use of https://www.cacert.org/
#
elf-pavlik with http://www.startssl.com/ one should keep in mind that - they will charge $$$ for revocation of issued certificate - if you request it
#
melvster yeah i hate startssl
#
melvster never again
#
melvster i actually paid for my last cert from gandi rather than use startssl
bblfish joined the channel
#
melvster not even telegram mandate HTTPS they fall back gracefully
#
melvster in fact not even facebook did until they reached 100 million users
#
melvster back to the topic
#
melvster what is : application/activitystreams+json
#
melvster why does AS have its own mime type, anyone know?
#
melvster ah maybe it's from AS1.0?
#
rhiaro AS1 is application/stream+json (off the top of my head), as2 is application/activity+json
#
melvster ah, good knowledge!
#
elf-pavlik melvster, https://github.com/jasnell/w3c-socialwg-activitystreams/issues/132
#
elf-pavlik typo: application/activitystreams+json whould have: application/activity+json
#
melvster hmm i dont know what our library does with that
#
melvster ill have to check it out
#
Loqi Pelf made 1 edit to [[Socialwg/Social API/Comparison]] https://www.w3.org/wiki/index.php?diff=84476&oldid=83872
jasnell joined the channel
#
elf-pavlik ben_thatmustbeme, looking at https://github.com/dissolve/w3c-socialwg-activitystreams/tree/fixmicroformats
#
elf-pavlik from parsing html microformats from html i will not have possibility to get exact the same data as normative AS2.0 (JSON-LD) examples
#
ben_thatmustbeme elf-pavlik: I am updating examples to show what is actually in use, getting all the same data is not my first priority. The fact that that difference exists says that either microformats may need something new or its just not used yet, or the spec needs to be curtailed
bblfish joined the channel
#
melvster elf-pavlik: thanks for the link, do you know anyone that's tried it and it works with, when I tried it, it failed silently, its a nice proof of concept, but i have to say if it doesnt work with http, it doesnt work with the web
#
melvster and why not parse the standards machine readable public key in the profile? seems the author is more interested in keeping people out, rather than, letting people in
#
elf-pavlik melvster, i don't know what you refer to by saying "parse the standards machine readable public key in the profile", indiecert.net uses rel="publickey" from http://microformats.org/wiki/existing-rel-values and https://tools.ietf.org/html/rfc6920 which you might even recommed yourself
#
melvster elf-pavlik: have a look at the webid tls spec it shows all formats of public key supported and mandatory, they are all W3C RECS : http://www.w3.org/2005/Incubator/webid/spec/tls/
#
elf-pavlik WebID-TLS doesn't have status of recognized standard
#
melvster elf-pavlik: but turtle does etc. ... id rather not test this with you further here, it doesnt work with my profile, or http in general, I suggest trying with someone else, if that's OK?
#
elf-pavlik sure
#
melvster thks
#
elf-pavlik https://twitter.com/lechatpito/status/434770786348322816/photo/1
#
Loqi @lechatpito :: Ha! The map of semantic markup by Yandex https://twitter.com/lechatpito/status/434770786348322816/photo/1
#
aaronpk melvster: re: OAuth, there is an extension to OAuth 2.0 called "token introspection" which is meant to give you information about the token. In pure OAuth 2.0, you don't need to know a user ID to be able to use tokens, but in practice, everyone wants to know user data, so now there is OpenID Connect, IndieAuth (oauth + identity) or snowflake APIs for it
#
melvster thx
tilgovi and bblfish joined the channel
#
melvster aaronpk: like most groups we tended to focus more on auth, than identity at the start, then we later realized *what* you are authenticating turns out to be really important
#
aaronpk also don't forget that authentication != authorization
#
aaronpk http://oauth.net/articles/authentication/
#
elf-pavlik token introspection draft also linked in https://indiecert.net/faq#micropub
#
elf-pavlik aaronpk, if you like you can try to post with http://elf-pavlik.github.io/unmpc/ to https://phubble.tuxed.net/w3c-social/
#
aaronpk neat!
#
elf-pavlik aaronpk, if you log in directly to phubble you can also post to this secret space https://phubble.tuxed.net/alice-b-day/ next step i want to add posting and reading secret spaces via unmpc
#
melvster aaronpk: yes very good point, there's 3 things people often mix, ident , authn , authz
#
elf-pavlik melvster, i would add *credentials* used to verify ident during authn
#
elf-pavlik e.g. rel="publickey" or rel="me" href="mailto:foo@example.net" etc.
#
elf-pavlik similar with WebID-TLS verification with SPARQL query ;) http://www.w3.org/2005/Incubator/webid/spec/tls/#verifying-the-webid-claim
#
elf-pavlik to my understanding IndieAuth also supports verifying OnlineAccountCredential e.g. Twitter, Github, other silos providing accounts
#
elf-pavlik which works in very simlar way as *hosted* badges in http://openbadges.org while Credentials CG focuses also on *signed* variant to complement hosted one
jasnell, bblfish, KevinMarks, LCyrin, tilgovi, jasnell_ and Arnaud joined the channel