#social 2017-11-22

2017-11-22 UTC
rowan joined the channel
#
cwebber2 sandro: rhiaro: when's the next publish date? is it next tuesday? thursday?
#
cwebber2 preparing export...
#
cwebber2 oh I see from https://www.w3.org/wiki/Socialwg/ActivityPub_PR
timbl, rowan_, rowan and htrob joined the channel
#
bengo https://distbin.com/activities/ba7c2703-9637-48b0-91a3-ca2e55d84089
#
xmpp-social [ajordan] bengo: I'm seeing HTTP 503
#
bengo eplol ya I'm down right now :/
#
bengo ajordan back
#
xmpp-social [ajordan] Neat
xmpp-social and h joined the channel
#
Chocobozzz Hi,
#
Chocobozzz I'm sorry but I don't really understand how to distribute a like activity in the fediverse.
#
Chocobozzz If a user A (on server A) creates a note, that is sent to followers user B (on server B) and user C (on server C), and then user B likes the note
#
Chocobozzz -> the like activity is sent to server A, but how server C knowns that this note has a new like?
#
rhiaro hey Chocobozzz.
#
rhiaro When B clicks 'like', their client knows that the original note was addressed to A's followers. The client includes this information - *and* adds A to 'to' (see section 6.1 Client Addressing) on the new Like activity, which is posted to B's outbox. B's server then carries out the instructions for outbox delivery (section 7.1.1) which involves finding all the adresses in to, bto, cc, bcc and audience, discovering *their* inboxes and posting the activity on. In
#
rhiaro this case, this means the Like gets sent back to A.
#
rhiaro Now A's followers Collection should be on this list somewhere (thanks to B's client), but B's server knows it doesn't 'own' this Collection (and in any case it may be access controlled and unavailable). It's the responsibility of A's server to pass the message on.
#
rhiaro When A receive's B's like in A's Inbox, A's server carries out 7.1.2 (Forwarding from Inbox). In this case, A's server sees A's Followers collection in one of the addressing properties and can fetch the outbox of every actor in the Collection, and deliver to them. C is in this Collection, so C will get the Like.
#
Chocobozzz Thanks for this very clear explanation rhiaro! :)
#
rhiaro We should make a flow chart
#
Chocobozzz it would be very useful yes
#
rhiaro Relatedly, the reason B's client is responsible for the addressing is to allow for a UI which would let B delete A's followers from the recipients, in case B actually doesn't want A's followers to be notified of the Like explicitly
#
Chocobozzz makes sense!
h joined the channel
#
sandro aaronpk, advice from Ralph & Philippe is to confirm with implementors then with the ACReps who voted (which I'll do once we're settled)
#
sandro Looking over https://www.w3.org/wiki/Socialwg/2017-08-15-minutes#resolution06 it's odd how we did one Feature-at-Risk but not the other.
#
sandro And they kind of agreed that link-in-body is enough of an odd edge case, given most people dont think it's legal HTML, that it's not a big deal either way
#
sandro But I am concerned about the Superfeedr result
h, htrob, htrobinson and timbl joined the channel
#
cwebber2 hi hi
#
cwebber2 we have a socialcg call today, right?
#
puckipedia hi hi
#
cwebber2 checks
#
puckipedia oh right, didn't think of that
#
cwebber2 yep, today
#
cwebber2 not scheduled though on the wiki, oops
h joined the channel
#
cwebber2 (btw you may see edits from cwebber-specops; normally I keep my specops stuff separate, but for some reason my normal username cwebber2 can log into various w3c things but *not* the wiki. I'm supposed to sort it out but for right now I'm using the account that works)
#
puckipedia call is in 20-ish minutes?
h joined the channel
#
cwebber2 yep
h and sivy joined the channel
#
sivy o/
#
puckipedia \o
#
cwebber2 hi sivy
#
sivy pikcing up the kid but would like to lurk for the mtg
#
sivy wow, have not been on IRC in dogs years
#
sivy :)
h joined the channel
#
sandro wondering if there's anything for the agenda that I'd find interesting....
#
sandro or that I can help with, more to the point
#
puckipedia pfff finally got mumble audio to work ... took me like 5 minutes. hooray for linux
h joined the channel
#
puckipedia anyways I'm in the mumble already
#
cwebber2 connecting in a sec
#
melody i have a cold but i don't want to miss any more of these calls but i'll probably be muted 98% of the time because otherwise i'll just be sniffling into the mic
#
cwebber2 melody: your presence is still appreciated and i hope your cold recedes soon!
h joined the channel
#
cwebber2 ajordan: tsyesika: aaronpk: anyone else: in case you want to dial in to the socialcg meeting :)
#
cwebber2 trackbot, start meeting
#
trackbot is preparing a teleconference.
RRSAgent joined the channel
#
RRSAgent logging to https://www.w3.org/2017/11/22-social-irc
#
trackbot RRSAgent, make logs public
#
RRSAgent I have made the request, trackbot
Zakim joined the channel
#
trackbot Meeting: Social Web Working Group Teleconference
#
trackbot Date: 22 November 2017
#
cwebber2 present+
#
puckipedia present+
#
sandro present+
#
nightpool present+
#
melody present+
#
cwebber2 melody, have you scribed before? if not maybe this is a good first time to try :)
#
nightpool would scribe if they hadn't just woken up
#
melody i haven't
#
melody how does that work
#
cwebber2 melody: ok, are you willing to do it? basically you just type "nickname: summary of what the person says"
#
cwebber2 melody the hard part is learning to associate names with voices but mumble helps a little by lighting up... if you need us to tell you who's speaking just ask tho
#
cwebber2 melody everyone needs to scribe sometime though so it would be great if you could do it :) just do the best you can to capture it as we go!
#
melody i'm a little nervous about that but i'll do my best
#
cwebber2 yay!
#
Loqi :D
#
cwebber2 scribenick: melody
h joined the channel
#
cwebber2 https://www.w3.org/wiki/SocialCG/2017-11-22
#
melody should i be capturing this sort of boilerplate convo?
#
ben_thatmustbeme melody a few additional items to know, you can do things like TOPIC: <sometopic> to set the topic in the logs, , anyone can correct minutes with s/eror/error/
#
sandro +1 puckipedia !
#
cwebber2 https://activitypub.rocks/implementation-report/
#
melody cwebber2: activitypub is moving to PR which means that activitypub is as we see it ready to become a standard, but is waiting on management to approve it as a standard
#
melody i'm really bad at scribing i'm sorry
#
sandro I was just thinking how well you're doing, melody !
#
sandro s/management/management and the W3C Membership/
#
nightpool waves
#
nightpool i'll take a look when I get a chance
#
aaronpk https://github.com/w3c/websub/issues/138 and https://github.com/w3c/websub/issues/146 are the two issues
#
Loqi [aaronpk] #138 different hub for same topic if denied
#
melody aaronpk: with websub we've processed a bunch of feedback from the PR period, there are now two outstanding issues we need community feedback from -- it would be fantastic to get feedback from anybody using websub, i'll drop a link in the channel, and it'd be great to get input from the mastodon side, as it's critical to moving on to the next step of the spec
#
cwebber2 so like
#
cwebber2 cwebber2: blah blah
#
cwebber2 ... blah
#
sandro or just .. blah blah
#
cwebber2 I didn't know you could do only two! :)
#
sandro :-)
#
melody i'm not sure if that's gonna be easier for me
#
cwebber2 melody: just do what's best for you :)
#
cwebber2 https://github.com/swicg/general/issues/22
#
Loqi [cwebber] #22 Publishing which extensions are used by a server
#
melody cwebber2: we're onto the final item of the agenda which is publishing which extensions are used by a server
#
melody cwebber2: if you want to be able to send some sort of message and be sure the other side actually knows how to handle that message
#
melody ... we have a certain amount of extension built into the spec already as general extension mechanisms
#
melody ... but you can imagine we have a social karma extension and if we want to treat that on both sides as a transaction, and you would want to know if the other side will handle it
#
melody i missed some middle here
#
aaronpk q+
#
Zakim sees aaronpk on the speaker queue
#
cwebber2 ack aaronpk
#
Zakim sees no one on the speaker queue
#
nightpool aaronpk: can you give a more concrete example of how this doesn't solve the problem even if it *feels* like it does?
#
sandro +1 aaronpk this is an antipattern; thinking about fallbacks is good
#
nightpool I agree but it feels like it can be more strongly worded.
#
nightpool q+ to other failure
#
Zakim sees nightpool on the speaker queue
#
melody aaronpk: this has been tried before but testing for extensions hasn't really worked well, it just looks like it solves a problem but doesn't actually, usually better to think of fallback behavior
#
cwebber2 ack nightpool
#
Zakim nightpool, you wanted to other failure
#
Zakim sees no one on the speaker queue
#
aaronpk lol zakim
#
nightpool text-only b/c i just woke up, so maybe someone can relay?
#
melody cwebber2: this might be more important when you are expecting an acknowledgement to a certain kind of message and are suprrised when one never arrives
#
nightpool But this is important for other types of failures as well
#
nightpool what if you try to pay someone, but their server went offline?
#
Loqi http://meme.loqi.me/m/4rYhi14h.jpg
#
nightpool We solved this for Follows with explicit Accepts and Rejects
#
nightpool So extensions which need confirmation should have explicit confirmation.
#
nightpool I don't think the problem needs to be any more complex then that.
#
nightpool Unless there's something else I'm missing?
#
nightpool fin.
#
melody q+
#
Zakim sees melody on the speaker queue
#
cwebber2 ack melody
#
Zakim sees no one on the speaker queue
#
cwebber2 scribenick: cwebber2
#
cwebber2 melody, don't hear you
#
sandro q+
#
Zakim sees sandro on the speaker queue
#
cwebber2 melody: I just wanted to add that one of the things that testing for extensions would allow you to do is not attempt delivery at all if a server does not support a specific extension, which could be important as a type of fallback behavior which could be important as a security-intensive thing if the server does not support whatever you're trying to publish
#
cwebber2 melody: for example, if you're transmitting some sort of sensitive information that you wouldn't want it to display as just an arbitrary message that you don't want displayed explicitly if not handled, it may be better not to transmit at all
#
cwebber2 scribenick: melody
#
cwebber2 q+ to reply to nightpool
#
Zakim sees sandro, cwebber on the speaker queue
#
cwebber2 ack sandro
#
Zakim sees cwebber on the speaker queue
#
nightpool +1 to sandro--just requiring a property on actors already covers everything this proposal could do
#
cwebber2 ack cwebber
#
Zakim cwebber, you wanted to reply to nightpool
#
Zakim sees no one on the speaker queue
#
melody sandro: mastodon had this failure mode with private messages before activitypub, JSON-LD extension mechanism covers everything this proposal could do
#
melody cwebber2: the explicit ack might be important anyway because if you do a federated add to a collection and the collection isn't owned by your server we don't have any mechanism to have any sense of whether the add happened, only a request to add
#
melody ... if i see that a request to add a photo to a shared curated album i don't actually know whether it happened i only see the request
#
cwebber2 q?
#
Zakim sees no one on the speaker queue
#
cwebber2 you're doing a great job scribing btw melody :)
#
melody i'm sorry i missed that last bit
#
nightpool cwebber2 I think sandro's point was a little stronger then you summarized it
#
cwebber2 cwebber2: maybe accept/reject are good enough for an ack/nack but maybe we want something else?
#
nightpool In that an "extension" endpoint is a complete subset to having a property, with that *same uri* that just says "true"
#
cwebber2 q?
#
Zakim sees no one on the speaker queue
#
nightpool We could probably move to a resolution to close this issue given it sounds like we have consensus?
#
melody cwebber2: i agree we probably don't want to add another layer of indirection at this point
#
nightpool Ah, sorry puckipedia was still typing that when you spoke up
#
melody puckipedia: a while back we mentioned we might have a server actor for server-wide information, maybe for some extensions we can make sure that they are on the server actor
#
melody cwebber2: if we go the direction of adding properties, there's no reason you couldn't use them on the server actor in that way
#
nightpool there was a github issue.
#
aaronpk sandro++
#
Loqi sandro has 52 karma in this channel (59 overall)
#
nightpool and vague conversation w/ the glich-soc people
#
melody sandro: was there an actual problem somebody was having that prompted this issue?
#
nightpool let me see if I can scare it up
#
melody cwebber2: yes, but have not described it
#
nightpool https://mst3k.interlinked.me/@Elizafox/1517781 is the thread
#
Loqi [Eliza 「SHITPOST 2 U」 KSC] Is there any way with ActivityPub to discover what features a target server supports?
#
nightpool https://github.com/swicg/general/issues/22 is the issue under discusion
#
Loqi [cwebber] #22 Publishing which extensions are used by a server
#
melody cwebber2: are we ready to close the issue?
#
melody sandro: yes, we can point to these minutes and explain that it doesn't seem useful for the use cases so far
#
nightpool C2S is maybe a point here we haven't brought up yet?
#
xmpp-social [ajordan] Oh yikes completely forgot about the telecon... oops
#
xmpp-social [ajordan] And I gotta pack now :/
#
xmpp-social [ajordan] Have fun though!
#
nightpool reading this thread/and the tagentially related glitch-soc issue by surinna https://github.com/glitch-soc/mastodon/issues/123
#
Loqi [ekiru] #123 Expose some description of functionality supported by the instance in the API
#
melody cwebber2: the mechanism we're discussing seems to work just as well for client to server
#
nightpool Right, that makes sense. Thanks.
#
melody sandro: the client would just have to know where to look
#
nightpool to be clear: this is the glitch fork, not the mastodon project
#
nightpool ah yes. the "spam" filter
#
nightpool sandro++
#
Loqi sandro has 53 karma in this channel (60 overall)
#
cwebber2 q?
#
Zakim sees no one on the speaker queue
tantek joined the channel
#
nightpool https://cybre.space/about/more
#
nightpool https://octodon.social/about/more is another example
#
cwebber2 topic: account migration WIP on mastodon
#
melody should i start scribing again?
#
nightpool https://github.com/tootsuite/mastodon/pull/5746
#
Loqi [Gargron] #5746 Profile redirect notes
#
melody nightpool: we have a new property on actors that say "this user has moved to this location" which is just displayed and does a soft redirect and the mastodon web UI disables the follow button
#
tantek calls into the mumble
#
tantek mutes self
#
tantek present+
#
cwebber2 https://github.com/tootsuite/mastodon/pull/5746#pullrequestreview-77611085
#
melody cwebber2: i noticed that moved to was added to the AS namespace so this is a good time to talk about our extension process
#
tantek q?
#
Zakim sees no one on the speaker queue
#
nightpool Given that none of the CG members that aren't part of other working groups can use the wiki, i'm still somewhat -1 on using it for extensions.
#
melody cwebber2: we talked about letting implementers take the lead and try out changes before we decide whether to add something officially to AS
#
cwebber2 https://www.w3.org/wiki/Activity_Streams_extensions
#
melody sandro: could also add them on a provisional basis
#
melody cwebber2: it seems less provisional if a major implementer releases something while it was in the spec
#
tantek what does "Provisional" mean? that's the problem here IMO
#
tantek q+ to note we should name any "phases" by what they mean in practice, rather than an abstract term IMO
#
Zakim sees tantek on the speaker queue
#
cwebber2 ack tantek
#
Zakim tantek, you wanted to note we should name any "phases" by what they mean in practice, rather than an abstract term IMO
#
Zakim sees no one on the speaker queue
#
melody sandro: we could make a wiki for the community group since almost anyone can join
#
cwebber2 q+ to suggest a github repo
#
Zakim sees cwebber on the speaker queue
#
melody tantek: recommend against a community-group-specific wiki, when the group ends, it's hard to transition things and nobody has made it work in practice
#
nightpool or having an "implemented" group or something
#
cwebber2 https://www.w3.org/wiki/Activity_Streams_extensions#Proposed_extensions
#
melody cwebber2: so right now there's no mechanism for moving an extension away from "proposed"
#
nightpool +1 to extend
#
cwebber2 +1
#
melody +1 to extend
#
puckipedia will probably leave right now
#
sandro +1 ten minutes
#
melody cwebber2: Given that people can't edit the wiki, propose we move the extension process into a github repository, people can use pull requests on a markdown document to contribute and discuss
#
melody sandro: we could convert the existing document to markdown
#
melody cwebber2: i don't think we need all the core stuff, we could do a document with just the extension info
#
melody sandro: wouldn't it be easier if there was only one place to look up vocabulary?
#
nightpool q+
#
Zakim sees cwebber, nightpool on the speaker queue
#
melody cwebber2: might be a lot to read through
#
melody cwebber2: which repository should we use? ActivityPub, New Repo, ActivityStreams?
#
cwebber2 ack cwebber
#
Zakim cwebber, you wanted to suggest a github repo
#
Zakim sees nightpool on the speaker queue
#
cwebber2 ack nightpool
#
Zakim sees no one on the speaker queue
#
melody cwebber2: going to create new repo
#
melody nightpool: there may be vocabulary that we haven't thought through in a fully general context, liked moved to
#
melody nightpool: if we make a new repository it should be for general activitypub extensions not just activitystreams
#
melody i missed scribing some discussion about activitypub technically being an extension of activitystreams, so activitypub extensions are all activitystreams extensions
#
cwebber2 topic: movedTo
#
melody nightpool: having seperate documents gives more room for adding historical information, context, and rationale
#
tantek oh boy, AP is much more than an AS2 extension
#
tantek AS2 extensions were intended to be vocab only IIRC
#
tantek and AP introduces tons of features / protocols etc. above & beyond AS2 - it's a new spec
#
melody nightpool: movedTo is a first step towards migration, just the first, easiest, simplest thing out there, when you want to move you specify the actor you want to move to, the actor provides a confirmation
#
melody sandro: so this does not automatically move subscriptions/etc
#
tantek I'm worried that a partial solution to migration may actually slow down or block a more complete solution that moves subscriptions etc.
#
tantek I realize perfect is the enemy of good and all that
#
melody cwebber2: there was some talk of using a move activity to do the migration and subscriptions
h joined the channel
#
tantek but in this case I feel it may actually be counterproductive
#
nightpool cwebber2++
#
Loqi cwebber2 has 106 karma
#
aaronpk cwebber2++
#
Loqi cwebber2 has 107 karma
#
cwebber2 melody++
#
Loqi melody has 1 karma
#
cwebber2 trackbot, end meeting
#
trackbot is ending a teleconference.
#
trackbot Zakim, list attendees
#
Zakim As of this point the attendees have been cwebber, puckipedia, sandro, nightpool, melody, tantek
#
trackbot RRSAgent, please draft minutes
#
RRSAgent I have made the request to generate https://www.w3.org/2017/11/22-social-minutes.html trackbot
#
trackbot RRSAgent, bye
#
RRSAgent I see no action items
#
nightpool tantek: I understand that, but this is a first step for mastodon's implementation.
#
melody i missed scribing some additional commentary at the end there
#
tantek nightpool, normally I strongly agree with the "first step" methodology of making these kinds of things work
#
nightpool It hasn't been released yet and my understanding is that we won't consider the feature "done" until it does also do the other things
#
cwebber2 oh btw you were offline by the time I did it tantek, but "# yes" column up on https://activitypub.rocks/implementation-report/ now.
#
tantek cwebber++ that helps a lot! also helps more quickly show which features are more commonly adopted
#
Loqi cwebber has 30 karma in this channel (31 overall)
h joined the channel
#
nightpool cwebber2: minutes link seems incorrect?
#
nightpool Also, someone should put the minutes up on the wiki ^.^
#
cwebber2 nightpool: fixed the link
#
cwebber2 and yeah I should put them up
#
cwebber2 http://pandoc.amy.gy is down so I need to convert them manually
#
cwebber2 or wait till it comes back up again
#
cwebber2 I've become spoiled ;)
#
rhiaro scream at digitalocean for me
#
tantek oh dear what did digitalocean do?!?
#
tantek they're normally quite reliable AFAIK
#
rhiaro their nameservers point to a cloudflare error as far as I know, and they're claiming everything is fine
#
rhiaro but all of my domains that use their dns are very much not okay
#
tantek can you disable your use of cloudflare?
#
rhiaro I didn't know cloudflare was involved
#
rhiaro I'm just using their nameservers
#
nightpool huh, that's weird. pandoc.amy.gy seems to resolve for me, it just doesn't respond to port 80
#
rhiaro HUH
#
rhiaro ns1.digitalocean.com has a weird cloudflare error for me, does anyone else see it..?
#
nightpool it's timing out on HTTP but it seems to be responding to dig just fine.....
#
nightpool maybe they put cloudflare in front of it by accident, and now the DNS traffic is getting reflected to cloudflare which has no idea what to do about it?
#
rhiaro nightpool do you happen to be in a position to figure out the ip address of the server? cwebber2 the actual service is still up..
#
rhiaro I can't log into my digital ocean right now for reasons involving a chain of 2FA dependencies I can't access
#
tantek oh dear that sounds even worse :(
#
tantek rhiaro: I'm hoping this isn't a phone number / SMS problem
#
rhiaro It's not world ending. The necessary SIM card is not in the same building as me.
#
rhiaro (DO detected an unusual login and emailed me a code. I don't have my email on my work laptop or my phone.. and can't get into google without the missing SIM)
#
rhiaro SECURITY
#
nightpool rhiaro: server is resolving for me at 178.62.197.214
h joined the channel
#
xmpp-social [ajordan] Hey open question - does the non-normative convergence around JSON-LD signatures mean that "pure JSON" implementations MUST include a JSON-LD parser?
#
xmpp-social [ajordan] Also FWIW pump.strugee.net is in DO NYC1 (iirc) and it seems fine
#
nightpool ajordan: afaik you only need to do canonicalization, not parsing, but yes.
#
xmpp-social [ajordan] Well "parsing"
#
xmpp-social [ajordan] Doesn't canonicalization imply parsing contexts?
#
nightpool this was a bit of a sticking point for mastodon and one of the reasons we're not super the biggest fans of it.
#
xmpp-social [ajordan] Bearing in mind that I still don't understand JSON-LD lol
#
xmpp-social [ajordan] Right, okay
#
nightpool we do it cause it doesn't seem like there's a better way atm and this one is standarized
#
tantek yeah that definitely raises the bar quite a bit
#
nightpool ajordan: the signature verification code in mastodon is completely seperate from the actual "what is this activity code"
#
nightpool one uses the JSON-LD libraries, the other doesn't.
#
xmpp-social [ajordan] Yeah I think that's how we'll do it in pump.io too when we get there
#
xmpp-social [ajordan] Just segregate it to a module marked "here be grues"
#
nightpool FWIW the lds stuff isn't required for federation--we use HTTP signatures for that
#
xmpp-social [ajordan] Right
#
xmpp-social [ajordan] Ugh I'm so behind, this is a long way off for us anyway
#
xmpp-social [ajordan] Well, depending
#
xmpp-social [ajordan] We should get to a baseline of AP support pretty soon and then we'll have to tackle auth
#
xmpp-social [ajordan] As the second step
#
nightpool afaik you can always get around signing stuff by just fetching it from servers though
#
tantek ^^^ this
#
xmpp-social [ajordan] Hm, good point
#
nightpool so ¯\_(ツ)_/¯ on whether support is even useful.
#
xmpp-social [ajordan] I mean you've traded strong identity keys for X.509/PKI but maybe it's worth it
#
xmpp-social [ajordan] We'll see. Gotta ship baseline AP first
#
xmpp-social [ajordan] We'll just keep our existing auth while that stabilizes
#
puckipedia so actually I consider signing another reason: if you have no outbox, you could connect to any server, publish a message, then sign it to prove it's yours, then host it on that server
#
xmpp-social [ajordan] You mean a static server?
#
puckipedia you could host your actor object on your own domain, then host the objects on a shared server, for example, yeah
#
xmpp-social [ajordan] But why not just host in the same place as your actor? Objects aren't that big
#
xmpp-social [ajordan] Media might be, but that you can reference on a shared server
#
puckipedia nomadic identity, object-hash-based IDs
#
xmpp-social [ajordan] Idk I'm definitely not sure but right now I'm just not seeing the usecase
#
xmpp-social [ajordan] So if we replaced HTTP URIs you mean
#
puckipedia your ID could be https://puckipedia.com/ but your objects stored on https://social.puckipedia.com/ maybe even
#
puckipedia which happens with Mastodon servers a bit, where webfinger on the root points to a subdomain
#
puckipedia should you consider those to be in the same authority?
#
xmpp-social [ajordan] Hmm
#
cwebber2 I've been thinking about this and I agree having things on a different "origin" than the one you're on should be possible, and may even be necessary for some kinds of remote interactions we may want down the line
#
xmpp-social [ajordan] Well so in that case I'd argue that since you're just dereferencing the ID from the apex domain it doesn't really count. Trying to figure out if there's same case where that wouldn't be true
#
cwebber2 but I'm not sure there isn't another attack possibility here
#
xmpp-social [ajordan] Idk I guess maybe I'm being too narrow-minded, not sure
#
xmpp-social [ajordan] Just want to avoid building out something with no *real* usecases
#
xmpp-social [ajordan] *cue a wild tantek appearing*
#
tantek O_o
#
puckipedia so I think signing objects is still a good idea to do even for normal retrieval
#
puckipedia anyways, {"type": "Person", "id": "https://www.example.com", "outbox": "https://social.example.com" }
#
puckipedia is this the same origin? :P
#
puckipedia or, ehm, bad example
#
xmpp-social [ajordan] tantek: amirite
#
puckipedia {"id": "https://example2.com", "type": "Note", "attributedTo": "https://www.example.com", "content": "Hello"} - how do you verify that this object was created by the above person
#
nightpool wait is what the same origin
#
puckipedia nightpool: www.example.com and social.example.com
#
xmpp-social [ajordan] Hm yeah so that makes sense but two things
#
nightpool well, I mean the glib answer is "you get it posted to your inbox with HTTP Signatures"
#
puckipedia nightpool: what if Alice as:Announces the post?
#
cwebber2 that's the very use case mastodon has LDS for
#
xmpp-social [ajordan] 1. While you'd definitely need signatures for that case, I'm still not convinced that would actually come up in practice (though definitely could be wrong)
#
cwebber2 ajordan: this does come up in practice
#
cwebber2 and *did* come up in practice
#
puckipedia I can make Kroeg do this without even changing code
#
cwebber2 people were sharing contents from other servers replacing words with nastier words
#
cwebber2 and then actors on the network got confused
#
xmpp-social [ajordan] 2. What's the threat model? You're still vulnerable to DoS
#
cwebber2 2) that's a *different* threat model
#
puckipedia cwebber2: well, the LD signatures run on the announce don't verify the object that is announced
#
cwebber2 puckipedia: but if the object itself also has a signature
#
cwebber2 then you can
#
xmpp-social [ajordan] cwebber2: but the question is whether refetching from the origin is Good Enough ™
#
cwebber2 ajordan: you may not always have permission
#
cwebber2 we went over this not too long ago
#
cwebber2 it may even be you have permission
#
puckipedia (or the server is down currently)
#
cwebber2 it may be you were technically addressed
#
xmpp-social [ajordan] Ahhhhhh okay
#
puckipedia I myself would like to see every object signed separately to be Future-Proof(TM)
#
cwebber2 but to a collection you don't have access to traverse
#
cwebber2 if you really want objects to be able to be safely passed around you have to sign them
#
xmpp-social [ajordan] Sorry, I have a vague memory of us discussing this so I know I'm rehashing (ha!) things
#
cwebber2 it's ok
#
cwebber2 but to address your 2) about DDoS
#
cwebber2 sure
#
cwebber2 that's a separate topic though
#
xmpp-social [ajordan] (very distracted atm because of some really nasty stuff in my personal life :/ )
#
cwebber2 though if you want that you'd need a content-addressed solution for storing things
#
cwebber2 ajordan: sorry to hear that :(
#
xmpp-social [ajordan] cwebber2: not DDoS
#
xmpp-social [ajordan] DoS
#
cwebber2 oh ok
#
cwebber2 could you explain?
#
xmpp-social [ajordan] The scenario we were discussing is if your actor is on a server you control but everything else is in a shared server but it's signed. I wasn't convinced people would actually want that in practice
#
xmpp-social [ajordan] cwebber2: thanks, I appreciate it
bengo joined the channel
#
cwebber2 ajordan: an well, it's not as common probably. I guess examples I can maybe think of are distributed games or maybe something like a public media store server
#
puckipedia or people not wanting to host e.g. an AP server, but still use their own domain as ID
#
cwebber2 that's an actual use case that we talked about early on
#
cwebber2 especially when we thought micropub and activitypub might merge
#
cwebber2 indieweb folks were especially interested in this
#
xmpp-social [ajordan] We thought that?
#
cwebber2 ajordan: before you were here, for 1.5 of the years of the group that was on the table and we were trying to do it
#
cwebber2 anyway the use case was static site hosting still interacting with activitypub servers
#
cwebber2 for example
#
xmpp-social [ajordan] Lol I'm sure
#
cwebber2 dustycloud.org is statically generated, but maybe I want to put my inbox on another domain
#
cwebber2 so my posts are still coming from dustycloud.org
#
xmpp-social [ajordan] Right that totally makes sense
#
cwebber2 but you can comment on them through another server and they can be rendered through js or something like that
#
xmpp-social [ajordan] But if we're at the point where "another domain" is so untrusted you need to sign all your stuff
#
cwebber2 "another domain" *should* be untrusted :)
#
cwebber2 you can't trust the fediverse ;)
#
cwebber2 or at least
#
xmpp-social [ajordan] But if it's a domain *you picked*
#
cwebber2 ajordan: so say thirdpartysocial.example is hosting my stuff
#
cwebber2 or is *claiming* to
#
xmpp-social [ajordan] Sure
#
cwebber2 if thirdpartysocial.example sent you stuff claiming I said it
#
cwebber2 how do you know that's really true
#
cwebber2 worse
#
cwebber2 what about fourthpartysocial.example jumps in and says "me too"
#
cwebber2 granted, nobody is really doing this in practice at the moment, and that's a valid criticism (though it sounds like puckipedia might try), but these are use cases that were on the table.
#
xmpp-social [ajordan] Ahhh yes that makes sense now
#
cwebber2 of course, Announce is on the table, since we're doing that today :)
#
xmpp-social [ajordan] Because there's no canonical location for "here are the domains that are allowed to speak for me"
#
cwebber2 right
#
xmpp-social [ajordan] Ooookay. Got it.
#
cwebber2 though, I could counter-argue against myself with another attack, but maybe I shouldn't :)
#
cwebber2 heck why not
#
xmpp-social [ajordan] So (and I'm NOT suggesting we do this but) it sounds like you could just specify that
#
xmpp-social [ajordan] Like an array in the Actor or something
#
cwebber2 maybe, but we don't have that specified
#
xmpp-social [ajordan] And then you wouldn't need the signatures anymore
#
melody if you wanted a location for "here are the domains that are allowed to speak for me" wouldn't it pretty much have to be the domain of the actor's ID?
#
cwebber2 and it starts to get into really awful access control problems
#
xmpp-social [ajordan] Ofc, and I'm not suggesting we specify it
#
xmpp-social [ajordan] For that reason and because it just feels shaky compared to strong cryptography
#
xmpp-social [ajordan] melody: yeah, but that fits the situation we're discussing
#
melody i was just checking my understanding mostly, trying to follow this conversation
#
xmpp-social [ajordan] ? sounds good
#
xmpp-social [ajordan] Oh actually do you know what else
#
melody i'm bad at crypto but *really* interested in the auth implications of AP for my eventual implementation
#
melody so this seems important to grok
#
nightpool cwebber2: what kind of access control problems do you predict here?
#
xmpp-social [ajordan] Domain-based trust doesn't work. Because what if you have shared hosting on the same domain and each customer gets a subpath
#
cwebber2 the most worrying thing to me in activitypub is still implied access control based on addressing. But, I have a pretty good answer for that in an extension... but I need to incubate it
#
xmpp-social [ajordan] melody: right
snarfed joined the channel
#
cwebber2 nightpool: ah... so, Access Control Lists have a lot of problems (I recommend the paper "ACLs Don't", though it's kinda academic) but what's even worse is that we have *implied* access control in ActivityPub currently.
#
cwebber2 based on inference from addressing
#
xmpp-social [ajordan] Though tbh the actual crypto isn't super interesting here, it's mostly just signature stuff we (meaning the tech community, not #social) have been doing for ages
#
cwebber2 I have a good way out of that but it requires that I finish incubating ld-ocap
#
cwebber2 nightpool: here are some examples
#
cwebber2 nightpool: if I create a collection, who can add/remove items from it?
#
xmpp-social [ajordan] Lol collections
#
nightpool I mean, the server that publishes the collection?
#
cwebber2 nightpool: what if I want to give people the ability to Add / Remove items
#
nightpool from a AP perspective, the person who can actually change what is returned for that object
#
nightpool cwebber2: well, they'd have to send those activities to that server then?
#
xmpp-social [ajordan] nightpool: but you can't preemptively determine access
#
cwebber2 nightpool: right, and how does the server know my intent of who I wanted to be able to added/removed? we don't have any specification for that
#
nightpool in some sense there is no way to model an ACL for activity pub because only one person can ever change what is returned by resolving a given DNS path
#
xmpp-social [ajordan] You'd have to try/catch
#
cwebber2 but here's a worse problem
#
cwebber2 who can GET an object?
#
cwebber2 you'd probably say, "well that depends on the addressing"
#
cwebber2 which makes sense and yes
#
cwebber2 though, it starts to get fuzzy:
#
cwebber2 what if I addressed a collection I don't have access to myself, but that collection forwarded for me
#
cwebber2 either because it has an inbox, or using the forwarding mechanism
#
cwebber2 I have no idea that some people could have access to that object, so I'll lock out more people than I should
#
nightpool forwarding can't add new recepients that aren't explicitly addressed
#
nightpool that's part of the spec mastodon breaks
#
cwebber2 nightpool: so if Alyssa writes a post to her followers, and Ben replies including her followers in the addressing
#
cwebber2 nightpool: according to the AP spec Alyssa's server will forward it. but if Eve is one of the people forwarded to, Ben would never know
#
nightpool cwebber2: on a different topic, I wrote up a bit about movedTo.
#
cwebber2 so if Eve tries to do a GET against it, even if she's authenticated, it'll fail
#
cwebber2 nightpool: it's hardly the worst case scenario because she presumably already got it once
#
cwebber2 through the actual delivery
#
cwebber2 it's just annoying
#
cwebber2 nightpool: yay re: movedTo!
#
Loqi woot
#
cwebber2 I guess I should get up that repo so you can submit the extension there
#
nightpool yeah
#
nightpool in the meantime you can take a look here: https://gist.github.com/nightpool/21fb737babb2f8714d911236e21b05e7
#
cwebber2 sweet, thanks nightpool :)
#
nightpool left a comment about wanting to include possible redirects/delivery/etc solutions but not being confident in their correctness currently.
#
nightpool will probably integrate that into the text itself when I make the PR
#
Zakim excuses himself; his presence no longer seems to be needed
#
Loqi bye Zakim!
#
cwebber2 gonna grab lunch and then I'll make the repo
#
ben_thatmustbeme looks at the chat history
#
ben_thatmustbeme turns and leaves immediately
#
xmpp-social [ajordan] Lolll
#
xmpp-social [ajordan] Same tho
#
tantek next week's SWWG telcon agenda page up: https://www.w3.org/wiki/Socialwg/2017-11-28
#
Loqi Tantekelik made 1 edit to [[Socialwg/2017-11-28]] https://www.w3.org/wiki/index.php?diff=105261&oldid=0
#
xmpp-social [ajordan] Thx tantek
#
xmpp-social [ajordan] tantek: the bullets starting with PTD, SWP, etc. are just the reasons we need to have December telecons, right? Not actually on the agenda?
#
xmpp-social [ajordan] ben_thatmustbeme: should JF2 be on that list?
#
ben_thatmustbeme yes, i suppose it should
#
xmpp-social [ajordan] If you don't feel it's ready or anything like that we could move it to the SocialCG
#
xmpp-social [ajordan] Since it's not REC-track
#
tantek ajordan: correct (re: reasons)
#
xmpp-social [ajordan] Cool, thx
#
tantek we should likely at least snapshot jf2 as a NOTE from the WG
#
xmpp-social [ajordan] Define "snapshot"
#
tantek and then further work can happen in the SocialCG (but won't be NOTEs)
#
Loqi yea
#
xmpp-social [ajordan] Oh misread NOTE as WD
#
xmpp-social [ajordan] Why though? SocialCG can publish notes so why wouldn't we just continue incubating it there?
#
tantek no CG can only publish "reports"
#
tantek not NOTEs
#
xmpp-social [ajordan] Ahhhhhhh interesting
#
tantek but yes we can continue iterating in SocialCG as CG reports
#
xmpp-social [ajordan] I must've misremembered. That's unfortunate
#
xmpp-social [ajordan] Snapshotting makes a lot more sense now tho
#
xmpp-social [ajordan] Oh I need to read the minutes from yesterday and today don't I
#
Loqi Tantekelik made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=105262&oldid=105222
#
tantek re-reads the charter https://www.w3.org/2013/socialweb/social-wg-charter.html to see how we are doing / have done on Goals
#
tantek Hmm I don't think we have anything on "Embedded Experiences" per se, though my use of webmention.io + streams.tmb to do RSVPs embedding may count for that - however we haven't published any documents that describe that
#
xmpp-social [ajordan] Could easily be a part of the NOTE series we do
#
tantek ben_thatmustbeme: we should probably document how a jf2 implementation (like streams.tmb) can solve the Embedded Experiences goal in the Charter
#
xmpp-social [ajordan] /me sees if IRC is decent on the flaky train WiFi
#
tantek captured: https://github.com/dissolve/jf2/issues/36
#
Loqi [tantek] #36 document solving Embedded Experiences goal from charter
#
tantek and the last goal was a bit of a stretch
#
tantek "Enterprise Social Business" ... including: "... replace email within an enterprise for crucial business processes ..." which we're not even close to describing how to do, much less having any actual working examples thereof.
#
tantek (in contrast to RSVPs on my event posts are a live working example of "Embedded Experiences")
#
tantek Perhaps it's ok if we admit replacing enterprise email is hard :P
#
tantek (and no one who cared to work on actually implementing enterprise centric use-cases actually showed up to do the work)
#
tantek beyond documenting usecases in the IG - which we kinda already had from the prior workshop report. but no prototyping or spec drafts / features to address that AFAIK. happy to be corrected.
#
ajordan I mean I guess in theory you could use AP
#
tantek ajordan: in theory you could use lots of things, that doesn't mean much unfortunately
#
ajordan lol yeah that's very true
#
ajordan https://chat.indieweb.org/social/2017-11-22#t1511339628912000 oh god I just realized
#
ajordan did we build SMTP?
#
Loqi [rhiaro] When A receive's B's like in A's Inbox, A's server carries out 7.1.2 (Forwarding from Inbox). In this case, A's server sees A's Followers collection in one of the addressing properties and can fetch the outbox of every actor in the Collection, and de...
#
ajordan inbox is the same from a client point of view as a federation point of view
#
ajordan nightpool: left you a comment on the Gist
#
erincandescent ajordan: ActivityPub (and the pump.io protocol) are kinda just SMTP over HTTP
#
ajordan erincandescent: yeah honestly
#
ajordan I think the only real difference is that there's more data modeling in bodies
#
ajordan laughs nervously
#
erincandescent Also SMTP/IMAP can't list all the e-mails I've ever sent to anyone else
#
tantek IMAP has a Sent folder right? or just common server implementations do - that does that
#
ajordan tantek: Sent is a client thing
#
ajordan erincandescent: good point
#
tantek not AFAIK. use client1 to send an email via IMAP, use client2 to browse Sent folder on IMAP server and see the email
#
erincandescent yes
#
erincandescent Its on the server but your client puts it there
#
tantek same with AP
#
erincandescent When you send an e-mail, your client SMTPs it and then stuffs it into sent
#
erincandescent The SMTP server does not stuff e-mails into sent
#
tantek it's on the server but your client puts it there
#
ajordan tantek: you're misunderstanding
#
erincandescent No, with AP the act of sending something and adding it to your outbox is atomic
#
tantek IMAP does tho right?
#
erincandescent No
#
ajordan no
#
erincandescent You send your e-mail via SMTP, and *then* your client (by convention) dumps a copy in "Sent Items"
#
ajordan it's perfectly possible to submit an email for delivery over SMTP and then not copy it anywhere
#
aaronpk it sounds like activitypub isn't actually very similar to SMTP then
#
tantek atomic? that's not relevant to whether can/or can't list all the emails
#
ajordan well since we're talking plumbing it is
#
ajordan aaronpk: meh, delivery model is still similar
#
erincandescent More importantly I can't login to tantek's server via IMAP and read his Sent Items
#
tantek ajordan: "list all the e-mails I've ever sent" sounds like a user feature, not plumbing
#
erincandescent tantek: Yes, but in the social web we call it "reading somebody's feed/blog"
#
ajordan tantek: lol true, I just meant that the original discussion was whether AP was similar to SMTP
#
ajordan and then erincandescent pointed out that plumbing-wise that's a difference between the two
#
tantek or some combination of SMTP/POP/IMAP
#
erincandescent . o O (JMAP)
#
ajordan hahahahaha
#
tantek ajordan, but in practice (UI) not
#
Loqi awesome
#
ajordan tantek: yeah
#
aaronpk JMAP is already a thing http://jmap.io/
#
erincandescent JMAP replaces IMAP and SMTP MSP, so JMAP is ActivityPub for e-mail :P
#
ajordan erincandescent: only for C2S profiles
#
erincandescent yeah
#
ajordan I always found SMTP C2S to be a dirty historical thing
#
ajordan lol the real question here is, did we invent the horror show *surrounding* SMTP
#
ajordan and I don't _think_ so?
#
Loqi Tantekelik made 1 edit to [[Socialwg/2017-11-21]] https://www.w3.org/wiki/index.php?diff=105263&oldid=105249
#
tantek ajordan, I'll point out what's been said before, depending only on signatures pretty much does just that, since a spammy server can create valid signatures of what it is spamming just as easily as a non-spammy server
#
tantek OTOH verifying by getting the content from the permalink is fundamentally different from SMTP (and raises the barrier for spamming compared to SMTP)
#
tantek it's one of the reasons I think a lot of folks are like, signatures? yawn
#
tantek (at best, or *eyes glaze over*)
#
erincandescent Honestly fetching won't fix anything. Spammers will just setup their own servers
#
ajordan tantek: that's not the biggest design problem with SMTP
#
ajordan the biggest problem, which AFAICT we've fixed, is that you can forge From: headers and there's no good way to verify it
#
tantek erincandescent: "won't fix anything" != "raises the barrier"
#
ajordan at least for spam
#
tantek ajordan, there are so many problems with SMTP, that I'm not sure what the "biggest" are
#
ajordan email security is also a horror show of funhouse mirrors and scary clowns but I think we're better on that count too just because we shipped in 2017
#
ajordan tantek: fair point
#
tantek ajordan: email security has turned into something where only a few big server companies peer with each other, getting a new email server "accepted" by any of them is nearly prohibitive
#
erincandescent SMTP: Hah, can't require TLS. Definitely can't require valid TLS certs
#
tantek email is no longer really federated, just collusion among a small oligopoly amongst each other
#
erincandescent You can totally still run your own mail server
#
tantek with perhaps grandfathering for a few "older" servers out there
#
ajordan tantek: meh
#
tantek but yeah, it's prohibitive to set up a new one and get your email accepted by the big providers
#
ajordan the only big requirements are a static IP and correct reverse DNS
#
ajordan it's not
#
erincandescent Not really? So many companies run in house
#
tantek nope, all kinds of headers nonsense
#
tantek get on all the right whitelists etc.
#
puckipedia IPv6 SMTP against gmail is really complicated against
#
puckipedia apparently*
#
tantek erincandescent: fewer and fewer. more and more are using enterprise email services from Google etc.
#
tantek in house email is basically dying
#
erincandescent Honestly I've never seen an enterprise using GMail. Though Office365 yes
#
tantek Twitter uses enterprise Gmail etc.
#
ajordan that's not true
#
tantek pretty well known from public articles
#
tantek internally
#
ajordan even though I should
#
ajordan I don't DKIM sign my mail and have never had delievery problems
#
ajordan I do SPF and that's Good Enough(tm)
#
aaronpk wat, plenty of enterprises use gmail
#
ajordan though to be fair it *is* _just_ me on my server, so it's mostly impossible for me to get on any blacklists because no one else can use my IP and no one can forge From: headers from me because of SPF. and there aren't any other users to send spam.
#
aaronpk `dig mx mozilla.org` -> 1 aspmx.l.google.com.
#
ajordan puckipedia: now that I can't comment on because IPv6 in my network is screwed so I have it disabled
#
ajordan I'm ashamed tbh
#
aaronpk `dig mx twitter.com` -> 10 aspmx.l.google.com.
#
erincandescent aaronpk: In my corner of the industry its all Exchange and probaly Office365 and Skype for Business ...
#
puckipedia ajordan: oh aha, I think you need a valid PTR record :<
#
ajordan puckipedia: you need that for IPv4 too
#
ajordan home mail server on a dynamic IP actually works shockingly well, the only problem I had was AOL rejecting mail because some previous tenant of my IP had sent spam (probably from a virus or something)
#
ajordan but of course that's a bummer which is why you need a static IP
#
erincandescent Dynamic IPs are normally bad because most ISPs enter them into DNSBLs
#
ajordan exactly
#
ajordan erincandescent: do you know offhand if SpamHaus rejects dynamic IPs? because if so I drop all email from them on the floor
#
erincandescent ajordan: Spamhaus Policy Blocklist is dynamic IPs (as marked by ISPs)
#
erincandescent "Policy" = netblock owner indicates this IP should not be sending e-mail
#
ajordan ah gotcha
#
puckipedia yep. I am in the PBL, but not in the SBL or XBL
#
ajordan lol I have no idea if I have that enabled, I haven't poked at these configurations in so long
#
erincandescent lol I just pulled the MX records of 6 of our customers, 5 in house, 1 Office365
#
ajordan oh this is reminding me, I had a bug open at one point to have automation check if I'm on any major blacklists. I should do that
#
ajordan just finished reading the meeting minutes from today, good discussion
#
puckipedia woooow debugging Kroeg is slow
#
puckipedia like. really really slow.
#
puckipedia "next": "http://localhost:5000/user/28839131/outbox?cursor=-1?cursor=925512232439631872",
#
puckipedia eh I'll call this an improvement
#
ajordan lol Ship It(tm)
#
ajordan puckipedia: good catch with the pump.io @context
#
ajordan you were totally right, fixing it now
#
ajordan looks like that's actually a bug in the spec
#
ajordan https://github.com/w3c/activitystreams/issues/434 captured
#
Loqi [strugee] #434 Appendix B doesn't sufficiently cover @context
#
cwebber2 beep
#
cwebber2 I kinda crashed for a few hours
#
cwebber2 now getting to the AS2 extensions repo stuff
#
ajordan cwebber2: you deserve it after PR
#
cwebber2 yeah that really took it out of me
#
tantek cwebber2: feel free to share the wiki page transition request for AP to PR for review
#
tantek so we can help you get your parts to "done" and leave it firmly in w3c staff hands :)
#
cwebber2 you know
#
ajordan I'm so excited this is finally happening
#
puckipedia yeah!
#
cwebber2 yes me too!
#
cwebber2 I wonder if that is what happened to me after all re: the wiki
#
cwebber2 I had the weird glitch where my password wasn't working so I reset it, and since then I was able to log into wordpress and not the wiki
#
cwebber2 but, my cwebber2 account isn't linked to a membership
#
cwebber2 I'm an IE
#
cwebber2 whereas cwebber-specops has a member affiliationship
#
cwebber2 with Spec-Ops
#
cwebber2 I probably got cwebber2 set up before the anti-spam account stuff, maybe I was grandfathered in, but resetting the password somehow broke things
#
ajordan cwebber2: I bet you made your password too complicated
#
cwebber2 ajordan: I do like complicated passwords :P
#
ajordan does it have special characters? is it longer than 32 characters? pretty sure both of those break the wiki
#
cwebber2 this last time I tried just a randomly genereated alphanumeric password of less than 32 chars tho
#
ajordan cwebber2: yeah I started with 128 characters, ~1/2 special (as generated by `apg`)
#
ajordan eventually downgraded all the way to 16 characters, only letters, and that seemed to work
#
cwebber2 and it still only allowed me to log into wordpress and not the wiki
#
cwebber2 wowee
#
ajordan yeah I think if I look I can find a log of me reporting it live in #social
#
cwebber2 tantek: btw is there anything else to be done other than what rhiaro already did on https://www.w3.org/wiki/Socialwg/ActivityPub_PR ?
#
cwebber2 it looks like everything is filled in
#
tantek looks pretty good. the n/a bits are not really true
#
tantek and the News Item is empty
#
tantek so no, everything is not filled in :)
#
tantek in https://www.w3.org/wiki/Socialwg/ActivityPub_PR#Requirements, it ought to cite the deliverables from the charter which are being satisfied
#
tantek and even quote from the scope, since that's what you're helping to satisfy https://www.w3.org/2013/socialweb/social-wg-charter.html#scope
#
tantek almost literally: "A social API should include the ability to embed third-party information and share social data between web applications. The API should re-use the social data transfer syntax and may allow some interaction with the federation protocol. The API should also be extensible in terms of the items of interest expressible by the data format."
#
tantek except cut out the "embed third-party information and"
#
tantek because AP does not do that
#
tantek (it doesn't have to do everything in the scope, to be clear)
#
tantek but the fact that it does so much of it is a very good thing that should be mentioned in the transition
#
tantek the next paragraph too:
#
tantek "A Web protocol for federating social data should include at least the ability to share status updates using the JSON-based syntax developed by the Working Group. This protocol may allow the capture of new data, the verification of data using techniques such as as digital signatures"
#
cwebber2 tantek: it's able to embed third-party information...
#
cwebber2 you can embed an object from another origin
#
tantek I think you may be thinking a plumbing meaning of embed vs a user-visible/interactive meaning (which is what the charter intended there)
#
cwebber2 well I'm a plumber, so :)
#
cwebber2 but maybe you mean sepecifically oembed style.
#
tantek like oembed style yes
#
tantek see the Goals section for where Embedded Experiences is defined
#
ajordan someone tell me if this is a bad idea
#
cwebber2 (though, you could do this: fetch the object with a type of activity+json / ld+json and then include that as an object)
#
tantek https://www.w3.org/2013/socialweb/social-wg-charter.html#goals
#
ajordan https://twitter.com/NYTMinusContext but for #social and on a federated network (duh)
#
tantek " this interaction could be securely embedded within page itself" <-- i.e. iframe, object etc.
#
cwebber2 > Embedded Experiences: When a user is involved in a social process, often a particular action in a status update may need to cause the triggering of an application. For example, a travel request may need to redirect a user to the company's travel agent. Rather than re-direct the user, this interaction could be securely embedded within page itself.
#
cwebber2 huh
#
cwebber2 yeah
#
cwebber2 actually that sounds like what the web payments group is trying to accomplish, heh
#
tantek an aspect of yeah
#
tantek we haven't worked on that much here in socialwg
#
tantek because the opensocial / enterprise people that wanted that use-case never worked on prototyping anything to spec
#
cwebber2 ok, thanks for the clarification
#
tantek the only thing remotely resembling that Embedded Experiences thing that we've done is the embedded displays of webmentions that various folks have done
#
tantek where a page includes a third party element (script/iframe) to embed live interactive responses to that page
#
tantek e.g. I do that with iframe embedding a third party service to show RSVPs on my event posts
#
ajordan tbh I've never been clear on exactly what a deliverable for that might look like
#
ajordan it kinda just seems like each implementation would build that and do an <iframe> thing
#
tantek ajordan it helps to have real world examples to point to, analyze etc.
#
ajordan ah gotcha
#
tantek but you can make standards for how such embedding should work
#
ajordan so not necessarily a spec or whatever
#
tantek what goes across the wire to the iframe
#
ajordan how so?
#
tantek interaction across the page and the embed
#
tantek etc.
#
tantek webactions are another example of this
#
ajordan wait so you're imagining that you might send something specific inside the iframe and then the user agent would be able to add extra UI/features/etc. to it?
#
tantek that's exactly what webactions do for example
#
ajordan right
#
ajordan hm, I guess that makes sense
rowan joined the channel
#
tantek aforementioned example of iframe embedding a third party service to show RSVPs on my event posts http://tantek.com/2017/319/e1/homebrew-website-club (including an RSVP from ajordan)
#
Loqi Homebrew Website Club SF
#
ajordan :-)
#
ajordan I've since broken Lazymention lol
#
ajordan unfortunately
#
cwebber2 yes this is what we've been discussing in the SocialCG
#
cwebber2 and notably the web payments group, there's a group trying to get browser vendors to expose the very tech they are building for web payments in a way that's more "composable"
#
cwebber2 because we could reuse that very same workflow (and indeed sandro came up with the same solution independently that's being exposed there):
#
tantek it's a hard problem for sure
#
ajordan we've been discussing this in the CG? recently?
#
cwebber2 ajordan: yes this was about 3 months ago
#
ajordan ahhhh that's why I don't remember
#
tantek also touches on CSS, e.g. the layout between the page and the embedding
#
ajordan has the memory of a goldfish a lot of the time
#
tantek it's likely the general platform need is going to be worked on in WICG
#
tantek since there are many other needs (not specific to Web Payments)
#
ajordan tantek: what's WICG stand for?
#
tantek cwebber2: if that's something you're working on (that kind of embedding), you may want to join the WICG
#
tantek ajordan the W stands for Web Platform
#
cwebber2 tantek: it's not something I'm working on, but maybe dlongley should join the WICG then :)
#
tantek the ICG are the same as in SWICG
#
cwebber2 cool
#
ajordan right on
#
cwebber2 dlongley has built a polyfill for web payments which does exactly the workflow sandro came up with independently for the socialcg, but for payments
#
cwebber2 which seems to indicate that we've got the same structural use case in both areas
#
cwebber2 both for decentralized like/share etc and for web payments
#
tantek cwebber2 - yeah, webactions solve the decentralized like/share in a way that falls back to hyperlinks
#
tantek and has an polyfill as well
#
cwebber2 cool!
#
tantek they still need iteration, but all these embedding things do
#
cwebber2 where's the webmention PR transition request?
#
cwebber2 I can only find the CR
#
cwebber2 https://www.w3.org/wiki/Socialwg/Webmention_CR_Transition_Request
#
cwebber2 oh here's micropub's https://www.w3.org/wiki/Socialwg/Micropub_PR
#
tantek it might have been done in email before we were putting all the transition requests on the wiki?
#
cwebber2 aha
#
ajordan tantek: not if the CR request was on the wiki
#
tantek huh, we should have stated more about Micropub requirements satsfied. oh well
#
tantek cwebber2: yeah, if you want to edit the AP_PR request to be similar to the MP_PR request in those ways/fields, that's likely fine
#
tantek instead of doing any extra work
#
cwebber2 they're pretty similar already!
#
cwebber2 but yeah I'll add the stuff you suggested
#
cwebber2 I was just trying to look for reference
#
tantek good strategy :)
timbl joined the channel