#social 2017-11-30

2017-11-30 UTC
timbl, tantek and rowan joined the channel
# 05:00 
ajordan aaronpk: congrats on finishing WebSub!
# 05:00 
ajordan will check out the changes tomorrow, for now I'm super tired
# 05:00 
ajordan I just happened to see the message while reading a bit of the logs
# 05:00 
ajordan needs to catch up on yesterday's minutes too... *sigh*
xmpp-social and tantek joined the channel
# 11:54 
Chocobozzz puckipedia: after thinking, you're probably right: a video channel should be an actor. So a user send a CREATE activity, and the video channel announces it so platforms that don't support channels just work out of box. Moreover people would have the choice between follow the user or follow a specific channel (like youtube btw).
# 11:55 
puckipedia :P
# 11:55 
Chocobozzz just miss a parent notion for actors in AP but a custom "owner" attribute to the actor should be okay
# 11:55 
puckipedia I would use attributedTo for that
# 11:56 
Chocobozzz good idea!
# 12:00 
Chocobozzz thank you very muck puckipedia. I just ping cwebber2 in case he disagrees
# 12:01 
Chocobozzz much*
timbl, rowan and sandro joined the channel
# 15:11 
cwebber2 Chocobozzz: oh I agree!
# 15:12 
cwebber2 Chocobozzz: it could be both, even: an actor and a collection
# 15:13 
cwebber2 ie, a collection with an inbox
# 15:13 
cwebber2 or you could choose one of:
# 15:13 
cwebber2 https://www.w3.org/TR/activitystreams-vocabulary/#actor-types
rowan joined the channel
# 15:24 
Chocobozzz okay thanks cwebber2, I think it will just be a Group actor, because in the future we could imagine that a channel is shared by multiple users
# 15:25 
Chocobozzz (ie multiple users could upload video in it)
# 16:13 
saranix how to mark up an encrypted payload?
# 16:54 
cwebber2 saranix: we've been talking about some sort of EncryptedEnvelope
# 16:56 
saranix http://manu.sporny.org/2013/lds-vs-jose/ mentions @type EncryptedMessage2012 -- but the ld signatures spec does not mention it (why is that hosted on github and not w3.org?)
# 16:58 
saranix hubzilla uses Salmon but I don't like Salmon :-P I mean interop is the ultimate goal so eventually I'll probably support both but I don't want to make it my default
# 17:00 
cwebber2 saranix: I think that the Digital Bazaar folks have mostly switched to using JOSE for encryption, but they've somehow hooked it into json-ld... I guess dlongley probably knows details but is probably too busy to tell us ;)
# 17:01 
saranix even though that post argues against it, and how much simpler?
# 17:02 
cwebber2 I think they aren't using it for signatures, just encryption... and I don't know if it's simpler... I think it's just that it's one less chunk of vocabulary/mechanism to define
# 17:03 
saranix it's definitely simpler, and the linked blog post definitely argues that it's simpler in length... and manu is the CEO isn't he?
# 17:03 
saranix scratches head
# 17:39 
dlongley saranix: the differences are much more pronounced with signatures than with encryption (between the JOSE approach and the LDS approach)
# 17:40 
dlongley with encryption, the LDS approach we were looking at back in 2012 made key discovery and semantics simpler/easier ... and we also enforced encryption suites more tightly for both simplicity and because algorithmic agility can be a detriment to security
# 17:41 
dlongley those are the main differences... but we didn't see a lot of uptake on EncryptedMessage2012 ... and we don't really use it very much ourselves (we don't use really use JOSE either), we have stronger needs for signatures than we do encryption of message payloads... should a stronger need arise we'd explore the options again, but if JWE does what you need, it's not *that* different, it is mostly lacking in a key discovery protocol
# 17:42 
dlongley but someone could standardize how to do that using "linked data web keys"
# 17:43 
dlongley with the existing jku and kid fields in whatever way is appropriate
# 17:43 
saranix I definitely prefer EncryptedMessage2012. JWE is way too verbose for starters
# 17:43 
dlongley well, i agree that it's much simpler.
# 17:43 
dlongley JWE tries to do everything ... which can actually be a detriment to security.
# 17:44 
dlongley perhaps defining a particular profile of JWE and how to use it with linked data web keys would be a good spec.
# 17:45 
dlongley i imagine that's the direction Digital Bazaar would head in should we find a strong need for encrypted message interop
# 17:46 
cwebber2 the advantage of JWE in this case is that it doesn't use PEM ;)
# 17:46 
cwebber2 but I suppose I can't escape PEM since we're using it for LDS :<
# 17:46 
cwebber2 wah
timbl, rowan and rowan_ joined the channel