# Solid Data Interoperability Panel May 11th, 2020 # Attendees * @justinwb * @joshdcollins * @dmitrizagidulin * @ericprud * @jaxoncreed * @elf-pavlik # Agenda - Ecosystem Proposal Update - Shape Trees Update - Approach to Use Cases ## Feedback from Auth meeting - Jackson: Client constraining access control relates to work in this panel. I've made new proposal based on demo document discussed... https://github.com/solid/authorization-and-access-control-panel/issues/68 ## Ecosystem Proposal Update - Justin: I'm putting Use Case document in W3C bikeshed format. It references already published in panel repo problems and goals document. It includes issues inline based on feedback from initial document. This week I will work on finishing that. - ...: Issue came up with how reliably we can identify the client user uses to access resource. It seems straight foward in the first part of proposal where Alice who controls the resource access it onself. In second part where she want's to share access with Bob we need to refine it. You can follow progress, I will most likely push to remote branch daily. - ...: What should happen once we add it to panel repo? This document includes Use Case with a proposal of solving it. I think we need more use cases and extract proposed solution into more specific separate spec documents. I agree with Pavlik that we need a lot of use cases. ## Shape Trees Update - Eric: I have issue with async errors. We reorganized the library in shapetree organization. Check out test-suite repo. https://github.com/shapetrees/test-suite - ...: I've been working with the same functionality working with support disabled on the server. We can have fetch library intercepting requests and implement it there. Practically same code the works in express works with node-fetch, possibly I can rewrite express part to share code between the two. - Justin: If you are using shapetree.js, even if server doesn't do validation server side, client library can do it for you. - Dmitri: I recommend isomorphic-fetch module, it works on both server and client. - Jackson: It uses node-fetch under the hood. I've encountered few problems with it and swapped to cross-fetch. - Eric: When picking from those libraries, which clients will be able to do requests from window.fetch ? - Jackson: From my experience in solid-auth-fetcher I found cross-fetch having better Typescript typings than isomorphic-fetch. - Dmitri: They all use the same API - Jackson: They detect envorinment and if in browser they use window.fetch oterwise use node-fetch - Justin: We run into the need to have description / labels as part of shapetrees itself. In use case Authorization Agent want to show consent screen to Alice. How does it get this plain text labels? What if this person speaks spanish (i18n). - Josh: We've seen shapetrees as bridge between human and machine readable. So far machine readable works fine but not necessarily human readable. We have PR to describe shapetrees with separate graph of data. We didn't want to pollute shapetree with any of that additional decoration. We wanted it to evolve separately and scale across diferent locale and perceptive capabilities. https://github.com/shapetrees/specification/pull/1 - ...: We don't want application to inject something to avoid phishing. Within description of shapetree it would reference index of known graphs that can describe those shape trees. One could key them based on language or other attributes. Besides introducing this predicate it has secion on describing shapetrees. - Eric: https://github.com/shapetrees/test-suite/blob/master/solidApps/staticRoot/gh/ghShapeTree.ttl - ...: We can see example of attaching human readable language and arbitrary hierarchies. Repo can have metadata which includes issues, labels and milestones. I have polyhierarchy where you get to have user interface tree of abitrary complexity and give people multiple ways to navigate. - Jackson: Where is it stored? - Eric: We want to give flexibility. Trusted agencies could give you indexes of those things. - Justin: We went back and forth on it alot. We need to have it somehow referenced from shapetree itself so clients can't meddle with it. In spec and primer for shapetrees we plan to talk about how to associate descriptions with shapetrees. - Josh: We only include optinal `skosIndex` predicate. - Jackson: In the next couple of months, I'm going to be transitioning away from inrupt and start work on *shapeindex*. - Justin: ... - Eric: We have interesting cases with multilingular. Changing polyhierarchy may affect how people decide on granting access to things. Newer hierarchies could present user with more nuanced questions. - Pavlik: ... - Eric: We need to ask what is the structure of polyhierarchy that agents need to show on consent screen, second how I descover it. I think first one needs to be more defined, second possibly more flexible. - Jackson: I'm looking at SKOS. - Eric: It's just a polyhierarchy, with broader and narrower relations. It has a notion of transitivity. You can do language preference. - Justin: I don't want to sacrifice security for flexibility. - Josh: At least in the beginning we need to provide guidance on what trusted agent has to do. ## Approach to Use Cases - Justin: Where do we want to put use cases? We have some around provenance, history of the resource etc. We can put them in our repo, we can put them in [solid/user-stories](https://github.com/solid/user-stories) repo. user-stories has individual issue for each story, which has pros and cons. For server managed use cases I was thinking to just put them in the panel repo.