# W3C Solid Community Group: Weekly * Date: 2023-06-07T14:00:00Z * Call: https://meet.jit.si/solid-cg * Chat: https://gitter.im/solid/specification * Repository: https://github.com/solid/specification * Status: Draft ## Present * [Sarven Capadisli](https://csarven.ca/#i) * [Virginia Balseiro](https://virginiabalseiro.com/#me) * Maxime Lecoq * [Laurens Debackere](https://thundr.be/profile/laurens.ttl#me) * [Hadrian Zbarcea](https://hadrian.solidcommunity.net/profile/card/#me) * [Jesse Wright (jeswr)](https://www.jeswr.org/#me) * elf Pavlik * [Henry Story](https://bblfish.net/) * Ross Horne * Jeff Zucker * Tim Berners-Lee --- ## Announcements ### Meeting Guidelines * [W3C Solid Community Group Calendar](https://www.w3.org/groups/cg/solid/calendar). * [W3C Solid Community Group Meeting Guidelines](https://github.com/solid/specification/blob/main/meetings/README.md). * No audio or video recording, or automated transcripts without consent. Meetings are transcribed and made public. If consent is withheld by anyone, recording/retention must not occur. * Join queue to talk. * Topics can be proposed at the bottom of the agenda to be discussed as time allows. Make it known if a topic is urgent or cannot be postponed. ### Participation and Code of Conduct * [Join the W3C Solid Community Group](https://www.w3.org/community/solid/join), [W3C Account Request](http://www.w3.org/accounts/request), [W3C Community Contributor License Agreement](https://www.w3.org/community/about/agreements/cla/). * [Solid Code of Conduct](https://github.com/solid/process/blob/main/code-of-conduct.md), [Positive Work Environment at W3C: Code of Ethics and Professional Conduct](https://www.w3.org/Consortium/cepc/) * Operating principle for effective participation is to allow access across disabilities, across country borders, and across time. Feedback on tooling and meeting timing is welcome. * If this is your first time, welcome! please introduce yourself. ### Scribes * Virginia ### Introductions * RH: First meeting so I will listen. Interested in security aspect of Solid. Homepage: https://satoss.uni.lu/members/ross/ --- ## Topics ### Add 2023-05-25 agenda and minutes URL: https://github.com/solid/specification/pull/527 * SC: No minutes are provided, and if the meeting was informal, I suggest closing this as meeting cancelled. * eP: What does informal mean? No proposals or reoslutions during the meeting, we discussed * SC: Since there are no minutes there is nothing captured. If you want to make a suggestion to PR saying which topics were discussed and who was present we can merge. Minutes should help those who cannot attend. * eP: We can close. Followup will be in issues. Topics were [Issue #525](https://github.com/solid/specification/issues/525) and JSON-LD context for Solid Notifications. ACTION: SC to close. ### W3C TPAC 2023 URL: https://www.w3.org/2023/09/TPAC/ * SC: Will anyone be in person at TPAC 2023? * SC: WIP [TPAC 2023 - Group schedule](https://docs.google.com/spreadsheets/d/1Tj66Ase5tc--S-Vjo9Q1pXEINaTmOEzDpnS1J5gtqOI) is posted. Solid CG is on row 70 in the spreadsheet. ### WIP Implementation Feedback * SC: We'll allocate some time for implementation feedback or interest to implement. Links to products/projects and demos welcome. ### HTTPSig Auth Demo * LD: What' the status of HttpSig specification? * HS: HTTP Signatures in IETF. Last call was in September. HTTPSig is a lot more Solid now. * HS: Written in Scala that compiles to JavaScript. * LD: Is it for any authenticated agent? ACLs working for keyid? See it working with WebID? * HS: It is declared logically. Could still use OIDC, because 401 can come back to use that. Can use passowrds too. The client should have / the wallet that I'm writing. It should be able to select which of these descriptions fits for authentication needs. * TBL: Good demo. I suppose / how much would it take to config option to CSS to use it? You got Scala->JavaScript. CSS needs JS. Is there test suites? * HS: A lot of tests for HTTPSig. This is the beginning of the test - the data I should be getting back.. If you send me someone that's JavaScript developer to help me to help them, we can find the right people. I don't know CSS that well. I know people that would know to bridge that gap to do it. I'd be happy / more people using and maintaining. * TBL: How many lines of code is this? Implementation code to convert to JavaScript. * HS: ??? allows you to easily make an API, call code directly from ??? * SC: One of the most important things for this group is how HTTPSig specification advance. Will you be dedicating time to continue work on it? Important for implementations to use most current. * HS: I now have an implementation and experience. Definitely want to finish this now. I have a milestone to do that. * SC: Feel free to bring updates on HTTPSig to the group. * TBL: Hopefully the WAC files shouldn't change, e.g., Groups. The modes like RWA. Useful for making this change, the way you make authenticate, and we can plug in HTTPSigs and keep everything else the same. * eP: often the user user an app have their own WebID and client has client ID. Each WebID have their own possible keys. In your case, private key is the client's or the user's? * HS: working on a project called Solid Wallet. The idea is tio have a ??? which would be secured. Th way it works is you can have your keys on your pod protected so only the wallet can access them, keep them in a safe place ans sign requests on your behalf. It could also be a proxy on your pod that does that. ### Compatibility with existing implementations URL: https://github.com/solid/solid-wg-charter/issues/31 * SC: Any objections to keeping the paragraph in? * SC: No objections. ACTION: SC to close the issue and reflect group consensus. ### Revise scope and out-of-scope URL: https://github.com/solid/solid-wg-charter/pull/38 * SC: Resolves https://github.com/solid/solid-wg-charter/issues/9 * SC: We have some agreement in the PR but there's a bit of paraphrasing we need to be careful with. I do want to wrap up the PR, but if we can try to integrate changes that would clarify. Any objections to merging this PR? * ML: PAC wanted to answer but not sure if he did. * SC: It is assigned to PAC. If we have agreement we would allow him to have last review and merge. * SC: We can drop the word "new". We might have an exception with WebID. If it's listed as a deliverable it not intended to conflict with out of scope. * SC: No objections. ACTION: SC to integrate change from discussion on PR with eP. PAC to have last review and merge. ### Consider adopting WebID 1.0 ED as a Deliverable URL: https://github.com/solid/solid-wg-charter/issues/39 * SC: The proposal is to adopt WebID as a deliverable. We had several approvals from the CG perspective. At least one approval from WebID CG perspective. The specification is quite integral to Solid, been around for a long time, used by seeveral communities outside Solid. It is mature. Things need to be imrproved, but it was deemed to be mature enough for solid ecosystem to use widely. Lot of our specs and impementations uses it. It is something we depend on. With respect to normative references, it would be in Solid WG's interest to run it through recommendation track. * SC: We need agreement that we want to take it on and no objections from WebID CG. * JZ: Presumably this would ease the work of the Solid WebID-Profile group because we'd have something that is already on track to be accepted in the WebID spec itself. Is that correct? * SC: Yes. * JZ: Then I'm in favor. * LD: This would mean we adopt the WebID spec within the WG? This would go beyond the WebID panel? Would also incoproate non-solid specific? * SC: Yes. It's non-Solid specifc. Solid WebID profile is one of the specs that uses it, other specs use it (AuthN, etc). * LD: Will we be able to maintain the boundary between the general WebID specification and the specific profile being defined for the Solid specification in the context of the Solid WG? * SC: WebID identiti yspecifcation is strictly about identity. WebID profile is about data model. * eP: +1 to adopt * TBL: Crucial thing is if this is something the server needs to understand it needs to be at same level of maturity as Solid protocol. Things like what's in your WebID profile should not be there because not server's concern. * eP: Currently solid OIDC depends on it because it specifies the issuer must be specified in the WebID document. WebID spec is lightweight. Only has two requirements. * SC: Objections to add WebID spec as deliverable to the charter? * HS: No objections from me * SC: HS, can you run it through WebID CG to see if there are objections to hand off the work into the Solid WG if the WG happens? The work could later be passed back onto the WebID CG. ### Strategy for normative references URL: https://github.com/solid/solid-wg-charter/issues/37 * SC: On W3C to give us go-ahead on what's necessary. Let's come back to it. ### Update mission URL: https://github.com/solid/solid-wg-charter/issues/7 * SC: This is editorial. PRs welcome.