Re: LWS Auth(N&Z) - full sequence diagram (first draft) from elf Pavlik on 2025-11-26 (public-lws-wg@w3.org from November 2025)

From: elf Pavlik <elf-pavlik@hackers4peace.net>
Date: Wed, 26 Nov 2025 17:03:18 -0600
To: public-lws-wg@w3.org
Message-ID: <22bd7511e91981b8078592d3c992f139@hackers4peace.net>

Hi Aaron,

Thank you for the quick reply and especially your PR!

On 2025-11-26 16:18, Aaron Coburn wrote:
> Thank you for putting this together. Your diagram is a really nice
> illustration of the proposed authN and authZ flows. One important
> aspect of your diagram that I would highlight is the way it identifies
> the different security domains: user, client, and storage. This is a
> key part of the intended design.

I'm still worried a little that placing the client in the middle might 
not meet everyone's diagramming preferences. For me it makes more sense 
this way and the order is defined in a single line so it's very easy to 
adjust it.

> The use of an ID-JAG is a nice touch. As you know, we can't
> normatively reference that, since it is still an IETF draft, but there
> is enough flexibility built into the protocol to support that type of
> interaction.

I understand. I trust that WG will specify as much as possible and as 
those drafts mature there will be a way to fill in those gaps.
My idea was to approach it more from implementer perspective, what will 
I/we need to implement something that could be deployed in open 
ecosystem (for example solidcommunity.net)
Solid already has long tradition of relying on drafts if no stable 
dependency/reference is available.

> One item to mention about the diagram is that it uses a WebID profile
> document, which we also cannot normatively reference. Instead, the
> proposed LWS auth protocol expects that these resources will be
> Controlled Identifier Documents. We have been thinking that a server
> that currently supports WebID profile documents as TURTLE could
> content-negotiate resources to a conforming CID, while retaining the
> important values required for authentication and authorization. The
> goal is that a system that currently supports Solid and WebID could be
> adapted to also support LWS authentication.

I was expecting that editors will point it out. It was a bit to much to 
handle for the first draft and I see it as one of the first changes that 
this diagram needs.
I will be tracking various issues in 
https://github.com/elf-pavlik/lws-auth/issues

If anyone would prefer to transfer this repo to @solid github org I'm 
happy to request it.
I mostly wanted to get started and see if anyone else finds it useful.

Best,
elf Pavlik

Received on Wednesday, 26 November 2025 23:03:26 UTC