Re: Proposal: Adding acl:paymentRequired predicate for HTTP 402 handling from elf Pavlik on 2025-07-09 (public-solid@w3.org from July 2025)

From: elf Pavlik <elf-pavlik@hackers4peace.net>
Date: Tue, 08 Jul 2025 19:21:29 -0600
To: public-solid@w3.org
Message-ID: <6bbd92e020fee75bd515f7a9460b02a2@hackers4peace.net>

Hi Melvin,

On 2025-07-08 02:16, Melvin Carvalho wrote:
> Why?
> ====
> 
> Many Solid agents run on usage-based quotas
> (API tokens, Streaming Chat Interfaces, storage bytes, etc.).
> Today servers have no *standard* way to:
> 
> * signal “the request was good, but please pay a bit first”,
> **and**
> * tell the client where to send that payment.
> 
> Applications therefore cook up ad-hoc headers and status codes,
> breaking interoperability.
> 
> One predicate plus the already standard HTTP 402 closes that gap.

Have you consider adding your use case to https://github.com/w3c/lws-ucs

> Example ACL
> -----------
> 
> @prefix acl:
> [http://www.w3.org/ns/auth/acl#](http://www.w3.org/ns/auth/acl#) .
> @prefix foaf: [http://xmlns.com/foaf/0.1/](http://xmlns.com/foaf/0.1/)
> .
> 
> <#paid-read>
> a               acl:Authorization ;
> acl:accessTo    </data/> ;
> acl:mode        acl:Read ;
> acl:agentClass  foaf:Agent ;
> acl:paymentRequired "0.0005"^^xsd:decimal .
> 
> Server behaviour (normative)
> ============================
> 
> * Evaluate the requester’s **current balance** (ledger details are
>   implementation-specific).
> * If balance < required, respond:
> 
> HTTP/1.1 402 Payment Required
> Link: https://pay.example/topup ; rel="payment"
> Pay-Balance: "-0.0001"
> Pay-Required: "0.0005"
> 
> * After the client tops up and retries, normal `2xx` processing
>   resumes.
> 
> Open questions
> ==============
> 
> 1. **Currency unit** —  keep it server-wide (simplest) or add
> another
>    predicate for per-rule currency?
> 2. **Headers** —  are `Pay-Balance` / `Pay-Required` worth
> standardising
>    or should there be a problem JSON body alone carry the numbers?
> 3. **Ledger location** —  should the spec normatively reference a
>    `webledger.json` (or similar) so clients can fetch balances?

You haven't fully described your use case, for example I don't know 
where the following assumption is coming from.
It seems that the end user has some pre-established relation with the 
resource server, and this relation is also somehow known to the client 
used by that end user.

Do you consider spontanous interactions as out of scope? For example 
where the end user with their client follows its nose to a resource 
hosted on a server where they have no pre-established relation.

Cheers!
elf Pavlik

Received on Wednesday, 9 July 2025 01:21:39 UTC