- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 9 May 2023 19:47:34 +0200
- To: Johannes Ernst <johannes.ernst@gmail.com>
- Cc: public-swicg@w3.org
- Message-ID: <CAKaEYhLbOK6Q2k=98TUTwNi-zjKDO-SkqSnzvq1TvrgBuRVuOQ@mail.gmail.com>
út 9. 5. 2023 v 19:31 odesílatel Johannes Ernst <johannes.ernst@gmail.com> napsal: > On May 9, 2023, at 02:26, Marcus Rohrmoser <me+swicg@mro.name> wrote: > > > On 7 May 2023, at 5:10, Johannes Ernst wrote: > > Now you opened up a larger issue … > > ... > > We tend to treat the data in the webfinger doc as static. As something > that the developer creates of the app that hosts it, and that’s what > that is. > > What if we treated it as a dataset that the user can augment at will? > E.g. can add “entirely unrelated” aliases into? So I could say, > for example: > > > That holds for any server operated by anybody but yourself, right? There > is few places the participant has any authority to augment things at will. > > So I cannot see the special relation to webfinger here. > > Operate things yourself and you have sovereignty. There is no other way to > seize responsibility and agency, is there? > > > A server implementing webfinger could provide the augment/update > functionality to enable the user to add entries. I don’t know of any that > does (pointers?) but it could look like the extra profile entries that > Mastodon (and others) allow, or it could even traverse and verify rel=“me” > relationships and add those as aliases. > > Also Webfinger could take a page out of the DID book (or re-align again > going forward) and allow verification of webfinger documents, like DID > Documents can be verified against a public key. That would open up > additional possibilities. (And challenges. Not proposing this at this > juncture.) > A server implementing Webfinger could potentially provide augment/update functionality, allowing users to add entries, similar to extra profile entries in Mastodon. Although rel="me" is not an ideal fit for Actor equivalence, Webfinger could incorporate ideas from DID to enable document verification, though it's worth noting that DID is not a single spec and verification can be quite complex, normally you end up doing a web lookup anyway. There are self contained DID methods which dont lookup anything, are are verbose ways of describing a key. A simpler form of that could work well to modernize fediverse profiles. Just as a short ED or EC key and you get lots of new functionality and signatures. In principle, incorporating the design pattern used in Solid (Social Linked Data) could open up new possibilities. Solid allows adding relationships to a knowledge base with authentication, making it a suitable alternative for web lookups. Using auth/sigs on an endpoint can help improve the overall approach. > > Cheers, > > > > Johannes. > > > Johannes Ernst > Blog: https://reb00ted.org/ > FediForum: https://fediforum.org/ > Dazzle: https://dazzle.town/ > >
Received on Tuesday, 9 May 2023 17:47:52 UTC