Re: Thinking about Webfinger from Melvin Carvalho on 2023-05-09 (public-swicg@w3.org from May 2023)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Tue, 9 May 2023 19:47:34 +0200
To: Johannes Ernst <johannes.ernst@gmail.com>
Cc: public-swicg@w3.org
Message-ID: <CAKaEYhLbOK6Q2k=98TUTwNi-zjKDO-SkqSnzvq1TvrgBuRVuOQ@mail.gmail.com>

út 9. 5. 2023 v 19:31 odesílatel Johannes Ernst <johannes.ernst@gmail.com>
napsal:

> On May 9, 2023, at 02:26, Marcus Rohrmoser <me+swicg@mro.name> wrote:
>
>
> On 7 May 2023, at 5:10, Johannes Ernst wrote:
>
> Now you opened up a larger issue …
>
> ...
>
> We tend to treat the data in the webfinger doc as static. As something
> that the developer creates of the app that hosts it, and that’s what
> that is.
>
> What if we treated it as a dataset that the user can augment at will?
> E.g. can add “entirely unrelated” aliases into? So I could say,
> for example:
>
>
> That holds for any server operated by anybody but yourself, right? There
> is few places the participant has any authority to augment things at will.
>
> So I cannot see the special relation to webfinger here.
>
> Operate things yourself and you have sovereignty. There is no other way to
> seize responsibility and agency, is there?
>
>
> A server implementing webfinger could provide the augment/update
> functionality to enable the user to add entries. I don’t know of any that
> does (pointers?) but it could look like the extra profile entries that
> Mastodon (and others) allow, or it could even traverse and verify rel=“me”
> relationships and add those as aliases.
>
> Also Webfinger could take a page out of the DID book (or re-align again
> going forward) and allow verification of webfinger documents, like DID
> Documents can be verified against a public key. That would open up
> additional possibilities. (And challenges. Not proposing this at this
> juncture.)
>

A server implementing Webfinger could potentially provide augment/update
functionality, allowing users to add entries, similar to extra profile
entries in Mastodon. Although rel="me" is not an ideal fit for Actor
equivalence, Webfinger could incorporate ideas from DID  to enable document
verification, though it's worth noting that DID is not a single spec and
verification can be quite complex, normally you end up doing a web lookup
anyway.  There are self contained DID methods which dont lookup anything,
are are verbose ways of describing a key.  A simpler form of that could
work well to modernize fediverse profiles.  Just as a short ED or EC key
and you get lots of new functionality and signatures.

In principle, incorporating the design pattern used in Solid (Social Linked
Data) could open up new possibilities. Solid allows adding relationships to
a knowledge base with authentication, making it a suitable alternative for
web lookups. Using auth/sigs on an endpoint can help improve the overall
approach.

>
> Cheers,
>
>
>
> Johannes.
>
>
> Johannes Ernst
> Blog: https://reb00ted.org/
> FediForum: https://fediforum.org/
> Dazzle: https://dazzle.town/
>
>

Received on Tuesday, 9 May 2023 17:47:52 UTC