Re: AS2/AP tasks for a chartered social web working group

On 16/09/2023 01:51, Bob Wyman wrote:
> For instance, it might include things like "secure private messaging," 
> "integration of verifiable credentials," etc. rather than identifying 
> errors in spec examples.

On 17/09/2023 17:31, Melvin Carvalho wrote:
> I think the "identity" folks will look to insert new identity systems, 
> this should be out of scope.  Getting the existing Actor model working 
> and documented should be priority.  Out of scope for the charter DID / 
> VC. 
Melvin, are you calling Bob one of "the identity folks" whose toxic 
technosolutionism you want to protect AP from because he wants to 
include key-management problems in the CG's to-do list? I've met him and 
I think he is far too sensible to self-identity as a rabblerouser in the 
populist identity Volkstimme. Conversely, are you requesting that we put 
interop with key-based identity systems (like Nostr), E2EE, and 
data-signing/data-integrity completely out of scope as problem spaces, 
or just that the specific word "DID" be barred from the corresponding 
set of solutions to consider for each?

Similarly, in your other message about Evan's OAuth profile proposal, 
you bring the valuable historical opinion that OAuth underdelivered for 
the Solid community, and I have to ask a similar question: can we 
document an OAuth profile as a extension or an interop profile without 
bringing AuthN into the scope of AP itself and without making OAuth the 
mandated solution to AP's AuthN needs? In my opinion we should *neither* 
mandate indieauth *nor* mandate OAuth, but I'm happy if this CG can 
document both and provide guidance and actionable interop profiles for 
both to assist implementors who select either technology quickly get 
federating and interoping with everyone else who made the same choice. 
AuthN is one of the most daunting industry-wide problemsets and no 
system as complex as AP is really "accessible" to any but the most elite 
devs if they have to grope blindly in the authN trenches without an 
interop profile.  Having multiple AuthN profiles to read before deciding 
which empire to join would also be an unalloyed good for implementers, I 

Overall, I feel like we need to be precise about what is a documentation 
of already-adopted practice, which supports communities of 
implementations, versus what is mandating single solutions to general 
problems (like AuthN or key management).  In W3C, the former is 
traditionally the domain of CGs, and the latter is traditionally the 
domain of WGs, which might explain lots of the knee-jerk responses to a 
WG charter being scoped in the first place.  There might already be 
consensus that more of the former is an unalloyed good, but the latter 
seems harder to achieve consensus on until the problem-spaces are better 
defined (in this I fully support Bob's suggestion that maybe socialhub 
threads are not quite robust or multidimensional *enough* a genre for 
shared documentation of use-cases and problem spaces to assist in a WG 
scope being defined).

__bumble "I have an sticker on my laptop" fudge

Received on Monday, 18 September 2023 09:54:50 UTC