-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add notion of "owner" and requirements #264
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good to me
The domain of the relation is not defined explicit. I guess it is a Pod, or would it be a ldp:Container? |
Intentionally undefined for the time being. Implementation feedback would help. In the Protocol, servers exposing the storage resource (root container) also has a If we lean towards pim/space, it could also be |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Intentionally undefined for the time being. Implementation feedback would help. In the Protocol, servers exposing the storage resource (root container) also has a
rel="type"
link relationhttp://www.w3.org/ns/pim/space#Storage
.If we lean towards pim/space, it could also be
pim:ControlledStorage
. The property could alternatively go under pim/space eg.pim:owner
.
You should include the rdf:domain for clarity.
As I see it, the rdf:domain would be rdfs:Resource if want to be broad.
solid:owner
a rdf:Property ;
dc:issued "2021-05-19"^^xsd:date ;
rdfs:comment "The person or other agent which owns the data storage. For example, the owner has implicit control of a data storage."@en ;
rdfs:isDefinedBy <http://www.w3.org/ns/solid/terms#> ;
## Property Domain Addition
rdfs:domain rdfs:Resource ;
rdfs:range foaf:Agent ;
rdfs:label "owner"@en .
You should include the rdf:domain for clarity.
|
|
||
<p>When a server wants to advertise the owner of a storage, the server MUST include the <code>Link</code> header with <code>rel="http://www.w3.org/ns/solid/terms#owner"</code> targeting the URI of the owner in the response of HTTP <code>HEAD</code> or <code>GET</code> requests targeting the root container.</p> | ||
|
||
<p class="note" role="note"><span>Note</span>: When a server supports multiple storages, there must be complete trust between its owners.</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<p class="note" role="note"><span>Note</span>: When a server supports multiple storages, there must be complete trust between its owners.</p> | |
<p class="note" role="note"><span>Note</span>: When a server supports multiple owners, there must be complete trust between its owners.</p> |
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think when a storage has multiple owners, trust between them is generally expected or well-understood. This is really about when a server supports multiple storages with different owners under the same host.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I fully understand the relationship/geometry between server, owner and storage (and Pod).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does it apply to https://solidcommunity.net/ ? One server supports multiple users but uses subdomain for each storage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really about when a server supports multiple storages with different owners under the same host.
A Pod hosting scenario (per @elf-pavlik's point) would seem to fall under this category where a given server has multiple storages, with each having different owners, who may not know/trust each other.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
?
The key word that I used was "host" but perhaps I should've used "scheme, host, and port" to be more accurate. This is boils down to origin (see RFC 6454). solidcommunity.net designates a unique "scheme, host, and port" with one "storage" to one "owner". It is currently a non-issue for solidcommunity.net as I understand it.
The main point remains in that if a service (like solidcommunity.net) were to allow multiple storages under the same "scheme, host, and port", then the owners of the storages (which could be the same owner) need to establish "trust" among themselves.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pod hosting isn't necessarily exclusive to sub-domains for segregation. Pod hosting scenarios can, and do, use path based segregation (e.g. https://host.example/pod-one, https://host.example/pod-two). In cases like those, the scheme, host, and port are the same, but still you have the likely scenario of different hosted pods owned by social agents that do know know and/or trust each other.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I responded to the original inquiry about subdomain based services and explained why that was a non-issue. Yes, multiple storages (on the same origin) with different owners has been possible for long time. It was never prohibited to begin with! (Heck, we've had different types of storages as well as workspaces... ) One of the reasons for the whole set of requirements around storage was acknowledging that reality (see PR #208 and https://solidproject.org/TR/protocol#storage ).. making sure non-overlapping URI ((path) space are used, among other things.
Trivial to get a wholesale scheme-host-port blocked (rendering it useless) by a service because of one bad actor, and hard to isolate the bad actors in that system. Not to forget CORS considerations.
The note doesn't prohibit servers/services that possibility. Both the service provider and the owners of the storages should be aware of what it entails.
The point in the note still stands and relevant for any set up.
@kidehen No objection to including |
This comment has been minimized.
This comment has been minimized.
The "for example" doesn't seem to work well. |
So if I understand correctly in N3 we have # we first define the transitive closure of ldp:contains
:contains٭ owl:TransitiveProperty;
rdfs:subPropertyOf ldp:contains .
# we then have the N3 rule
{ ?rootLdpc :owner ?agent } => {
[] acl:agent ?agent ;
acl:mode acl:Control;
acl:accessToClass [ a owl:Restriction;
owl:onProperty [ owl:inverseOf :contains٭ ];
owl:hasValue ?rootLdpc
]
} If it were a little clearer what the domain of the relation was (the domain-name perhaps?) one could adapt the definition. |
Alright, perhaps we should have a I agree that we should have the domain in there as it very clearly binds the definition of an owner to the definition of a storage, which is very clearly specified in terms of the URI hierarchy in the protocol spec, which is again a rigorous definition AFAICS. It is therefore important to have a RDFS class that is equally strongly tied to the protocol's definition of storage. I can see that the |
|
||
<p>When a server wants to advertise the owner of a storage, the server MUST include the <code>Link</code> header with <code>rel="http://www.w3.org/ns/solid/terms#owner"</code> targeting the URI of the owner in the response of HTTP <code>HEAD</code> or <code>GET</code> requests targeting the root container.</p> | ||
|
||
<p class="note" role="note"><span>Note</span>: When a server supports multiple storages, there must be complete trust between its owners.</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really about when a server supports multiple storages with different owners under the same host.
A Pod hosting scenario (per @elf-pavlik's point) would seem to fall under this category where a given server has multiple storages, with each having different owners, who may not know/trust each other.
The intended definition of We use the I borrowed/introduced "social entity" from AWWW's URI ownership. There are social expectations and processes. Possible to go from responsibility/accountability chain from data "ownership" to URI ownership.. domain name registration through IANA (another social entity). And as I've said at the beginning of this PR:
AFAIK, "owner" in Solid is deemed to be a "social entity" of sorts, as opposed to a software agent. If there is existing discussion/work that incorporates non-living organisms under "owner", references would be great. (And to our future non-living organism overlords, I don't mean to discriminate, please go easy on us.) |
Again, lets open a separate issue. I'd like to discuss tying it very explicitly to Solid's definition, which is rooted in its hierarchy, that's something that doesn't exist in the general case. |
Perhaps |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good to me this is important for existing servers.
Implemented owner discovery in https://github.com/csarven/mayktso
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I support the notion of a storage owner, because it's valuable for interoperability and data sharing workflows (e.g. where data in a given storage is shared by a non-owner with access to do so, and whose data they are sharing needs to be communicated)
- I support public advertisement because there are cases where a non-privileged agent should be able to know whose storage they're accessing.
It is important that public advertisement can be anonymous, and I believe that most pod owners will choose to do so. This may impact the viability of certain workflows where discovery of ownership is necessary. That needs to be addressed, but doesn't have to block this submission, as we now have a separate thread where this is being discussed (#266). Similarly, I've also created #267 to continue this thread.
Was waiting for additional feedback from implementers before merging.. Mayktso currently only implements the discovery bit as mentioned earlier: #264 (comment) Noting here that CSS is in the process of implementing this feature: CommunitySolidServer/CommunitySolidServer#720 . NSS has a PR for it: nodeSolidServer/node-solid-server#1604 Solid-NextCloud has shown interest in implementing: pdsinterop/solid-nextcloud#48 Will update this comment with more.. or others (/me friendly nudges @kidehen @gibsonf1 @acoburn @bblfish .. ) can show/link to their implementations in the comments As for the solid:owner
a rdf:Property ;
dc:issued "2021-05-19"^^xsd:date ;
rdfs:comment "The a person or a social entity that is considered to have control, rights and responsibilities of a data storage."@en ;
rdfs:isDefinedBy <http://www.w3.org/ns/solid/terms#> ; # alternative: <https://solidproject.org/TR/protocol> ;
rdfs:domain ws:Storage ;
rdfs:range foaf:Agent ;
rdfs:label "owner"@en . As agreed, we'll work out related/orthogonal issues (that were deemed to be non-blocking). |
Hello Reviewers,
In response to the following (and possibly other) issues on the notion of "owner":
If describing the relationship between Solid data pod / storage "owner" and AWWW's "URI ownership" is required, it can be done in another PR.
On merge of this PR, a follow-up PR will be made to the https://github.com/solid/vocab/ repository requesting to add and define the term "owner" in the Solid Terms vocabulary:
http://www.w3.org/ns/solid/terms#owner
. Proposal (derived from http://www.w3.org/ns/auth/acl#owner ):