solid-spec icon indicating copy to clipboard operation
solid-spec copied to clipboard
verified publisher icon solid

What features are good candidates for being dropped before adopting a "don't break userspace" (no back-incompat) policy?

Open gobengo opened this issue 6 years ago • 6 comments

Inspired by tangential discussion in #116.

feature supported by used at (w/ links)
globbing elf-pavlik, melvincarvalho
Websockets API elf-pavlik,

gobengo avatar Mar 21 '19 21:03 gobengo

I think Websockets API might need to get evaluated against alternatives / complementary mechanisms like:

  • Server-sent Events - https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events
  • WebSub - https://www.w3.org/TR/websub/

In general having implementation based feedback for each feature would come very helpful.

elf-pavlik avatar Mar 21 '19 21:03 elf-pavlik

Yeah, I've been trying to ask around for use cases that can distinguish HTTP/2+SSE vs WebSockets, but there hasn't been anything very clear so far.

kjetilk avatar Mar 25 '19 13:03 kjetilk

One more I can think of - WebID-TLS could get limited only as one of the availaable auth method with some OPs, I haven't tested that but if somone has client cert installed in a browser and each RS tries to initiate WebID-TLS session it might cause a browser cert selection pop-up for each of those servers even if someone uses WebID-OIDC to authenticate with them. I could try testing it in next days unless someone already checked that scenario.

elf-pavlik avatar Mar 25 '19 13:03 elf-pavlik

I admit to like WebID-TLS, and I am hoping it can stay, and I see it as a simpler alternative for IoT devices that need to send data to Pods. So, I'm trying to think about architectures that can better support several authns side by side, as I also see several other mechanisms coming sliding in e.g. SAFE and then we have the whole DID, so I think we can't be very restrictive in that space.

kjetilk avatar Mar 25 '19 13:03 kjetilk

Another issue related to WebID-TLS https://github.com/solid/solid-spec/issues/145#issuecomment-480980113

NSS currently still allows authentication with client certificates. For that, NSS has to terminate the HTTPS connection, and NSS only does HTTP 1.1. While you can put a reverse proxy with HTTP/2 in front of NSS (which is what I do), this does break client-side certificates (or you have to find a way to forward the client certificate negotiation).

@dmitrizagidulin have you looked into Signing HTTP Messages (HTTP Signatures) since you designed WebID-OIDC. Maybe it could offer replacement of WebID-TLS?

elf-pavlik avatar Apr 08 '19 19:04 elf-pavlik

WebSub would be cool! (I'm currently getting my feed wet with WebMentions)

Ryuno-Ki avatar Apr 09 '19 18:04 Ryuno-Ki