diff --git a/meetings/2026-07-08.md b/meetings/2026-07-08.md new file mode 100644 index 00000000..4c2e6beb --- /dev/null +++ b/meetings/2026-07-08.md @@ -0,0 +1,120 @@ +# W3C Solid Community Group: Weekly + +* Date: 2026-07-08T14:00:00Z +* Call: https://meet.jit.si/solid-cg +* Repository: https://github.com/solid/specification + +## Chair + +* [elf Pavlik](https://elf-pavlik.hackers4peace.net) + +## Present + +* Alain Bourgeois +* Christoph Braun - [uvdsl](https://github.com/uvdsl) +* Jesse Wright - [jeswr](https://jeswr.org/#me) +* Biagio Boi - [biagioboi](https://github.com/biagioboi) +* Ross Horne +* [Erich Bremer](https://ebremer.com) +* Marc Haddle(marc.haddle@datasolids.com) +* Rui Zhao + +## Regrets + +* + +## Scribe + +* CB + +--- + +### Meeting Guidelines + +* [W3C Solid Community Group Calendar](https://www.w3.org/groups/cg/solid/calendar). +* [W3C Solid Community Group Meeting Guidelines](https://github.com/w3c-cg/solid/blob/main/meetings/README.md). +* No audio or video recording, or automated transcripts without consent. Meetings are transcribed and made public. If consent is withheld by anyone, recording/retention must not occur. +* Join queue to talk. +* Topics can be proposed at the bottom of the agenda to be discussed as time allows. Make it known if a topic is urgent or cannot be postponed. + +### Participation and Code of Conduct + +* [Join the W3C Solid Community Group](https://www.w3.org/community/solid/join), [W3C Account Request](http://www.w3.org/accounts/request), [W3C Community Contributor License Agreement](https://www.w3.org/community/about/agreements/cla/) +* [Solid Code of Conduct](https://github.com/solid/process/blob/main/code-of-conduct.md), [Positive Work Environment at W3C: Code of Conduct](https://www.w3.org/policies/code-of-conduct/) +* Operating principle for effective participation is to allow access across disabilities, across country borders, and across time. Feedback on tooling and meeting timing is welcome. +* If this is your first time, welcome! Please introduce yourself. + +--- + +## Introductions + +## Announcements + +### OS Tools meetings + +https://www.w3.org/events/meetings/a6b0a3dc-30fe-4f08-ac74-f51ba5418d07/ + +* JW: Going to be talking about Solid-OIDC and corresponding libs. + * ... Samu, Aaron, Christoph, Ben will be there. + +## Actions Review + +- JW to make a map of the different w2c group ( for TPAC ? ) + * JW: nothing to show right now, but similar work currently ongoing for a thing for LWS, so maybe show something for this next week. One application for the map is to help push adoption of shared needs in https://github.com/jeswr/http-query-adoption + +## Topics + +### Demos + +* CB: MANDAT - redirects between business app and authorization app + * ... Demo Video: https://purl.archive.org/mandatb2b/JWE2024 + * ... Solid World Feb 2025: https://vimeo.com/1062571527?share=copy#t=2921.799 + * ... Paper: https://journals.riverpublishers.com/index.php/JWE/article/view/27783 + * ... Latest development on Authorization App: https://github.com/uvdsl/solid-authorization-app +* eP: This is an interaction between a "regular app" to a "specialised app". + +### TPAC Session for Solid CG + +https://www.w3.org/events/tpac/2026/tpac-2026/ + +* JW: will check on LWS WG +* eP: Theo, could you coordinate with the Social CG/WG +* th: I can have a look, more time in September if that is not too late +* eP: I think it would be best used time to meet with other groups +* th: Never been to TPAC, so I don't know how sessions look, so I am not to comfortable to organize something. +* eP: It is already scheduled, so that part is done, it is more on preparing an agenda, what makes sense to discuss together. + +### Proposal: access controlled SPARQL query + +https://github.com/jeswr/solid-sparql-query + +* JW: response is over the named graphs, and the named graphs that you have access to +* CB: Solid resources can also be RDF datasets, so this might be a more general problem to solve +* eP: How do you discover the sparql endpoint of a query +* JW: Right now, just using the root container, but maybe it should be a different one +* eP: Maybe focus on the easy problems (like discovery) first, and then the difficult ones (like authorization) later + +### Proposal: upgrade to skip DPoP + +https://github.com/jeswr/dpop-sk-spec + +* JW: One of the discoveries form me benchmarking is that authentication is a substantial overhead. + * ... DPoP verification was the main bottleneck. + * ... so, the idea here is to allow clients to upgrade to a mechanism that does not require DPoP. +* RH: Who is being contacted in this process? +* JW: The access token from the AS is issued once, while the DPoP token is cryptographically verified. +* eP: DPoP only happens for the token exchange in Solid-OIDC? https://elf-pavlik.github.io/lws-auth/view/oidc/?dynamic=sequence (no dpop only aud restrictions) +* JW: Not sure if I follow. I understand DPoP to prevent an attacker to re-use extracted tokens. +* CB: various questions on upraded to what - concerns about extractability of the symmetric key + +### Proposal: WebAuthn re-authentication + +https://github.com/jeswr/solid-webauthn-reauth-spec + +### Proposal: intent handover (login as + open resource) + +https://github.com/solid/specification/issues/799 + +## Actions + +## Decisions