-
Notifications
You must be signed in to change notification settings - Fork 14
Add introduction section #158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
954085c
0a39c38
cf9be25
4ada3f2
8f7c768
25cdda7
1e1ea84
810e52e
3187ac4
29ece08
624685f
ccafd9d
0293727
0f10e81
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -115,7 +115,29 @@ <h2>Document Conventions</h2> | |||||
| <section id="introduction"> | ||||||
| <h2>Introduction</h2> | ||||||
| <p> | ||||||
| This specification defines the Linked Web Storage (LWS) Protocol, which enables client applications to access and manage web resources, based on the identity and permissions of an agent. | ||||||
| </p> | ||||||
| <p> | ||||||
| By standardising how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other. | ||||||
| </p> | ||||||
| <p> | ||||||
| The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server as a set of JSON-LD documents (and other representations). Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses. | ||||||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "A client navigates the resource hierarchy from a root container" --> "A client navigates the resource hierarchy from a root container which is the Storage resource itself,"
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't see why introduction should address such a nuance. There are already discussions in No matter of the outcome I would still prefer that introduction stays generic enough that it doesn't affect it.
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. agree with @elf-pavlik, we should keep the introduction high-level. |
||||||
| </p> | ||||||
| <p> | ||||||
| A agent's identity is confirmed through an identity provider that can be external to the Linked Web Storage server. This separation means the server does not manage credentials directly; rather, it receives and validates a signed authentication credential as a token issued by a trusted identity provider. A user can therefore present their existing identity to any compliant server, without needing a new or existing separate account on that server. User authentication is defined in companion specifications for OpenID Connect, SAML 2.0, and self-signed controlled identifiers (CIDs). | ||||||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This paragraph gets into a lot of nuance about user identity that may or may not be true at "any compliant server". It might be better to focus more on how agents identify themselves with globally unique identifiers. Also, be careful about statements such as "User authentication is defined in ..." -- we don't define user authentication anywhere, but we do define how to integrate with some widely supported authentication systems. |
||||||
| </p> | ||||||
| <p> | ||||||
| Authorization determines whether a requesting agent has permission to access a resource or perform an operation on it. A compliant LWS server designates a resource manager for each resource that determines whether a resource is private (i.e., available only to its owner), restricted (i.e., available to a defined set of users), or public (i.e., available to any user). The server enforces the access decisions of the resource manager when handling each client request. | ||||||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We will also want to be careful about how much detail goes into this. "Private", "Restricted" and "Public" are somewhat simplistic measures of how authorization rules are expressed. There may also be operator or federation-defined rules that come into play, depending on specific deployment considerations. For example, there may be resources available to all users but only if they use certain applications. Or resources that are only available to certain attested AI agents (no users are involved) |
||||||
| </p> | ||||||
| <p>This specification is intended to be used by:</p> | ||||||
| <ul> | ||||||
| <li>Developers building client applications that access an agent's LWS resources</li> | ||||||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
| <li>Server implementers building compliant LWS servers that mediate access to an agent's web resources</li> | ||||||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
| </ul> | ||||||
| <p> | ||||||
| Different compliant servers each maintain their own hierarchy of linked resources. An agent can navigate across servers using the same identity, with access to each server's resources determined by the permissions granted by that servers resource managers. | ||||||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This may be true in some cases, but it is not the case that an arbitrary agent identity can be used with every server. |
||||||
| </p> | ||||||
|
|
||||||
|
|
||||||
| <section id="resource-access"> | ||||||
| <h2>Resource Access</h2> | ||||||
|
|
@@ -203,7 +225,7 @@ <h2>Terminology</h2> | |||||
|
|
||||||
| <div class="issue atrisk" title="Section may be removed"> | ||||||
| <p> | ||||||
| This specification defines <a>operations</a> on <a>served resources</a>, the resulting change of state, and a <a>response</a> intended to give the <a>requesting agent</a> requested infomation or inform them of the outcome of the <a>operation</a>. | ||||||
| This specification defines <a>operations</a> on <a>served resources</a>, the resulting change of state, and a <a>response</a> intended to give the <a>requesting agent</a> requested information or inform them of the outcome of the <a>operation</a>. | ||||||
| An <dfn>operation</dfn> is any of the following actions that can be performed on a <a>served resource</a>: | ||||||
| </p> | ||||||
| <ul> | ||||||
|
|
@@ -214,7 +236,7 @@ <h2>Terminology</h2> | |||||
| </ul> | ||||||
|
|
||||||
| <p> | ||||||
| The folowing section will describe the semantics and <dfn>responses</dfn> of these operations but the following <dfn>core responses</dfn> apply to any operation: | ||||||
| The following section will describe the semantics and <dfn>responses</dfn> of these operations but the following <dfn>core responses</dfn> apply to any operation: | ||||||
| </p> | ||||||
| <ul> | ||||||
| <li><dfn>success</dfn> - the operation is believed to have completed. This may be accompanied by a <dfn>resource representation</dfn> conveying the contents of a <a>served resource</a>. A <a>success</a> response is not defined for the <a>create resource</a> operation. See instead <a href="#dfn-created">created</a>.</li> | ||||||
|
|
||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The W3C style guide recommends using US English spelling.