Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 24 additions & 2 deletions lws10-core/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,29 @@ <h2>Document Conventions</h2>
<section id="introduction">
<h2>Introduction</h2>
<p>
This specification defines the Linked Web Storage (LWS) Protocol, which enables client applications to access and manage web resources, based on the identity and permissions of an agent.
</p>
<p>
By standardising how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The W3C style guide recommends using US English spelling.

Suggested change
By standardising how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.
By standardizing how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.

</p>
<p>
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server as a set of JSON-LD documents (and other representations). Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"A client navigates the resource hierarchy from a root container"

-->

"A client navigates the resource hierarchy from a root container which is the Storage resource itself,"

@elf-pavlik elf-pavlik Jul 13, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see why introduction should address such a nuance. There are already discussions in

No matter of the outcome I would still prefer that introduction stays generic enough that it doesn't affect it.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree with @elf-pavlik, we should keep the introduction high-level.

</p>
<p>
A agent's identity is confirmed through an identity provider that can be external to the Linked Web Storage server. This separation means the server does not manage credentials directly; rather, it receives and validates a signed authentication credential as a token issued by a trusted identity provider. A user can therefore present their existing identity to any compliant server, without needing a new or existing separate account on that server. User authentication is defined in companion specifications for OpenID Connect, SAML 2.0, and self-signed controlled identifiers (CIDs).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This paragraph gets into a lot of nuance about user identity that may or may not be true at "any compliant server". It might be better to focus more on how agents identify themselves with globally unique identifiers. Also, be careful about statements such as "User authentication is defined in ..." -- we don't define user authentication anywhere, but we do define how to integrate with some widely supported authentication systems.

</p>
<p>
Authorization determines whether a requesting agent has permission to access a resource or perform an operation on it. A compliant LWS server designates a resource manager for each resource that determines whether a resource is private (i.e., available only to its owner), restricted (i.e., available to a defined set of users), or public (i.e., available to any user). The server enforces the access decisions of the resource manager when handling each client request.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will also want to be careful about how much detail goes into this. "Private", "Restricted" and "Public" are somewhat simplistic measures of how authorization rules are expressed. There may also be operator or federation-defined rules that come into play, depending on specific deployment considerations. For example, there may be resources available to all users but only if they use certain applications. Or resources that are only available to certain attested AI agents (no users are involved)

</p>
<p>This specification is intended to be used by:</p>
<ul>
<li>Developers building client applications that access an agent's LWS resources</li>

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<li>Developers building client applications that access an agent's LWS resources</li>
<li>Developers building client applications that access LWS resources</li>

<li>Server implementers building compliant LWS servers that mediate access to an agent's web resources</li>

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<li>Server implementers building compliant LWS servers that mediate access to an agent's web resources</li>
<li>Developers building compliant servers that mediate access to LWS resources</li>

</ul>
<p>
Different compliant servers each maintain their own hierarchy of linked resources. An agent can navigate across servers using the same identity, with access to each server's resources determined by the permissions granted by that servers resource managers.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may be true in some cases, but it is not the case that an arbitrary agent identity can be used with every server.

</p>


<section id="resource-access">
<h2>Resource Access</h2>
Expand Down Expand Up @@ -203,7 +225,7 @@ <h2>Terminology</h2>

<div class="issue atrisk" title="Section may be removed">
<p>
This specification defines <a>operations</a> on <a>served resources</a>, the resulting change of state, and a <a>response</a> intended to give the <a>requesting agent</a> requested infomation or inform them of the outcome of the <a>operation</a>.
This specification defines <a>operations</a> on <a>served resources</a>, the resulting change of state, and a <a>response</a> intended to give the <a>requesting agent</a> requested information or inform them of the outcome of the <a>operation</a>.
An <dfn>operation</dfn> is any of the following actions that can be performed on a <a>served resource</a>:
</p>
<ul>
Expand All @@ -214,7 +236,7 @@ <h2>Terminology</h2>
</ul>

<p>
The folowing section will describe the semantics and <dfn>responses</dfn> of these operations but the following <dfn>core responses</dfn> apply to any operation:
The following section will describe the semantics and <dfn>responses</dfn> of these operations but the following <dfn>core responses</dfn> apply to any operation:
</p>
<ul>
<li><dfn>success</dfn> - the operation is believed to have completed. This may be accompanied by a <dfn>resource representation</dfn> conveying the contents of a <a>served resource</a>. A <a>success</a> response is not defined for the <a>create resource</a> operation. See instead <a href="#dfn-created">created</a>.</li>
Expand Down
Loading