Skip to content

Add introduction section#158

Open
jeremycaine wants to merge 14 commits into
w3c:mainfrom
jeremycaine:introduction-section
Open

Add introduction section#158
jeremycaine wants to merge 14 commits into
w3c:mainfrom
jeremycaine:introduction-section

Conversation

@jeremycaine

@jeremycaine jeremycaine commented May 15, 2026

Copy link
Copy Markdown

Editorial - write an introduction section to the LWS specification


Preview | Diff

Comment thread lws10-core/index.html Outdated
Comment thread lws10-core/index.html Outdated
Comment thread lws10-core/index.html Outdated
Comment thread lws10-core/index.html Outdated
Comment thread lws10-core/index.html Outdated
Comment thread lws10-core/index.html Outdated
jeremycaine and others added 5 commits June 11, 2026 17:10
relaxing as JSON-LD is not only media type

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
elaborate on private, public and restricted

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
point that an LWS account not required; plus CIDs

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Comment thread lws10-core/index.html Outdated
</p>
<p>This specification is intended to be used by:</p>
<ul>
<li>Developers building client applications that access a user&rsquo;s LWS resources</li>

@ebremer ebremer Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<li>Developers building client applications that access a user&rsquo;s LWS resources</li>
<li>Developers building client applications that access a user's external web resources</li>

An LWS Resource isn't defined yet

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ebremer we define LWS Resource in Terminology

@ebremer ebremer Jun 29, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but it comes after. I suggest we keep your text the same and hyperlink it to the definition.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<li>Developers building client applications that access a user&rsquo;s LWS resources</li>
<li>Developers building client applications that access a user&rsquo;s <a>LWS resource</a>s</li>

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Comment thread lws10-core/index.html Outdated
<li>Server implementers building compliant LWS servers that mediate access to a user&rsquo;s external web resources</li>
</ul>
<p>
Different compliant servers each maintain their own hierarchy of linked resources. A user can navigate across servers using the same identity, with access to each server&rsquo;s resources determined by the permissions granted by that server&rsquo;s resource managers.

@TallTed TallTed Jun 29, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious why the ampersand-escaped curly apostrophes (’ &rsquo;) are preferred over the straight (' &apos;), where the latter are easily typed and read as a single character in the HTML source as well as the delivered rendering, while the former require careful typing and reading of 7 characters wedged between two other non-space characters, as well as the non-space characters surrounding those 7, all of which means that spell-check is even less helpful than usual, when checking HTML files.

Comment thread lws10-core/index.html Outdated
This specification defines the Linked Web Storage (LWS) Protocol, which enables client applications to access and manage web resources stored externally, based on the identity and permissions of the user.
</p>
<p>
By standardising how a LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
By standardising how a LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.
By standardising how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.

Comment thread lws10-core/index.html Outdated
This specification defines the Linked Web Storage (LWS) Protocol, which enables client applications to access and manage web resources stored externally, based on the identity and permissions of the user.
</p>
<p>
By standardising how a LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure "containers and containment relationships" and "metadata" are of equal (and most important) weight regarding what is meant by "linked resources"? I thought container is a specification detail, and what matters more is the metadata and returned JSON-LD/RDF document about resource locations / relationships.

Comment thread lws10-core/index.html Outdated
This specification defines the Linked Web Storage (LWS) Protocol, which enables client applications to access and manage web resources stored externally, based on the identity and permissions of the user.
</p>
<p>
By standardising how a LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The part "metadata that describes how the resources relate to each other" doesn't appear right to me... Metadata are more than that, even just considering the most critical parts of LWS (e.g. access / permission, types, etc).

Comment thread lws10-core/index.html Outdated
By standardising how a LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.
</p>
<p>
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server, commonly as a set of JSON-LD documents. Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server, commonly as a set of JSON-LD documents. Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are partially managed by the server, commonly as a set of JSON-LD documents. Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@renyuneyun
Since "Resources" are included in the list, I don't think that "managed" here means "has exclusive control over", and so "partially" may not be required here...

@jeremycaine
I would remove "commonly as a set of JSON-LD documents." which overemphasizes the role of JSON-LD in LWS. Granted, all LWS-specific resources (containers, in particular) have JSON-LD representations. But primary resources and metadata can use a variert of other formats.

Comment thread lws10-core/index.html Outdated
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server, commonly as a set of JSON-LD documents. Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.
</p>
<p>
A user&rsquo;s identity is confirmed through an identity provider external to the Linked Web Storage server. This separation means the server does not manage credentials directly; rather, it receives and validates a signed authentication credential as a token issued by a trusted identity provider. A user can therefore present their existing identity to any compliant server, without needing a new or existing separate account on that server. User authentication is defined in companion specifications for OpenID Connect, SAML 2.0, and self-signed controlled identifiers (CIDs).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
A user&rsquo;s identity is confirmed through an identity provider external to the Linked Web Storage server. This separation means the server does not manage credentials directly; rather, it receives and validates a signed authentication credential as a token issued by a trusted identity provider. A user can therefore present their existing identity to any compliant server, without needing a new or existing separate account on that server. User authentication is defined in companion specifications for OpenID Connect, SAML 2.0, and self-signed controlled identifiers (CIDs).
A user&rsquo;s identity is confirmed through an identity provider that can be external to the Linked Web Storage server. This separation means the server does not manage credentials directly; rather, it receives and validates a signed authentication credential as a token issued by a trusted identity provider. A user can therefore present their existing identity to any compliant server, without needing a new or existing separate account on that server. User authentication is defined in companion specifications for OpenID Connect, SAML 2.0, and self-signed controlled identifiers (CIDs).

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understood from the April f2f that we said an LWS server does not implement the identity server - out of scope, an external system. If that is not correct then we can apply your suggestion. Do others recall?

@acoburn acoburn Jul 6, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the f2f meeting, an LWS server is not required to implement an identity server. That is different than saying that an LWS server must not implement an identity server. The suggested change clarifies that an identity provider can be external to the LWS server (but is not required to be)

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok fixed.

Comment thread lws10-core/index.html Outdated
By standardising how a LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.
</p>
<p>
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server, commonly as a set of JSON-LD documents. Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@renyuneyun
Since "Resources" are included in the list, I don't think that "managed" here means "has exclusive control over", and so "partially" may not be required here...

@jeremycaine
I would remove "commonly as a set of JSON-LD documents." which overemphasizes the role of JSON-LD in LWS. Granted, all LWS-specific resources (containers, in particular) have JSON-LD representations. But primary resources and metadata can use a variert of other formats.

Comment thread lws10-core/index.html Outdated
<p>This specification is intended to be used by:</p>
<ul>
<li>Developers building client applications that access a user&rsquo;s LWS resources</li>
<li>Server implementers building compliant LWS servers that mediate access to a user&rsquo;s external web resources</li>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<li>Server implementers building compliant LWS servers that mediate access to a user&rsquo;s external web resources</li>
<li>Server implementers building compliant LWS servers that mediate access to a user&rsquo;s web resources</li>

I don't understand why those resources are qualified as "external". External to what? I read it as "external to the server", which is not the idea I have of your typical LWS resource. (yes, an LWS server, just like an HTTP server, could be a front-end for a legacy system which is the actual "location" of the resources, but many LWS servers will actually "own" their resources -- plus, from the client's perspective, this distinction does not really matters).

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have removed references to 'externally managed'. I now see it that an LWS server define 1 or more storages. Those storages are at any URL location. Then the LWS manages a hierarchy of containers/data resource in those storages. The LWS server does CRUD on the data resources. Some other non-LWS external actor has the power to delete a resource by example - resulting in the LWS hierarchy information being out of sync (and so return 'resource not found' error.

Comment thread lws10-core/index.html
By standardising how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.
</p>
<p>
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server as a set of JSON-LD documents (and other representations). Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"A client navigates the resource hierarchy from a root container"

-->

"A client navigates the resource hierarchy from a root container which is the Storage resource itself,"

@elf-pavlik elf-pavlik Jul 13, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see why introduction should address such a nuance. There are already discussions in

No matter of the outcome I would still prefer that introduction stays generic enough that it doesn't affect it.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree with @elf-pavlik, we should keep the introduction high-level.

Comment thread lws10-core/index.html Outdated
A user's identity is confirmed through an identity provider that can be external to the Linked Web Storage server. This separation means the server does not manage credentials directly; rather, it receives and validates a signed authentication credential as a token issued by a trusted identity provider. A user can therefore present their existing identity to any compliant server, without needing a new or existing separate account on that server. User authentication is defined in companion specifications for OpenID Connect, SAML 2.0, and self-signed controlled identifiers (CIDs).
</p>
<p>
Authorization determines whether a requesting user has permission to access a resource or perform an operation on it. A compliant LWS server designates a resource manager for each resource that determines whether a resource is private (i.e., available only to its owner), restricted (i.e., available to a defined set of users), or public (i.e., available to any user). The server enforces the access decisions of the resource manager when handling each client request.

@gibsonf1 gibsonf1 Jul 13, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"resource manager" I see now from the diagrams that this is referring to the top level system interface component of the Storage, so why not call this the "Storage Manager"?

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's discuss - Resource Manager description is "Manages data resources, containers, containment and linksets" - this could expand to add in all things in LWS server including authorisation and authentication objects; we have Storage Controller controlling all the resources in the storage.

Storage Controller is in Terminology; Resource Manager or Storage Manager are not yet in the Terminnology section.

@jeremycaine

Copy link
Copy Markdown
Author

update of various

  • remove externally
  • change user to agent

I believe only outstanding debate point was a name for what is currently "Resource Manager". I see this as the component that manages any operational object of the LWS server through other components including authentication, authorisation, storage, and data resources.

Comment thread lws10-core/index.html
This specification defines the Linked Web Storage (LWS) Protocol, which enables client applications to access and manage web resources, based on the identity and permissions of an agent.
</p>
<p>
By standardising how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The W3C style guide recommends using US English spelling.

Suggested change
By standardising how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.
By standardizing how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.

Comment thread lws10-core/index.html
By standardising how an LWS server manages and provides access to a hierarchy of linked resources, the protocol enables users to use different LWS client applications to interact with the same stored data. These linked resources are defined through containers and containment relationships that describe where things are located, and metadata that describes how the resources relate to each other.
</p>
<p>
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server as a set of JSON-LD documents (and other representations). Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree with @elf-pavlik, we should keep the introduction high-level.

Comment thread lws10-core/index.html
The protocol defines standard operations on these resources to create, read, update, and delete. Resources, their containment, and their metadata are managed by the server as a set of JSON-LD documents (and other representations). Each resource is identified by a URI. A client navigates the resource hierarchy from a root container, discovering contained resources and their relations through links provided in server responses.
</p>
<p>
A agent's identity is confirmed through an identity provider that can be external to the Linked Web Storage server. This separation means the server does not manage credentials directly; rather, it receives and validates a signed authentication credential as a token issued by a trusted identity provider. A user can therefore present their existing identity to any compliant server, without needing a new or existing separate account on that server. User authentication is defined in companion specifications for OpenID Connect, SAML 2.0, and self-signed controlled identifiers (CIDs).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This paragraph gets into a lot of nuance about user identity that may or may not be true at "any compliant server". It might be better to focus more on how agents identify themselves with globally unique identifiers. Also, be careful about statements such as "User authentication is defined in ..." -- we don't define user authentication anywhere, but we do define how to integrate with some widely supported authentication systems.

Comment thread lws10-core/index.html
A agent's identity is confirmed through an identity provider that can be external to the Linked Web Storage server. This separation means the server does not manage credentials directly; rather, it receives and validates a signed authentication credential as a token issued by a trusted identity provider. A user can therefore present their existing identity to any compliant server, without needing a new or existing separate account on that server. User authentication is defined in companion specifications for OpenID Connect, SAML 2.0, and self-signed controlled identifiers (CIDs).
</p>
<p>
Authorization determines whether a requesting agent has permission to access a resource or perform an operation on it. A compliant LWS server designates a resource manager for each resource that determines whether a resource is private (i.e., available only to its owner), restricted (i.e., available to a defined set of users), or public (i.e., available to any user). The server enforces the access decisions of the resource manager when handling each client request.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will also want to be careful about how much detail goes into this. "Private", "Restricted" and "Public" are somewhat simplistic measures of how authorization rules are expressed. There may also be operator or federation-defined rules that come into play, depending on specific deployment considerations. For example, there may be resources available to all users but only if they use certain applications. Or resources that are only available to certain attested AI agents (no users are involved)

Comment thread lws10-core/index.html
</p>
<p>This specification is intended to be used by:</p>
<ul>
<li>Developers building client applications that access an agent's LWS resources</li>

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<li>Developers building client applications that access an agent's LWS resources</li>
<li>Developers building client applications that access LWS resources</li>

Comment thread lws10-core/index.html
<p>This specification is intended to be used by:</p>
<ul>
<li>Developers building client applications that access an agent's LWS resources</li>
<li>Server implementers building compliant LWS servers that mediate access to an agent's web resources</li>

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<li>Server implementers building compliant LWS servers that mediate access to an agent's web resources</li>
<li>Developers building compliant servers that mediate access to LWS resources</li>

Comment thread lws10-core/index.html
<li>Server implementers building compliant LWS servers that mediate access to an agent's web resources</li>
</ul>
<p>
Different compliant servers each maintain their own hierarchy of linked resources. An agent can navigate across servers using the same identity, with access to each server's resources determined by the permissions granted by that servers resource managers.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may be true in some cases, but it is not the case that an arbitrary agent identity can be used with every server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants