Testing SAFE and WebID


#1

I guess I cheated a bit and made myself a new user name on this forum so I could get a second invite token and start testing SAFE from scratch. So now I really want to understand what a WebID is, and create some that make sense.

Let’s say I want my Nickname to be “Yog” and my Name to be “Yog Sothoth”. Are all characters allowed, including white spaces, or are there restrictions?

I’m guessing the asterisks mean the fields are required. This should probably be stated explicitly on the WebID Profile Manager page. Also note that there are three different spellings for the same thing on this one page: WebID, webId and Web ID. I’m the sort of person who gets confused by this.

I would then like to set my Web ID URI to be “yog-sothoth” and the main page of my Website to be safe://yog-sothoth/index.html. But I don’t want to create a sub-domain yet. How was e.g. the following URI created with no sub-domain?

safe://udhr

Looking at the example site above I happened to notice an error in the language list. Whoever administers the page, this should be changed:

Русском -> Русский


#2

FYI: you can ask in a PM to the moderators for a new invite, so you don’t have to create a new user, which we prefer you don’t do.

Edit, from the guidelines:

Do not do any of the following:

  • Create and use multiple accounts/sockpuppets.

#3

There is currently no restrictions, although we should probably enforce a length limit, look at this issue raised a few days back: https://github.com/maidsafe/safe-web-id-manager-js/issues/14

I just raised this as an issue: https://github.com/maidsafe/safe-web-id-manager-js/issues/19

Currently this application doesn’t support creating WebIDs without a subdomain/subName, that’s why it’s requesting you to enter a WebID URL which is of format safe://<subdomain>.<domain>.

On the other hand, the URL you enter as your website is just to link it from your WebID but the application won’t be creating that website for you, you’d need to separately create it with the Web Hosting Mgr. app, and then you can set the website URL in your WebID.

Since the WHM does support creating websites at URLs with no subdomain you will be able to publish it as you are describing, i.e. safe://yog-sothoth/index.html, just launch the WHM (v0.5.1), create a public name yog-sothoth (or udhr) and upload your website using www as the service name, once you do that you should be able to visit your website with safe://yog-sothoth.

However, note there is a limitation in the WebID Mgr that it won’t allow you create a WebID at a domain which was created by the WHM (or other app), so you won’t be able to create your WebID with the same domain as the website you created with the WHM. The explanation for this limitation has to do with the fact that WHM is still not generting RDF data for publicnames info, while WebID Mgr app does, therefore they are at the moment incompatible in the data representation format. This will ofc change once we have fully defined the format and ontologies we want to use for our public names data, e.g. this is one of the current proposals: https://forum.safedev.org/t/rfc-public-name-system-resolution-and-rdf/2185


#4

A WebID is a URI which must end with a fragment (the #me or #id etc at the end).

To be clear, the profile document is not a WebID, but is that part of the WebID with the fragment removed.

And a Public Name is part of a WebID, as a domain name is part of a WebID.

So what is permitted as a WebID follows what is permitted in a safe: URI.

I think we are unconsciously defining a slightly different form, which we might call a SafeID, which looks like a Public Name but can be used to derive a WebID (by augmenting it to make a WebID compatible safe: URI for which a profile document has been created).

At the moment the SafeID is being called a WebID and I think it is causing confusion. So it might help to define it and use the two distinct terms.


#5

That’s arguably an underestimation, or at least innacurate :wink: , we believe there is no reason to make such a restriction in WebIDs URLs, specially because there is a foaf:primaryTopic predicate (http://xmlns.com/foaf/spec/#term_primaryTopic) present in the profile document, so from a WebID URL with no frament you should be able to infer the default agent from the foaf:primaryTopic tripple. Even something like this should be a valid WebID URL: safe://hyfktce8y5dan138fafw6ymxjwxgqnzos38rxxm55dgddjxb54xikmo9jfv


#6

I’m not sure if that’s the case Gabriel. If it is, all good, but best to check that with Tim or Henry Story because it is my understanding the fragment is required.


#7

You are right, and it’s also my understanding, what I’m saying is that we shouldn’t enforce that, and we can use the foaf:primaryTopic, so it’s still compatible with external systems (like Solid) but we use the self-descriptive nature of the profile document itself for SAFE apps. I get DIDs don’t require a fragment either (https://w3c-ccg.github.io/did-spec/).


#8

Being dumb here perhaps… I don’t understand what you mean by compatible with systems using a WebID.

Either way, I think it would help avoid confusion if we differentiate between a WebID and something that is compatible, but not a WebID. We can then explain the differences and how one can be used in a ‘compatible’ way, as the other (depending on what ‘compatible’ means).


#9

I just mean in the sense that a non-SAFE app may be fetching a WebID published at SAFE network, e.g. if a Solid app is fetching a WebID from SAFE, or a Solid app storing a WebID on SAFE, any Solid app probably uses the fragment since it’s marked as required in the spec and they can fetch it from SAFE with the fragment, whilst any other app could fetch them even without providing a fragment.

I agree, we had a brief discussion about this with marketing also proposing safe-id, or something like it.


#10

Team - any chance we could build webID/publicID in a way that it is integrated to use decentralized identities created by Microsoft and some of the other top companies. We dont want to be running SAFE identities in a vacuum - would be good if these can work with the decentralized identities created by some of the bigger companies. User adoption will be much quicker, faster, widespread and easier for everyday user. And they will get all benefits of SAFE network as well. What does everyone think?


#11

That would certainly be desirable - in a perfect world. As it is now, though, the whole business model of companies like Microsoft turns on being as incompatible as possible with everything else - one of the many reasons we need projects like SAFE and SOLID.

I don’t think one second of Maidsafe’s time should be spent chasing moving targets like Microsoft “standards”. (Think Office Open XML). If MS feels they want to be compatible with SAFE, they can become so very quickly. If they don’t, I don’t think there is anything Maidsafe can do about it. MS would just change their way of doing things precisely in order to stay incompatible and avoid competition of any sort.


#12

If, as I suspect, @gsingh2000 is referring to the Decentralized Identity Foundation (DIF) which Microsoft became a member of a few months ago then - provided Maidsafe’s WebIDs are compatible in terms of aims and technology - it would certainly make sense to be compliant with those standards, particularly as MS is also working with W3C in this area. If you look at the contributors it’s not just Microsoft (and IBM) working on standards in this area but also decentralised web firms like Blockstack, IOTA and Enigma and personal data economy startups like Meeco who have professed an interest in SAFE in the past. That said, there may be competitive standards emerging too, but a quick Duckduckgo didn’t bring up very much.


#13

EXACTLY!. Thanks JPL.

The key to SAFE success is UTILITY + ADOPTION. Utility is also key to adoption but developing something integrated with evolving industry standards without compromising on utility is a killer combination. Decentralized identities is big. If webID/PublicID can integrate with the DIF standards it will be critical. Else we run the risk of becoming a pure academic research project, at best. Just speaking from layman side in layman terms. and Just my personal opinion. Nothing more!


#14

That’s interesting — I didn’t know that and looked it up in the WebID standard:

For WebIDs without fragment identifiers an HTTP request on the WebID MUST return a 303 with a Location header URI referring to the Profile Document.


Technically it’s not up to us to decide what restrictions we make. WebID is defined by both the W3C standard and conventionalised by Solid. My quote from the standard shows there is no room for debate: WebID is what the standard says it is, anything else is not WebID. (Last year we discussed a few areas where SAFE will deviate.)

The quote from the standard also shows that WebID assumes it’s built upon HTTP. So, technically by that definition anything on SAFE will not be WebID. I know this is pedantic, but it’s good to be precise so we’re all on the same page as developers.


On a related note about the SAFE WebID manager (shown in the screenshot in OP): The page requires the nickname to be entered, but strictly that’s unnecessary according to the ‘Solid WebID Profiles Spec’:

  1. A profile MAY provide a foaf:nick nickname as a short string for use by user interfaces where space is limited.

Again, this is pedantic, but not following the standards causes confusion and possible incompatibility in the future.


#15

Thanks for picking up on that, @Sascha.

If you’re feeling up to it, it’d be amazing to see some PRs sorting these wee things in the apps. (or bigger things!).

You can find the inconsistencies over here.

And there’s a decent github starter guide for making PRs here. Though if you fancy getting into it and want more help don’t be afraid to shout!


#16

More generally, as @bzee points out, as we aren’t valid due to not being https, so I think it’s definitely sensible to be looking to clarify this difference (and so we can drop the fragment need and use a primaryTopic marker to stay compatible), that should hopefully clarify the ID setup (and naming) on SAFE.

Which will probably need an RFC, to get that specced out properly (which shouldn’t be a big one TBH… incase anyone is feeling RFCy :wink: ).

True, true. We needed this for the POC apps (and it’s still needed for Patter at the moment). I’m not against removing that requirement. Though we’ll have to update patter accordingly too.

PRs to both are more than welcome! (Though both patter/web id manager need some CI love to smooth the PR process out :expressionless: ).


#18

Safe team and Forum members - any thoughts on my comment above?


#19

Hi @gsingh2000! Sorry for a late reply on this.

I’ve glanced through the DIF documents, and it’s great to see they’re basing specs on Linked Data and the prior W3C work like DID (and it seems that DIF works on the W3C recommendations, too). It’s something that we’re working on too, implementing the W3C recommendations like RDF and WebID as a part of the SAFE tech stack.

I think we should follow these developments closely. I’ll read more on that, and will share an expanded opinion soon. However, one possible obstacle to adoption and integration with these standards comes to my mind: it is the need to integrate SAFE with the clearnet and/or blockchains. This requirement has multiple security implications, but I also think there are ways to alleviate it e.g. by allowing to migrate your identity to the SAFE Network by using a tool integrated into the SAFE Browser.

This topic deserves more research though – thanks for sharing links, ideas, and thoughts about this!


#21

I am not a technical person so dont know how webID or safeID are being developed. All I am trying to say is that keeping SAFENET integrity is key and principles of security etc dont need to be compromised. However, corporations will need SAFENET as much as individuals - as they need to protect their data from hackers as well. Lets think of the positives. I just want that whatever mechanism is used SAFEID /webID - that they are developed based on open standards laid out by W3C or provide some integration options with those standards. That will increase safenet adoption and will benefit a lot of people - for the good of mankind.

If SAFE goes on to develop its own open standard for webID, and expects world to follow - most likely, it will end up being a research project. We need global adoption. The world needs SAFENET - “for all the good reasons”.


#22

Am I right in saying that you are referring to situations where

  • A company that deals with customers (eg online shop) needs to verify a returning customer is actually the customer they claim to be. For the purposes of showing order progress etc. In these cases the user needs to use the same ID they did last time.
  • A company needs to know that its an employee that is trying to access company data and to restrict access according to the ID used.
  • etc

These will be valid cases for knowing the ID. The amount of information the ID reveals depends on the application and what the person reveals when using the ID