My #SolidProject client and server are now ready for efficient access control demos on #BigData using the HTTP WG's 's "Signing HTTP Messages".

I can demo with a server publishing N resources (in this case, #LinkedData Event Stream (#LDES) data.
The client is implemented in #Scala using #http4s, and the server uses #Akka.
The libraries can be compiled to JS for use on #nodeJS frameworks too. Native is not far off, either.
The client need make no more than N+2 requests:

1. Request 1 on a resource R returning a "401 Unauthorised"
2. a max of 2 requests to get the access control rules
3. from there on, N signed requests using #HttpSignatures (when those all fall in the same container space)

Solid clients are essentially like Search Engine crawlers fetching data on the web, so they need to jump around from website to website. Having approx 2 requests extra per website for auth is very interesting in that scenario.

Note: those 2 requests can be cached, so those may be only needed once over a long period of time. The connection efficiency is possible by combining the following pieces:

• using the IETF's HTTPSig (a version from the beginning of the year)
• using default rules (part of the spec)
• caching of ACLs on the client
• the use of a "defaultAccessContainer" link header to reduce the number of requests.

I am trying to work out who may be interested in such a technical demo, what a good time for it may be, ...
so please just comment here or send me a mail at henry.story@bblfish.net

I have a #mastodon question: for #HTTPSignatures, do you also hash the "(request-headers) post /actor" line? I'm having a very hard time getting this to work, dispite what seems to be very clear docs.

I have a #mastodon question: for #HTTPSignatures, do you also hash the "(request-headers) post/actor" line? I'm having a very hard time getting this to work, dispite what seems to be very clear docs.

Notes so far on #Mastodon's #ActivityPub implementation, covering basics on #WebFinger, #HTTPSignatures, #JSONLD signatures, and #ActivityStream vocab. Pretty much a loosely-organized collection of links to useful specs and implementations for understanding how Mastodon specifically does things.

https://raphaelluckom.com/posts/Things%20I%27ve%20learned%20about%20ActivityPub%20so%20far.html

This is a mass surveillance action in the public eye #ukrainerussia #surveillance #httpsignatures https://m.youtube.com/watch?v=vdnTbeGtxuQ&feature=youtu.be&cbrd=1