Words matter. And if the phrase, “From the River to the Sea, Palestine Will Be Free,” is not, as some people chanting it claims, a call for the elimination of Israel..then accept that is what it sounds like to another group of people and pick a new phrase. GitHub got rid of Master because the computer terminology of Master/Slave was an issue for some. Otherwise, you are just proving the point. You know what reaction you’ll get because you want that reaction. And if you legitimately don’t, why do you put the blame on the people who are offended for not understanding that you didn’t mean to refer to the classical meaning of the phrase? Especially if you feel you are coming from the moral high ground? People have every right to say what they think and as an American I defend their right to say it.
New Thoughts on Ticketing for IndieAuth
On many occasions in the past, I’ve participated in private post discussions as part of various Indiewebcamp events.
Private resources…posts, feeds, or any sort of private content, is one of the holy grails of the Indieweb community. Everyone seems to want it, but we haven’t made that much progress on a simple solution.
In order to enable the ability for an arbitrary person to get access to private resources we need to give them some sort of credential to do so.
There were multiple proposals…Private Webmentions, AutoAuth…etc floated. Most recently, in 2020, we started talking about Ticket Auth….which we just renamed Ticketing for IndieAuth.
The rename is because the proposal is an extension to IndieAuth, it isn’t an authentication system by itself. None of the previous efforts clicked with me. They seemed to be…too much. The joy I have with of Indieweb protocols is how easy they are. That is a credit to how the community has developed and written them.
The concept of ticketing, which is the same concept used in Private Webmentions in 2016, is that the publisher is the one initiating the interaction. AutoAuth, by comparison, starts the flow with the consumer requesting access.
A ticket is an invitation in the form of a code that the consumer can redeem for a token, the same way a ticket to an amusement park is redeemed for entry.
The problem with requesting access is that it assumes the consumer knows about the private resource…which by itself could be leaking information the publisher doesn’t want to know.
So, that means the first step for our proposal has to be that it does not require the resource to advertise itself. That doesn’t mean it can’t…it means that requirement isn’t built into the protocol.
So, as the story goes, our publisher…let’s call him Zeke, wants to let Yoshi access Zeke’s private resource…let’s say a private feed. Why? Who cares? Zeke does.
So Zeke polls Yoshi’s website and sees he advertises a ticket endpoint as part of his IndieAuth configuration. A ticket endpoint indicates to Zeke that Yoshi is set up to receive tickets and redeem them for tokens. So, Zeke sends Yoshi a ticket.
Yoshi’s ticket endpoint receives the ticket, and redeems it for a token from Zeke’s token endpoint(the thing that issues tokens for Zeke). Now, what Yoshi does with the token isn’t in the protocol, that’s Yoshi’s business. Yoshi can integrate the ticket endpoint with a reader that will retrieve the content for Yoshi to read, or whatever.
In my opinion, that’s all this extension is meant to be. and there are some rough edges about that exchange we have to smooth. But it is simple, it works…
I differ with another community member on this, who wrote this draft version of an IndieAuth Ticketing specification because, if I understand correctly, while I think not defining all the parts he needed for his dream implementation within this specific protocol was a strength, he considers it a weakness.
This includes the original ticket endpoint, which he refers to as the ‘ticket deposit’ flow. And the redeeming of that ticket, which he calls the ‘ticket grant’ flow. But it adds additional pieces…
First is the ‘ticket wanted’ flow, which creates another endpoint for a user to request a ticket. Now, this is something we did discuss as a possible optional piece that could be implemented to indicate to a publisher you wanted a token. But is it a necessary component for this concept? If we do put in a flow like this, it should be truly optional to implement.
Second is the ‘authorization code on-behalf-of’ flow. This flow is an attempt to solve a different problem, which I’m saying is also out of band for Ticketing. It is how you can request a token on behalf of someone else. This flow seems to be based on RFC8693.
It seems complicated to me because it relies on the reader/client asking Yoshi to request a ticket from Zeke(using that ticket wanted flow), and then getting the ticket and using it.
The question that seems more within the scope of the Ticketing extension is…if your ticket endpoint can redeem a token, how would you pass it to a client or reader to use? We started with the assumption the ticket endpoint would do the redemption.
I think there is certainly a bigger discussion about this to be had…token delegation. I think there may be other solutions that might work with the goal of a simplified flow. As it stands, assuming the token is used by a tightly coupled endpoint, how the token is used can be out of band for now.
For me, right now, I’m focused on sending of a ticket and its subsequent redemption and sorting out a few lingering questions about that, and then I’d can implement simple token exchanges with others and iterate on that.
What do everyone think?
I always love it when the cable company shows up to tell me that the signal into my home TOO powerful and that's why it wasn't working.
I need to stop ordering keyboards. I’m not sure why I keep trying out new ones.
Playing with the new IndieAuth update for WordPress, version 4.3.0
Spent the weekend, due work, at the Dublin Hebrew Congregation for Rosh Hashanah. While, I’m not thrilled at how this played out, the community was very welcoming to someone who showed up last minute. Hope I get a chance to return in future.
Syndication is Hard
Recently, in a conversation, it was asked how the syndication in my WordPress plugin, Syndication Links works. The syndication principle used here is POSSE…Post On your Site, Syndicate Elsewhere…so your site does all the heavy lifting.
Syndication Links is more of a framework for syndication, as opposed to actually doing all the work. It is expandable via plugin or extension, or additional providers being added.
There is a lot more I’d like to do with it, but providers keep making it harder to interface with their services. But…that isn’t the problem that prompted me to write this.
I’ve integrated support for using Bridgy. In the past, I used Bridgy’s Webmention publishing support. This would trigger Bridgy to read the web page and interpret the Microformats in the page and publish to the various sites it supports. Then, Bridgy added support for Micropub…allowing the sending of microformats properties directly…which meant regardless of the WordPress theme, the results could be consistent.
The problem is, Bridgy has some very developed opinions about how to publish that Syndication Links doesn’t yet..although they are under development.
Right now, if the content is longer than a certain length(dictated by the maximum length of the provider), the code will replace it with link + title, but can be overridden by a setting, which would send the entire content to Bridgy…who might truncate it inconsistently.
There is also an option for using the manual excerpt option in WordPress, if set…but not an auto-generated excerpt.
But, looking to improve this…like figuring out how to take advantage of additional properties supported by Bridgy and to custom-render a better submission int he first place. But…first, have to figure out how.
Opted for this post rather than a GitHub issue because I thought it might get some feedback and traction.
Beko Pharm (beko.famkos.net)I like eye-candy for my #WordPress #hCard and for the longest time I did override the generic icon for missing SVGs via CSS. This never fixed the titles thought and after starting to mass non descriptive links all named “website” I started to dig into the code class-relme-domain-icon-map.php of the #IndieWeb plugin.
Turns out Rel_Me_Domain_Icon_Map does some file system shacking for unknown domains in wp-content/plugins/indieweb/static/svg/ so I fixed myself some symbolic links:discuss-dot-tchncs-dot-de.svg -> lemmy.svg
live-dot-famkos-dot-net.svg -> owncast.svg
nerdpol-dot-ch.svg -> diaspora.svg
social-dot-tchncs-dot-de.svg -> mastodon.svg
t-dot-me.svg -> telegram.svg
tube-dot-tchncs-dot-de.svg -> peertube.svg
[…]The title is read directly from the SVG so adding a title tag so custom SVGs helps with that.
That’s a lot of CSS that I can remove now 🤓
Anything I can help with?
I just compared two identically branded packs of crew socks. When I say brand, same product name, same company…but one is 60% Polyester and 38% cotton, the other is 58% cotton and 38% polyester. What is going on here?
Help, I’m trapped in a Van Gogh painting.
I have hit a milestone, I just replaced the last light switch in my apartment with a smart switch.
Do all Irish tour bus drivers secretly wish to be singers?
Last day for the Aer Lingus Terminal 5 lounge. Tomorrow they break it down and move the stuff over to Terminal 7.
Standing at JFK Terminal 5, Sam Cooke’s A Change is Gonna Come is on the PA. I wonder why they didn’t do an airline themed cover…A Change Fee is gonna come.
Webmention for WordPress 5.0 Released
On Tuesday, Matthias Pfefferle and I released Webmention for WordPress version 5. We started this project at the start of the pandemic…and it took a bit longer than we expected. It merges in the old Semantic Linkbacks plugin, rewrites large sections of code, and creates a better experience.
However, we have already received some feedback and are working on incorporating it into version 5.1…which won’t take 3 years to release. The goal is to fix some reported bugs, address some of the feedback, and more.
So, please, if you haven’t upgraded…do so, and give us feedback via Github.