Server Description

[csarven]

Background: there are a wide-range of use cases that needs to get a hold of authoritative information about the server. To date, there is no uniform way for agents and applications to find all information about a server.

General use case:
Find authoritative information about a server.

Use cases:

• Guinan wants to read the description of the server and understand its purpose.
• Janeway wants to find the server's policies to review its data privacy and pledge for resource persistence.
• Uhura wants to check the server's communication options in order to use a preferred notification protocol.
• Seven of Nine wants to determine a suitable location to keep astrometric data from the server's available storages.
• Picard wants to find the server's contact information to request a diplomatic meeting about security audits.
• Torres wants her devices to use server's URI templates when naming particular kinds of resources.

There are many others.. which may be low-priority or already have existing standards, but could be captured in this data nevertheless, e.g., sitemap, Web syndication, robots control.

General requirement:
Discovery mechanism and data model to express authoritative information about the server.

Specific requirement:

• Server advertises the location of the authoritative information.
• Server generates the authoritative information.
• Server controls the authoritative information.

Considerations:

• Accommodating various use cases that needs to get a hold of authoritative information about the server.
• Should the authoritative information about the server be publicly discoverable?
• Should the authoritative information about the server be publicly readable or access controlled?
• Can specific class of agents (e.g., owners) claim/update authoritative information about the server?
• Should the authoritative information about the server be discoverable from root path, storage, any resource, and/or somewhere else?
• Caching.

Related issues (sample):

• Creation of Memento resources #61
• Proposal: server-protected metadata #65
• Decide on a method of recording the creator of a resource #66
• Addressing data cascading #151 (comment)
• Specifying a registration endpoint for the Pod Provider #152
• Need clear specifications of POD access and usage controls #180
• Guidelines for publishing, discovering and using URI Persistence policies #206
• Self-Sovereign Identity Model Principles: Identifier and Identity Data Usage Licensing #222
• Specify container description #227
• Should the server always advertise the owner link relation? #266
• API to download/export account data #286
• Discovery of storage #310
• Why does notification negotiation happen through an endpoint rather than in a resource-oriented way? notifications#14

Notes:
The authoritative information about the server would be a specialisation of #authoritative-information in #352 .

[csarven]

• Web Host Metadata: https://datatracker.ietf.org/doc/html/rfc6415 "describes a method for locating host metadata as well as information about individual resources controlled by the host." This may be limited re XML-based schema for the description, and the lrdd relation type for resource-specific information doesn't cover the server-wide authoritative information.
• Responses to the OPTIONS method are not cacheable.
• .well-known/solid requires: IANA hop; Solid server to 1) have storage at / and 2) update/control /.well-known/solid. The Solid Protocol has no requirement on Solid server or any Storage to be deployed at /, so well-known URI is probably a no go. Same as reusing /.well-known/host-meta (RFC 6415) besides the limits on structure and resource type.
• Using the Link header with http://www.w3.org/ns/solid/terms#serverDescription (for example) relation type targeting an RDF document may be most suitable and aligned with current methods of discovery+description in the Solid Protocol and elsewhere.

[ThisIsMissEm]

.well-known/solid requires: IANA hop; Solid server to 1) have storage at / and 2) update/control /.well-known/solid. The Solid Protocol has no requirement on Solid server or any Storage to be deployed at /, so well-known URI is probably a no go. Same as reusing /.well-known/host-meta (RFC 6415) besides the limits on structure and resource type.

It might be worth noting that keycloak stores it's /.well-known path at a nested level, so there is precedent for that (even if it's not strictly correct / useful according to spec)

[langsamu]

It might be worth noting that keycloak stores it's /.well-known path at a nested level

So does Cognito. Not that I think it's nice.

[acoburn]

Cognito and KeyCloak are following the OpenID spec requirement. There, the .well-known path starts not (necessarily) at the root of the server, rather it is appended to the issuer URL.

The OpenID examples are somewhat orthogonal to this discussion, though it does point to the possibility that a specification could define a discovery mechanism such that a .well-known resource is not strictly based on the root of the server. That said, the link header approach is arguably much more in line with linked data (follow-your-nose) principles than a .well-known that is discoverable only via familiarity with an external specification document.

[langsamu]

SPARQL Service Description is interesting:

SPARQL services made available via the SPARQL Protocol should return a service description document at the service endpoint when dereferenced using the HTTP GET operation without any query parameter strings provided.

-- https://www.w3.org/TR/sparql11-service-description/#accessing

One solution to this is the following.

Redirect to a Service Description without parameters:

$ curl -i https://api.parliament.uk/sparql
HTTP/1.1 302 Found
Location: https://api.parliament.uk/sparql/description

Execute query with parameters:

$ curl https://api.parliament.uk/sparql?query=SELECT+*+%7B%3Fs+%3Fp+%3Fo%7D+LIMIT+1
s,p,o
http://www.w3.org/1999/02/22-rdf-syntax-ns#type,http://www.w3.org/1999/02/22-rdf-syntax-ns#type,http://www.w3.org/1999/02/22-rdf-syntax-ns#Property

Serve a UI to browsers:

$ curl -i https://api.parliament.uk/sparql -H "Accept: text/html"
HTTP/1.1 200 OK
Content-Type: text/html

<!DOCTYPE html> ...

[ThisIsMissEm]

Cognito and KeyCloak are following the OpenID spec requirement. There, the .well-known path starts not (necessarily) at the root of the server, rather it is appended to the issuer URL.

The OpenID examples are somewhat orthogonal to this discussion, though it does point to the possibility that a specification could define a discovery mechanism such that a .well-known resource is not strictly based on the root of the server. That said, the link header approach is arguably much more in line with linked data (follow-your-nose) principles than a .well-known that is discoverable only via familiarity with an external specification document.

Yeah, I'd be inclined to agree: a standard Link header for server-info is probably a better idea (though it does increase all response sizes, as I'd assume that header would be present on all responses (or at least all GET/HEAD/OPTIONS)

Though we could perhaps also make the .well-known for Solid be in turtle or another linked data format, instead of JSON or text.

[kjetilk]

I used to be a fan of OPTIONS * until @csarven pointed out it is not cachable... Hmpf, if anything should be cachable, this is information that would rarely change and where it is highly likely that server admins could look ahead and set a long max-age. :-(

I also think that .well-known is a bad design, exactly for the reason that @acoburn mentions, it requires out-of-band information, and we should have a mechanism that you only need one piece of spec knowledge (not a piece of knowledge from every spec), and everything else should be discoverable from there, like OPTIONS * could have been. I'm not sure that it is a show-stopper for .well-known that a Solid server doesn't cover /.well-known as it (alas) has become so prevalent that underlying servers, accommodates for it to be manageable by application servers (which a Solid server would be in that context).

I became wary of big default headers in my IoT days, as I saw too many instances of headers that provided little value but made big messages. LoRaWAN is an example of a protocol stack that back in that day became utterly unscalable because of this. So, yes, I wouldn't want that either, I'd prefer a solution where a small number of resources, preferably only one, needed this kind of information.

I'd like to reiterate the point I made in my only comment to notifications work, that we should be careful to name stuff that infringes on the authority of a storage (being roughly the same as a "pod", but I use the term storage, since that is what is specified) to control its URI space. This seems to turn into two distinct classes of things though: Those things that are within the URI space controlled by a storage and those that aren't. Those things that are within the space controlled by a storage should be discovered by interrogating the storage, but that leaves us with the requirement that storages must be really easy to discover, which they aren't now (#310). There should be a list of storages hosted by a server somewhere.

For the things that shouldn't be under the control of a storage, we also just require a list of those things, pointing to resources where they describe themselves in further detail.

Perhaps we could go back to OPTIONS *... The response to OPTIONS * could just be pointers to those two lists, one list of storages, and one list of non-storage-bound descriptions. We could probably live with that those two pointers being non-cachable. If the list is large enough, it really needs to be cachable, and so it would need to be a resource that can be GET.

For servers that host a single storage (or small number), we could probably live with that being non-cachable too, so in that case, it should be OK for OPTIONS * to list whatever it finds, so the semantics need to be clear on the case where either or both lists have been obtained by just OPTIONS * and when a client needs to GET more resources.

In principle, we could also let OPTIONS * just point to .well-known resources to satisfy both REST purists like myself and the more pragmatic people who like tend to look it up in a spec.

[csarven]

The Solid Protocol needs to be clear on whether all server instances can respond to OPTIONS *. I've created #356 to have a concrete response. My understanding of the current state of the specification and implementations is that a server may not be configured to respond to the asterisk-form, i.e., is the request ever reaching a Solid server? This is separate from whether the server has the capability.

[csarven]

I wonder if we should first focus on finding storage metadata - the use cases may even be more meaningful. We may still need server metadata, in order to, for example, to find available storages.