Solid WebPushChannel2023

Draft Community Group Report,

More details about this document
This version:
https://solid.github.io/notifications/webpush-channel-2023
Issue Tracking:
GitHub
Editors:
Christoph Braun
elf Pavlik
Version:
0.1

Copyright © 2024 the Contributors to the Solid WebPushChannel2023, published by the Solid Community Group under the W3C Community Contributor License Agreement (CLA). A human-readable summary is available.

Abstract

The Solid Notifications Protocol defines a set of interaction patterns for agents to establish subscriptions to resources in a Solid Storage.

This specification defines a subscription type that applies these patterns to the Push API.

Status of this document

This report was published by the Solid Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

This draft is based on a submission for Web Push Notifications from Solid Pods.

1. Introduction

This section is non-normative.

The Solid Notifications Protocol describes a general pattern by which agents can be notified when a Solid Resource changes.

This document describes a Solid Notifications subscription type that makes use of the Push API for Web Push notifications in Progressive Web Applications (PWAs).

This specification is for:

1.1. Terminology

This section is non-normative.

solid/notifications/62:bike: shed: Use `object` (closely aligned with AS) instead of `topic` to receive notifications about a resource

Note: Let the predicate topic be an rdfs:subClassOf of as:object?

This document uses terms from the following specifications, as listed:

This document additionally uses the following terms, as defined below:

browser messaging service

Refers to the implementation of a "push service" [PUSH-API] in a browser.

1.2. Overview

The following diagram shows the high-level interactions involved in this flow. How a client retrieves an access token is outside the scope of this document.

Solid WebPushChannel2023 Flow

2. WebPushChannel2023 Type

This specification defines the WebPushChannel2023 type for use with Solid Notifications. The URI of the subscription type is <http://www.w3.org/ns/solid/notification#WebPushChannel2023>.

A WebPushChannel2023 MUST conform to the Solid Notifications Protocol.

A WebPushChannel2023 SHOULD support the Solid Notifications Features.

Note: Let the class WebPushChannel2023 be an rdfs:subClassOf of as:Follow?

The WebPushChannel2023 type defines the following properties:

vapidPublicKey

The vapidPublicKey property indicates the notification server’s public key as defined by [RFC8292], which can be used by the client for the Voluntary Application Server Identification (VAPID).

sendTo

The sendTo property indicates the "Push Endpoint" as defined in the [PUSH-API] specification.

keys

The keys property indicates a "cryptographic keys object" that has the properties of auth and p256dh.

auth

The auth property indicates the "authentication secret" as defined in the [RFC8291] specifications.

p256dh

The p256dh property indicates the elliptic curve Diffie-Hellman (ECDH) public key as defined by [RFC8291].

Note: Let the predicate push:endpoint be an rdfs:subClassOf of notify:sendTo?

2.1. Subscription Example

This section is non-normative.

An example POST request using a DPoP bound access token is below:

POST /subscribe/
Authorization: DPoP <token>
DPoP: <proof>
Content-Type: text/turtle

@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix as: <https://www.w3.org/ns/activitystreams#> .
@prefix push: <https://purl.org/solid-web-push/vocab#> .
@prefix notify: <https://www.w3.org/ns/solid/notification#> .

<>  a notify:WebPushChannel2023;
    notify:topic <https://uvdsl.solid.aifb.kit.edu/inbox/>;
    notify:sendTo <https://fcm.googleapis.com/fcm/send/ezblK6NIv80:APA91bHrjqImGaqs5-kcIZ_zO72HVDHGfnrzi9xwJvSsHD3qu4js1nQfHvcjf1Fjgo3mpxBqMkFcqPdiaRPFXnYSkEf9yz78m9FFBaWzwIvmaQ8M1-2vxaAO3S-ha2jf7ALLqRP92Y9z>;
    push:keys   [
        push:auth "Z51Yn6DRglyzR6SpDYHkqw"^^xsd:base64Binary;
        push:p256dh "BNocq-WqQufNxY5NtFWz-ckbLoCprrHT74ALR-DXcpCoKmqV2cVflQ6ibyas-vJBMWMLeSDPdRBbJhcc0lDmJ5g"^^xsd:base64Binary
    ] .

Example: POST request creating a WebPushChannel2023.

Note: TODO check data types of auth and p256dh.

A successful response will have a HTTP status code of 201 Created and full notification channel description in the body.

The Subscription Service, in our example /subscribe/, where the POST request is submitted to:

@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>.
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>.
@prefix dc: <http://purl.org/dc/terms/>.
@prefix xsd: <http://www.w3.org/2001/XMLSchema#>.
@prefix as: <https://www.w3.org/ns/activitystreams#>.
@prefix ldp: <http://www.w3.org/ns/ldp#>.
@prefix push: <https://purl.org/solid-web-push/vocab#>.
            
<#web-push> a notify:SubscriptionService;
    as:name "Solid Web Push"@en;
    rdfs:label "Solid Web Push Service"@en;
    notify:channelType notify:WebPushChannel2023;
    push:vapidPublicKey "BAOxV1U1Hj5npToInct2VhhYpJkL0GmHqc-ADbHu7O8Z2CJNkqSzc8BfCStWbTKq_yT9B6g6kYjyEHrAEpVuqww"^^xsd:base64Binary.

Example: Representation of a subscription service.

For Unsubscription,

solid/notifications/145Define unsubscribing

3. Authentication and Authorization

As described by the Solid Notifications Protocol section on Authorization, the WebPush subscription API requires authorization and follows the guidance of the Solid Protocol sections on Authentication and Authorization [SOLID-PROTOCOL].

It is beyond the scope of this document to describe how a client fetches an access token. Solid-OIDC is one example of an authentication mechanism that could be used with Solid Notifications [SOLID-OIDC].

Conformance

Document conventions

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

References

Normative References

[OAUTH-2.0]
D. Hardt. The OAuth 2.0 Authorization Framework. URL: https://www.ietf.org/rfc/rfc6749.txt
[PUSH-API]
Peter Beverloo; Martin Thomson. Push API. URL: https://www.w3.org/TR/push-api/
[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc2119
[RFC8291]
M. Thomson. Message Encryption for Web Push. URL: https://www.ietf.org/rfc/rfc8291.txt
[RFC8292]
M. Thomson; P. Beverloo. Voluntary Application Server Identification (VAPID) for Web Push. URL: https://www.ietf.org/rfc/rfc8292.txt
[SOLID-NOTIFICATIONS]
Aaron Coburn; Sarven Capadisli. Solid Notifications Protocol. URL: https://solid.github.io/notifications/protocol
[SOLID-OIDC]
Aaron Coburn; elf Pavlik; Dmitri Zagidulin. Solid-OIDC. URL: https://solid.github.io/solid-oidc
[SOLID-PROTOCOL]
Sarven Capadisli; et al. Solid Protocol. URL: https://solidproject.org/TR/protocol
[WEBARCH]
Ian Jacobs; Norman Walsh. Architecture of the World Wide Web, Volume One. URL: https://www.w3.org/TR/webarch/