michielbdejong
commented
2 years ago Thinking about the following changes:
- addition of secure websockets protocol
- deprecation of insecure websockets protocol
- start rejecting clients that don't send
ath(see #151)
We can categorise servers as:
- supporting 0.8 clients (don't enforce
ath, accept insecure websockets, acceptsparql-updatePATCH) - additionally supporting 0.9.0 (additionally accept
text/n3PATCH) - additionally supporting 0.9.1 (additionally accept
text/n3PATCH and secure websockets) - config option exists for rejecting 0.8.0 while still supporting 0.9.0 + 0.9.1 (enforce
ath, no need to acceptsparql-updatePATCH anymore) - config option exists for rejecting 0.8.0 + 0.9.0 while still supporting 0.9.1 (enforce
ath, reject insecure websockets, no need to acceptsparql-updatePATCH anymore)
I think, off the top of my head, we have:
- solid-nextcloud: 1, 2, 3
- PSS: 1, 2
- NSS: 1, 2
- SCSS: 1, 2
- TrinPod: 1
In https://gitter.im/solid/test-suite?at=62c31be79a314a3ec429310a Tim said that "[t]he plan is that the next version 0.9.1 will have the Insecure WebSocket notifications deprecated and secure authenticated web socket notifications added."
As I understand it, that would be a breaking change for clients (old clients will stop being spec compliant because they can no longer rely on receiving Insecure WebSocket notifications from storage servers) and also for storage servers (old servers will stop being spec compliant because they don't implement the new protocol).
However, reading the text, there is are two sections,
The non-normative section seems to contradict the normative one. And note that this spec text has been published (on GitHub) but has not been released (with a version tag) yet by the spec-writing team, so the current version of Solid is "v0.9.0, moving towards v0.9.1".
So in this current phase, we should probably consider the old protocol as required and the new protocol as optional. Once the spec-writing team tag and publish v0.9.1, we can maybe just switch those around, reporting on the new protocol as required and on the old one as optional.