csarven
commented
1 year ago What's the security consideration for curl -H'Accept: application/ld+json' ...?
The spec has this requirement: https://solid.github.io/notifications/protocol#subscription-server-subscription-request-unprocessable-entity
If something stronger is required, e.g., products MUST NOT fetch context JSON-LD at the time of processing a request, we can say that.
Besides that, I'm not sure what duplicate of JSON-LD context in the spec provides as an out of band step for developers to get a hold of the context, when there is already an out of band step available by doing a GET to get the actual authoritative copy.
Given known security considerations with fetching remote JSON-LD context, it will be beneficial for implementers to have the full context available as an appendix in the spec.
Example in Solid-OIDC: https://solidproject.org/TR/oidc#full-jsonld-context