Time/Place

This meeting is a hybrid teleconference and slack chat. Anyone is welcome to join...here's the info:

Attendees

  1. Danny Bernstein
  2. Peter Eichman 
  3. Bethany Seeger (star)
  4. Jared Whiklo
  5. Andrew Woods
  6. Kevin Ford
  7. Ben Pennell 
  8. Aaron Birkland  


Agenda

  1. Announcements

  2. Sprint 2 Strategy and Goals
    1. Release candidate
      1. Vagrant
      2. Camel toolbox 
      3. java client
  3. Open questions: 

      1. 4 Integration tests in FedoraLdpIT are breaking due to a 500 Error.  
      2. The cause of the 500 is

         javax.jcr.RepositoryException: The session with an ID of '060742fc6' has been closed and can no longer be used.


      3. It appears to be an OSX 10.13.x issue :  Jared WhikloPeter Eichman, and Danny Bernstein have reproduced.
        1. Danny Bernstein confirmed It was not a problem for OSX 10.10.5
        2. Any ideas of how to solve it? 
      4. If we can't resolve it,  what are our options? 
        1. Leave the tests in place - and document the problem in the README.
        2. @Ignore  the tests until we can sort out the issue or it sorts itself out (OS fix)
        3. ?
    1. Data URIs in the constrainedBy link header
      1. https://github.com/fcrepo4/fcrepo4/commit/750426101de9330cafaa88838a3d694d1ef69580#diff-14e2f9192b9abd40557a43f9342f4481R44
      2. Proposal:  Remove and use standard URIs instead like we do with all other constraints.
    2. Prefer headers on Mementos:  https://github.com/fcrepo4/fcrepo4/pull/1420 
      1. Question1:  Should the original resource return  <> a ldp:Container and <> a ldp:RDFSource  when omitting server managed triples (currently these are being omitted in OriginalResource but not the Memento)
      2. Question2: How should fedora respond to requests to Prefer omit
        1. What would a use case for omitting server managed triples in memento?
        2. Proposal 1:  Mementos should behave like the original resource
            1. Rationale?
            2. Action:  based on the answer to Question1 either omit the ldp types from memento or add them to the original resource response
        3. Proposal 2:  Mementos should not respond to Prefer omit
            1. Rationale? 
        4. Proposal 3: ?
    3. All AuthZ tests assume literal agent values
      1. What is the best way to fix this problem?
  4. <your agenda item here>

  5. Please squash a bug!


  6. Tickets resolved this week:


  7. Tickets created this week:


Minutes

  1. Next sprint starts next week!

  2. Lots of work happened during the sprint - many CTS tests filled in.  Nice job!
  3. Sprint 2 Strategy and Goals
    1. Goal: get to the Release Candidate
      1. There are a number of tickets there that we know we want to address.  Priority on those first. 
      2. Setup Release Testing work - pages, testing that the process still works and address any issues seen.  
      3. Documentation
      4. Jared suggests focusing on the maybe 5 tickets that are bugs, leaving new features for later.  
        1. Suggestion of looking at all tickets to prioritize them. 
      5. Someone can look at fcrepo-camel-toolbox and java client to get an idea of what needs to be done there.  
    2. Secondary Goal: tool set.  Priority would be to update camel-toolbox and java client first, vagrant last (as it depends on the other things and may not be much more work to update). 
      1. Ben P. suggests documenting the changes that are needed to the fcrepo tool set: fcrepo-camel-tool box, java client. 
  4. Open questions: 

      1. Tests are old tests, but they only break on this branch based on new stuff Jared is doing in his PR. 
      2. Mac 10.10.5 doesn't show this error.   (10.10.3 = Yosemite)
      3. 4 tests failing in FedoraLDPIT tests.  Same 4 tests failing.  Something to do with setting text HTML in header - to return the web page. Maybe something to do with how Grizzy is working; may be a timing issue. 
      4. Peter E. Do we think this is a network/stack/socket communication problem?  Any leads on what's causing it? He's seen some weirdness in their batch loading clients in the network HTTP/TCP stack that weren't working in Mac OS High Sierra, but worked on Sierra. High Sierra may have broken some networking issues.   Danny B. suggests leaving it since it may be a Mac issue - but many of us use Mac OS's to build; we'd have to ignore those tests.  Can we do a conditional ignore on Mac OSX's?
      5. Jared suggests we try to look at this more.  In the test, in Velocity the SessionFactory and http servlet request is injected, using context...?.  Maybe something he's written there is not the best way to do this.  Info he's trying to get is that it needs to know if it is a memento and if it's versionable.   Maybe there's an easier/better way to get that data?
      6. One proposal – have someone look at it now
      7. Or make a ticket, put a conditional ignore on the tests, put some manual tests for this in the release plan, and keep moving forward, addressing this later. 
      8. Ben Pennell may take a short look at it. (He has a High Sierra mac)
    1. Data URIs in the constrainedBy link header
      1. Default response on malformed RDF is a Data URI in the constrained By link. We are not using data uris anywhere else.  You can't just easily read the response and see what's happening there.  
      2. No objection to changing that.  Danny B. will create a PR.
    2. Prefer headers on Mementos:  https://github.com/fcrepo4/fcrepo4/pull/1420
      1. Question1:  Should the original resource return  <> a ldp:Container and <> a ldp:RDFSource  when omitting server managed triples (currently these are being omitted in OriginalResource but not the Memento)
        1. The thought is that this is a new bug - that the original resource should return those two triples.  Danny B will create this ticket. 
        2. Danny B will create a documentation ticket for what the SMT's actually are. 
      2. Question2: How should fedora respond to requests to Prefer omit
        1. In theory they should be the same - that what you see with the original based on the representation request, should look the same in the memento. 
        2. Proposal 1:  Mementos should behave like the original resource
            1. We'd like to go with this. 
    3. All AuthZ tests assume literal agent values
      1. Danny believes we have some way to handle this. You can specify the baseURI for agents?  The actual logic is backwards from expected. It retains the comparison between the username from current user and the agent value - is still a string comparison of just the user name.  The BaseURI user webac uri prefix, its not being added to the principal from the container, but it is being stripped coming from the WebAC. Logically you end up comparing things in the correct sort of way. 
      2. Maybe the fix is to make sure that the values going into the ACL's are URIs.  Any of the agents that are being tested by the CTS should probably be URI's.  Then when running against fedora, we'd have to specify the agent base URI to start up the server with. 
      3. Need to start collecting a recipe of how to configure your fedora to run the CTS on it.   (external content setup, webac agent setup, etc)
      4. CTS is assuming HTTP basic auth; leaving out server certs, OAuth, etc.. What should we support?  What does the Fedora API have to say about how it get a user name from the request? Is anything specified for that?
      5. WebID passed in the header? WebID TLS - auth using WebID – Solid spec mentions this by name. https://github.com/solid/solid-spec#webid-tls
      6. Maybe create an issue for this and address it during the upcoming sprint. 
      7. Solid spec mention WebID and WebID TLS, but don't seem to be musts. 
      8. Question of what are we assuming about WebID based on what Solid requires?
      9. Zimeon raised a point about users and names and we should check in with him
      10. All of CTS assumes basic auth but some systems may not be using basic auth. Would be hard to cover testing all auth systems.  We could work with folks implementing the spec and see what they are using. 
      11. Aaron Birkland mentioned CLAW and JWT's - solution was to have the system hand off a http client off to APIX, which does all the JWT stuff.  We could add an authentication interface for the CTS  in order to delegate authentication to the implementation. The tradeoff – Fedora implementors will  have to implement the interface.   However, this approach might be more practical than trying to support specific systems folks are using. 

Future Agenda Topics: