Something like this? CC nostr:nprofile1qqsypwwgtll74lqu4huvxzjwtjyxvrlkujt35rw8y026ke6ttesmg5gpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7qg5waehxw309amk7apwdehhxarj9ehx2ap0dxsk92
Discussion
Yes, but make all the interface available via Nostr calls so that any client can operate the service without having to go to the service's website.
For instance, an Amethyst user should be able to sign up for an account and/or call "Recompute my web of trust" from the client.
Than any WoT provider can follow the interface and on Amethyst we can just make a screen to pick a provider just like users pick a wallet provider today.
That's already possible, it's the whole idea behind CVM and Relatr. You can easily integrate it into any Nostr client without needing a service website. All you have to do is call the service using its pubkey and perform a search or look up an individual pubkey. So, if a Nostr client integrates this feature, users could specify their own instance for a personalized Web of Trust computation, or use the default Relatr service, or any other public instance. The only difference is the pubkey of the service. I've already heard from people who are implementing it in their clients.
Is the interface specified as a NIP so that any other WoT project can just follow? That's the point of making a WoT connect :)
The entire specification is outside of the nips repository. What's the point? nips are a mess. Everything a developer could need to work with CVM is available at https://docs.contextvm.org/ But in summary each CVM server self-describes its API using JSON schema. We are also working on a 'common schema' specification so that services can adhere to a common schema. For example, Relatr could define a common schema that other instances of it or other services can use to be interoperable, as they would have the same API.
My understanding of relatr, and correct me if I’m wrong, is that the client integrates relatr, and scores are calculated by the client. We’re envisioning that the scores are calculated by a WoT Service Provider independently of clients, then communicated to clients using Trusted Assertions or some other method, with the rationale spelled out below.
btw I would love to see someone use relatr as the core engine of a WoT Service Provider.
nostr:naddr1qq08xetsv9exzarfdahz6mmx9468yatnwskkzmny943kc6t9de6qz9nhwden5te0v4jx2m3wdehhxarj9ekxzmny9uq3wamnwvaz7tmjv4kxz7fwwpexjmtpdshxuet59upzpef89h53f0fsza2ugwdc3e54nfpun5nxfqclpy79r6w8nxsk5yp0qvzqqqr4guk3j94u
Hey! Not exactly. Nothing is computed client side, the client simply makes a call to a Relatr server. The server computes the trust score based on social graph distance and custom validations. So yes, the scores are calculated by the service provider independently of clients . As we discussed a few days ago, we are considering adding trusted assertions to the mix. This way, a client can choose to either fetch published trusted assertions, call the server, or do both depending on it's needs
Ah yes, that makes sense. The communication between client and relatr server is performed via a model context protocol API, correct? Is there a document with the MCP API spec, and would it work to turn it into a NIP? If I understand correctly (and again, correct me if I’m wrong) you’ve designed it so the communication is done under the hood, meaning the dev doesn’t have to know how the API works, and this is to make life as easy as possible for the dev who wants to implement relatr. So Vitor’s idea is this: what if I want my users to have the option to redirect their API from Alice’s relatr server to Bob’s relatr server to some other WoT Service Provider that’s not necessarily relatr (maybe it’s Brainstorm, maybe it’s Vertex, maybe some other WoT SP)?
The challenge would be to make a generic API that supports multiple WoT Service Providers that may or may not calculate the same metrics in the same formats. Trusted Assertions handles this challenge well, and a WoT API should be able to do the same.
What do you think? Can your MCP API spec be morphed into a Nostr WoT Connect NIP?
Yes, but the cool part is to specify the API so that any WoT that is not based on the Relatr codebase can also be used. We can do it blossom style or nostr wallet connect style. Either way, we will need something defined to avoid clients having to hard code each WoT implementation out there.
Yes, I agree. That's the reason behind the concept of 'common schemas' for CVM, so different servers can adhere to the same canonical schema. When integrating it with a client, if we use CVM, the user would only need to provide the public key of the server they want to use, or fall back to a default instance, that's it, we could use nprofiles to provide relay hints.
The current methods of the Relatr API are basically two: one is a pubkey lookup, which takes a target public key as a parameter, and the other is a search, which takes a query as a parameter. These methods have other optional parameters, but there is no need to define them unless you want to tweak.
On the other hand, I was thinking about using trust assertions in Relatr and publish scores once they are computed. In this case, a client could choose to simply fetch the trust assertion. However, this approach would be limited if it cannot find specific public keys. In that case, a call to a server would be required to get the score for the missing trust assertion
We envision that the ecosystem will require multiple methods to communicate metrics from WoT Service Providers to clients. Trusted Assertions is one. An API like what the two of you are discussing is another. I’d LOVE to see the two of you (and others) hammer out the details of a NIP for this. And the sooner the better, so teams can follow the NIP for the #wotathon !
What shall we call this NIP? How about Nostr WoT Connect? Its purpose will be so that users can control their settings and preferences at WoT Service Providers to which they are subscribed. It could even be used to sign up as a new customer for a SP. Clients like Amethyst could build the front end and support as much or as little of the NIP as they desire: initial sign up, modify their kind 10040 note (Trusted Assertions settings), change parameters for any given supported algo, etc.
Publishing trusted assertions would be great because we can cache them on the client in the same way we cache everything else and use Nostr REQ requests to see if updates are available as users navigate.
All clients do that already for Kind 0 (to get user's name/picture). It is very easy to just add a new kind to that same request and get the scores as well. And since these are replaceables, they update only when needed (when the score actually changes, which is rare) and the EOSE can be used to only request for changes since the last event, avoiding the data use of downloading the info for the same user over and over again because we don't know if they have changed or not in the server via other methods.
I will be adding them to Amethyst next, so if you publish it, let me know because I just need to allow users to set up the WoT trusted provider to your pubkey and then they will see the scores in their interface.
The search interface needs an API, though. So, we might need to define the inputs and outputs in a NIP. This could be via http calls, like how blossom does, via DVMs or via NIP-50 itself (user auths and sends a search that uses the WoT of the authed user).
Yes, that sounds great! I think that trusted assertions and a DVM-like API (using CVM) would be sufficient for a wide range of use cases. Trusted assertions alone wouldn't be enough for the case I mentioned earlier, where you encounter a user who doesn't have any assertion attached. To get the score in such cases, you would need to call a service requesting the score for that specific user who doesn't have any assertion attached.
The search interface API we already have in Relatr is quite straightforward. It is specifically designed to be unopinionated, just a required 'query' parameter, which is a string. There are other parameters, but they are totally optional.
Regarding the interface for the API, yes, it can be exposed in different ways. I like what Profilestr is doing by exposing a REST API and leveraging different WoT providers under the hood, currently Vertex and Relatr. In the case of Relatr, it is designed for CVM, which already provides all the primitives for authentication and other requirements for a solid user/service interaction
Ohh so, you don't build the graph for everybody? You just compute assertions for users my user is requesting or has requested? That could take some time to do it on the fly.. why not just compute everything?
I assume you need the graph to compute wot for others that follow me (follows of follows) but I might be misunderstanding something.
The way Relatr implements this is as follows: on the first server run, it takes the source public key defined in the config and the configured hops. It then starts scraping relays to obtain follow lists. Once all contact lists for the defined hops are scraped, it builds the social graph (currently using Martti Malmi's library). After that, it begins to compute the defined validations. Once this process is finished, the system is ready.
At this point, if someone requests the trust score for a public key not in the graph, Relatr fetches the contact list, performs validations, and returns the computed trust score. This new public key is then added to the social graph, and the validations are cached, so this is just done once. Relatr does not attempt to build a global graph, however, you can define as many hops as you want to get a more complete picture. Even in this case, there will be instances where new public keys appear, and you'll need to compute the trust for them.
I hope this clarifies the process
Interesting. It's weird to load a key that has no connection to the graph. Meaning that if it wasn't computed on start, then nobody in the extended user's follow (recursive) follows this key. Which means the score should be zero, no?
When you get a new key to compute, how do you find connections to the existing graph of users to appropriately score it?
Yes, it's weird, but there are still existing cases where this would happen, such as new users with new public keys that were not present when the social graph was created. To compute new keys, the process is to first get their contact list, add it to the graph, recalculate distances, and then, if the key is reachable because it has some connection in the graph, calculate the validations.