IndieWebCamp March 6-13, 2015

This is an automatically-generated summary of the IndieWebCamp wiki edits from March 6-13, 2015

Table of Contents

New Pages

Changed Pages

New Pages


Created by on March 9

  • Mon, March 9 prompted by ben_thatmustbeme and dfn added by ben_thatmustbeme
  • Thu, March 12 starting a documentation of logstore
  • Thu, March 12 adding questions to work out as I think them up
  • Thu, March 12 /* Questions */
  • Thu, March 12 /* Questions */
  • Thu, March 12 /* Questions */

Logstore is an endpoint for storing and retrieving logs from an indieweb site. Web apps and native apps (e.g. iPhone, Android) can use Logstore to store chatroom messages or direct messages as well as recall that history to give context to messaging. It can also be used to store any dated log entries so that system logs and software logs can be stores as though the software or system is the author of the message.


IndieWeb Examples

Examples of IndieWeb sites that support the micropub API (in order of deployment).


Ben Roberts has started saving IRC chatroom logs directly to Postly as an initial test case.

How to implement

How to implement the Logstore API, both in a client that can discover an endpoint and publish to it, and on a server to support an endpoint to append/recall logs.

Endpoint Discovery

It should be possible to configure an API client by authenticating as your domain name using IndieAuth. After signing in, your domain needs a way to specify the API endpoint the client will use to create new posts.

Add a <link> tag in the HTML head of your home page, or send an HTTP Link header.

HTTP Header

Link: <>; rel="logstore"


<link rel="logstore" href="">


This is done exactly like Micropub#How_to_implement

HTTP Header

Authorization: Bearer XXXXXXXX

Form-Encoded Body Parameter



Ben Roberts uses the scope 'logs' for access read/write from the logstore endpoint.

Log Storage Format

Logs are stored as h-feeds with h-entries (each containing an author) in microformats

Getting List of Log Feeds

Making an HTTP GET request without an 'h=' option should return a list of feeds that can be accessed in the form...

    <a class="h-feed u-url" href="">

Remember to escape any Hash marks in the URL as they are needed for IRC room names.

Storing Log Entries

Making a POST request to the endpoint with


should store the log entry.

Add the values to be stored similar to Micropub

content=GWG not really on you?
published=2015-03-11 07:37:07

Recalling Log Feed

Making an HTTP GET request with 'h=feed' and 'url=' for the feed identifier

Example Log Feed

<div class="h-feed">
    <div class="h-entry">
        <time class="dt-published" datetime="2015-03-11 07:37:07">
            2015-03-11 07:37:07
        <span class="p-author h-card">
            <span class="p-nickname p-name">pfefferle</span>
        <span class="e-content p-name">GWG not really on you?</span>


This entire page is still under developement, and there are several pieces that still need to be worked out.

  • Should there be a difference in read and write scope?
  • Storing of direct messages should ideally be able to unify to an actual person. It would be nice to have a way to mark up on what method a message was delivered via.
  • Should the be a way to delete / clear logs?
  • There will need to be a method of paging when polling a log, or at least a method to say how much to limit to.
    • Barnaby Walters suggested [1] using next/prev markup and have an extra value of before= and a timestamp so they are permanent. I would recommend something like ls-before to follow the prefix idea of micropub (mp-xxxx).
  • Currently I am not logging chat entry/exit, there should probably be some markup for these.
  • Currently I am not logging actions, there should be some markup for this.
  • There should likely be a good way to store and recall a 'last-read' value for each feed so you can easily determine if there are any new messages.


Created by on March 10

CSRF or Cross-Site Request Forgery is an attack that OAuth and IndieAuth clients (relying parties) need to be aware of, wherein victims unknowingly follow a link to a relying party callback URL prepared by an attacker. This tricks the user to authenticate to the relying party with an account under the attacker's control and thus potentially leak private data to the attacker.

The most common prevention strategy involves generating a CSRF-token (state, nonce) storing it in the browser session, and passing it into the authorization endpoint. Then when receiving a callback from the authorization endpoint, relying parties can simply compare the token to the one stored in the session to confirm that the request originated at the authorization endpoint. [1]

In the context of IndieAuth, clients MUST use the state parameter for this purpose. The value MUST not be guessable by an attacker and MUST be verified on the callback.


See Also

Google Knowledge Graph

Created by on March 10

  • Tue, March 10 prompted by tantek
  • Tue, March 10 stub, bold dfn, expand a bit with tie to use in search results, linky, see also
  • Tue, March 10 dedup search from dfn

Google Knowledge Graph is an attempt by Google to provide summary information and context about anything, and in particular, displayed as part of a search result for a specific term or phrase. When Google's Knowledge Graph has information regarding a subject, it displays a knowledge box, such as the one below, showing information on the topic/individual.

Below is an example of of a Knowledge Graph box for an individual, retrieved 2015-03-09.


See Also


Created by on March 11

  • Wed, March 11 prompted by gRegor` and dfn added by gRegor`
  • Wed, March 11 real dfn

Spiderpig is a web crawler for archiving a website as static HTML files.


Created by on March 11

  • Wed, March 11 Created page with "<span class="h-card">{{sparkline|}}[[|Eric Drechsel]]</span>"
  • Wed, March 11

Eric Drechsel

three processes that all applications need

Created by on March 9

  • Mon, March 9 prompted by tantek and dfn added by tantek

three processes that all applications need is described by


Created by on March 10

Evan Prodromou


Created by on March 13

  • Fri, March 13 Created page with "[[|Ashton McAllan]]"

Ashton McAllan


Created by on March 11

  • Wed, March 11 prompted by KevinMarks_ and dfn added by KevinMarks_

WebID is

Created by on March 10

Evan Prodromou as of 2012 when he participated in IndieWebCamp 2012.


Created by on March 10

js;dr is JavaScript required; Didn’t Read. See also:

Changed Pages

2015/Germany/Guest List

4 edits by,,


4 edits by
  • Tue, March 10 Removing complete crap. We rejected a PR to the default theme so that we could add Microformats in *every single* theme:
  • Tue, March 10 Removing complete crap. was the first production Ghost blog in the entire world - it literally wasn't possible to "selfdogfood" anything before that site existed. This entire thing is incredibly poorly researched.
  • Tue, March 10 Removing more crap. See last edit.
  • Tue, March 10 Rewrote page with accurate information

WordPress Plugins

4 edits by,

preferred gender pronoun

3 edits by,


3 edits by,
  • Mon, March 9 cleaning up venue dupe labels, note quietish writing hour for SF, cleanout some comments for this meetup, possible topics: IWC Cambridge 2015 is next week!
  • Wed, March 11 /* RSVP */
  • Wed, March 11 /* Notes */

2 edits by

IRC People

2 edits by


2 edits by,
  • Tue, March 10 /* Software implementing the authorization endpoint spec */
  • Tue, March 10 /* Does the auth server have to support the state parameter */ linkify CSRF

2015/Cambridge/Guest List

2 edits by

WordPress Examples

2 edits by


2 edits by
  • Thu, March 12 Idea about pgp messaging /* Private, Transient, Async Messaging */
  • Thu, March 12 Adds a concrete example /* Possible Solution */


2 edits by
  • Fri, March 13 /* Porting to the IndieWeb */ Feed of others' activity on your repos for potential PESOS
  • Fri, March 13 /* IndieWeb Examples */ my modest manual methods


1 edits by
  • Mon, March 9 expanded itches guidance just a bit to encourage broader thinking of what "online" may mean, include personal digital devices when offline - another challenge for owning your data, and a step for things to get to your indieweb site

Getting Started on WordPress

1 edits by

1 edits by


1 edits by
  • Mon, March 9 /* APIs that support webhooks */ + Known

1 edits by
  • Mon, March 9 add an explicit itches section, based on experience 2015-065..067 camping off the grid with very minimal digital device usage


1 edits by
  • Mon, March 9 /* Pingback2hook */ redlinking [[webhooks]]


1 edits by


1 edits by
  • Mon, March 9 /* Self-Encoded Tokens */ clarify


1 edits by


1 edits by

Post Kinds Plugin

1 edits by


1 edits by


1 edits by
  • Wed, March 11 update to explicitly cover "IndieWebCamp spaces, online and off" discussed in IRC


1 edits by


1 edits by

WordPress Data

1 edits by


1 edits by


1 edits by


1 edits by
  • Tue, March 10 /* IndieWeb Examples */ use user templates


1 edits by


1 edits by