Non-Blocking WoT Arch Response

Hi All,

As discussed on the call today, I’ve drafted a non-blocking PING comment for the WoT Arch document.  While our previous objections were over turned by the director, I think its still important to get the specific concerns on the record.

I’d appreciate any feedback others have on the below text.  If it turns out lots of edits are needed, I can move it into GH and we can collaboratively edit there.

Best,
Pete

Being Draft Response
---
PING is concerned about the Web of Things Architecture spec.  While this issue is not meant to block advancement, we'd like to register these concerns, in the hope that future specs from the Web of Things Working Group consider and address them.

First, we urge the WoT group to clearly delineate between which portion of specs are merely descriptive (i.e. describing what exists in practice today), and what is prescriptive (i.e. what future implementors should do). Clarity here will help PING better understand the privacy implications of the spec going forward.

Second, we urge the WoT group to group together documents with heavily-interrelated privacy aspects. For example, the Architecture document describes a great deal of how devices are expected to interact, but lacks precise details about how those interactions will be carried out, among which parties, carrying which values, and over what lifetime.  

While we appreciate that the WoT group expects more of these details to be fleshed out in future documents, PING worries that details specified in the Architecture document will constrain future decisions, and "lock in" privacy-negative aspects of the overall system being described. More generally, its difficult to impossible to assess the privacy aspects of large systems by looking at each piece in isolation. Going forward we urge the WG to more fully describe the entire proposed system(s), so that PING can better evaluate its overall privacy implications.

Received on Thursday, 19 December 2019 22:25:52 UTC