- From: L. David Baron <notifications@github.com>
- Date: Mon, 24 Jun 2019 17:21:11 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/355/505228840@github.com>
My biggest concern here is probably around the tradeoff (alluded to [above](https://github.com/w3ctag/design-reviews/issues/355#issuecomment-491101782)) between good interoperability versus complete coverage of existing devices. It seems like this set of specifications has built an architecture that falls far to one side of this tradeoff: it's chosen a complicated binding mechanism that requires plugfests to get implementations to interoperate with each other, and allows a wide range of binding layers some of which don't have solid specifications defining their URI schemes in an interoperable way or other obstacles to a clear path to interoperability. (This is the major point where the [alternative Mozilla proposal](https://iot.mozilla.org/wot/) takes a different approach; for each property, action, or event described, instead of the [`forms`](https://w3c.github.io/wot-thing-description/#interactionaffordance) in the W3C Thing Description that allows many ways to connect to the thing for which the group has documented a number of binding templates, the Mozilla proposal describes [`links`](https://iot.mozilla.org/wot/#property-object) that must correspond to a much more fixed [REST API](https://iot.mozilla.org/wot/#web-thing-rest-api) or [WebSocket API](https://iot.mozilla.org/wot/#web-thing-websocket-api).) Another concern here is the references to the scripting API which appears to be optional and (as I understand it) lacks implementor interest. It seems like if it's not going to become a part of the architecture, it would be better to acknowledge that reality. I'm also concerned that [the architecture overview](https://w3c.github.io/wot-architecture/#sec-architecture-overview) says "The format can be processed either through classic JSON libraries or a JSON-LD processor": is this defined in a way such that both types of processing will yield the same results in all cases? If not, what leads to interoperability? A few other notes: * The [definition of privacy](https://w3c.github.io/wot-architecture/#dfn-privacy) (currently "The system should maintain the confidentiality of Personally Identifiable Information.") given seems far weaker than it should be. A better definition seems like it should consider concerns over information that is not (on its own) PII, and should consider the risks of sharing information even when it is kept confidential. It may be preferable to link to an existing definition elsewhere rather than writing your own. * Likewise, the [definition of security](https://w3c.github.io/wot-architecture/#dfn-security) (currently "The system should preserve its integrity and functionality even when subject to attack.") appears (although it's a bit unclear) not to include revealing private information as a failure of security. * The references section omits the names of authors for a number of the references that should have them. (This seems most important for the ones that don't have URLs.) Also a few thoughts on the [security and privacy considerations](https://w3c.github.io/wot-architecture/#sec-security-considerations) which I've reviewed somewhat quickly: * The idea that thing descriptions shouldn't carry identifying information seems over-optimistic to me. It seems like (at least from the perspective of smart home use cases) thing descriptions are likely to have a significant amount of sensitive and identifiable information (although it might not be initially obvious how the information is sensitive), and systems need to be designed appropriately. * The opening sentences of the [section on software update](https://w3c.github.io/wot-architecture/#sec-security-consideration-update-provisioning) (before the "Mitigation:") appear to suggest that avoiding having a software update system at all would be the best mitigation. While it's absolutely true that designing a secure software update system must be done carefully, experience has shown that having prompt software update to mitigate security vulnerabilities is essential for internet-connected devices, and (see [The evergreen Web](https://www.w3.org/2001/tag/doc/evergreen-web/) finding) essential for the progress of the Web. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/355#issuecomment-505228840
Received on Tuesday, 25 June 2019 00:21:33 UTC