Re: WebIDL for Thing API

Thx Claes for the feedback,  Please find my comments inline.

Thx
Louay
On 16 Dec 2015, at 14:57, Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com<mailto:Claes1.Nilsson@sonymobile.com>> wrote:

Hi Louay,

Thanks for this API. My comments follow below:



·        dictionary ThingFilter {

    attribute DOMString? type;

    attribute ThingProximity? proximity;

    attribute DOMString? id;

    attribute DOMString? server;

};

So this is the address, URL, of a server containing a directory of "things", e.g. an IETF CoRE Resource Directory?

Yes server is the address of the directory where to search for things. We may need additional information to the end-point url like you mentioned below regarding security/privacy. If you have any recommendation please let me know.


·        Looking at security/privacy and access authorization aspects of this API is the assumption that the web application or server application (e.g. node.js) already has been authorized to access the “thing”. If not, is it assumed that, after a thing has been discovered, that an authorization session with e.g. OAuth will be executed before the web app is allowed to access the thing?

Security/Privacy is not considered yet in the current API. We need input/feedback from the Security/Privacy Task force.



Best regards

  Claes


From: Bassbouss, Louay [mailto:louay.bassbouss@fokus.fraunhofer.de]
Sent: den 14 december 2015 13:27
To: public-wot-ig@w3.org<mailto:public-wot-ig@w3.org>
Subject: WebIDL for Thing API

Dear group members,

I just submitted the initial WebIDL draft of the Thing API [1] I demonstrated @TPAC in sapporo. It considers also feedback I received from some of you. It is just a draft to start with. Can we put an Agenda item to discuss it in the next phone call.

Regards,
Louay

[1]: https://github.com/w3c/wot/blob/master/TF-AP/thing-api/thing-api-webidl.md