W3C home > Mailing lists > Public > public-wot-wg@w3.org > April 2017

Re: [scripting] management interface

From: Kis, Zoltan <zoltan.kis@intel.com>
Date: Wed, 12 Apr 2017 15:19:17 +0300
Message-ID: <CANrNqUd=aXBdkpon2J_G9ZFad5DKSx+2eiSiMWS72zuwGNBUWA@mail.gmail.com>
To: "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>
Cc: "Hund, Johannes" <johannes.hund@siemens.com>, Dave Raggett <dsr@w3.org>, Public Web of Things WG <public-wot-wg@w3.org>
On Tue, Apr 11, 2017 at 10:38 PM, Kovatsch, Matthias <
matthias.kovatsch@siemens.com> wrote:

> -        The management interface should be bound to a Thing managing a
> Servient. Its specification should come through standardized vocabulary
> describing the necessary Properties, Actions, and Events. It shall not be
> specified at the Scripting API level: this one is for the local API within
> a Thing and contracts with the Resource/Interaction Model from the top; you
> are talking about a remote API that involves protocols / messages going
> over the network, which is specified through the TD: Properties, Actions,
> Events. Furthermore, management features are not central for all types of
> Things. Thus, it should not be part of the common core. It fits much better
> to the application space, where features can be added etc. Interoperability
> is enabled through the standardized management vocabulary.
>
> At the Scripting API level we only have 2 methods: creating a Thing
> (described by a Thing Description) and modifying a Thing (Description). The
> Thing contract is described in the TD and in the registered request
> handlers, actions and event handlers, all of which is in the application
> space. So I don't see a conflict here. Actually I've been saying the same:
> instead of a dedicated management API we should use the Thing abstraction
> to solve the use cases.
>
> MK: But you are defining two functions that carry out network functions
> that are then outside the narrow waist of Properties, Actions, Events. You
> indirectly define a Thing through the function signatures.
>

That is incorrect, Things are created based on TDs, not based on function
signatures. This has been part of the Scripting API for long time. Also,
adding/removing properties, actions and events, and defining handlers. It's
there in the current practices and has been iterated over many plugfests.
https://w3c.github.io/wot/current-practices/wot-practices.html#createThing



> Even if the create() with a remote target and the “RemoteExposedThing”
> internally build on top Properties, Actions, Events, we blur our narrow
> waist.
>

"Narrow waist" is a term I keep hearing in different contexts, but don't
understand what do you mean in this context. Server API already has "narrow
waist".

In my understanding, the use case and purpose of WoT Scripting API is to be
able to use, define and manage Things with scripts.
Obviously, most methods in the Scripting API involve network functions that
are encapsulated by the WoT Runtime.
Obviously, scripts may affect local and remote WoT stacks - that's the
whole purpose of WoT scripting.
Obviously, server API implementations use local platform APIs that are
encapsulated by the server runtime (and interaction model), so they are
never exposed externally. There is nothing blurry there.

I do recognize that this proposal is a simplification of the existing model
and involves re-evaluating some of the pictures and statements in the
Architecture document. I think part of the problem is that there are
different assumptions at work now.
https://w3c.github.io/wot-architecture/
We need to do some alignment.
Johannes: I propose we discuss this on one of the next scripting calls.



> Why must this be part of the runtime standard? Where does it stop? We are
> creating a tight coupling between an orchestrating Thing and a managing
> Thing. The management interface exported over the network needs to be
> defined by a TD with a Thing management vocabulary identifying the
> Properties, Actions, and Events. Defining these function in the Scripting
> API basically says our model is bull and all we want well defined RPCs. It
> breaks the overall concept.
>

Again, scripts can discover, access, define and redefine/update Things.
This functionality is already there.
The scripts are run in a WoT Runtime, which is also a security enforcement
point.
There is no "RemoteExposedThing", just "ExposedThing".
We do not expose local platform APIs through the network.
The protocols underneath are encapsulated and owned by TDs and bindings.

In the client runtimes that don't have access rights to create things,
creation/deletion/update of TDs/Things will simply fail.
It is orders of magnitude simpler model than presenting a different
interface based on a combination of dynamically evaluated capabilities,
permissions and policies. Some WoT runtimes will be only able to
"orchestrate", some will be able to "manage" Things. These words reflect
capabilities. Capabilities should be provisioned and configured in an
orthogonal way from Scripting.

If we'd separate discovery + access in one API, and define+redefine in
another API, the API usage and implementation would not be simpler, just
different. I much prefer a flat API object where methods fail, rather than
presenting multiple interfaces. This has been the preference in Web
standards, as specs are much simpler, and algorithm definitions can
contain/handle the constraints.

I propose we discuss and clarify this in a call.

Also, I suggest reading and reviewing the proposed Scripting API and
rationale doc and discuss on the PR.
https://github.com/w3c/wot-scripting-api/pull/21
Rendered versions:
https://zolkis.github.io/wot-scripting-api/
https://github.com/zolkis/wot-scripting-api/blob/master/rationale.md#wot-runtime-applications-scripts-things


> The security, in particular access control, can be defined on the
> Interaction Model. This even allows more flexibility: more complex
> Servients can use more complex authorization mechanisms.
>

I agree on that, and it's been described in a compatible way in the
Scripting rationale doc.
BTW the interaction model is encapsulated by the WoT Runtime/Scripting API
and belongs to the bindings.
https://github.com/w3c/wot/tree/master/proposals/explicit-bindings
https://w3c.github.io/wot/proposals/explicit-bindings/abstract-transfer-layer.html


>
>
> You can use code modules to be imported if you are worried about writing
> the code that instantiates a Thing by using Properties, Actions, and Events
> of a remote Management Thing for every orchestrating application again and
> again.
>


Define code module, define import (what, to where, by whom).

In my understanding it is a developer choice whether to have a "management
thing" or a script that simply deploys a set of Things and updates another
set of Things for implementing a given use case.

The code written using the Scripting API will instantiate Things by using
Properties, Actions and Events on a local or a remote WoT Runtime.
What do you mean by the need to be done again and again, I don't get the
point there. It's either point to point, or point to multipoint
distribution and happens through the interaction model based on the
underlying protocols.

Also, I mentioned in the scripting rationale that deployment model (direct,
or repository) and its provisioning/configuration is orthogonal to the
Scripting API.

We should clarify the assumptions on architecture and provisioning vs
scripting.

Best regards,
Zoltan
Received on Wednesday, 12 April 2017 12:19:56 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 12 April 2017 12:19:57 UTC