- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Fri, 22 May 2020 15:03:09 +0900
- To: public-wot-wg@w3.org
available at:
https://www.w3.org/2020/05/11-wot-minutes.html
also as text below.
Thanks a lot for taking the minutes, Zoltan!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Scripting
11 May 2020
Attendees
Present
Cristiano_Aguzzi, Zoltan_Kis, Daniel_Peintner,
Tomoaki_Mizushima, Kaz_Ashimura
Regrets
Chair
Zoltan
Scribe
zkis
Contents
* [2]Topics
1. [3]Guest
2. [4]Prev minutes
3. [5]Issues/PRs
1. [6]Issue
https://github.com/w3c/wot-scripting-api/issues/2
14
2. [7]PR
https://github.com/w3c/wot-scripting-api/pull/209
3. [8]Issue
https://github.com/w3c/wot-scripting-api/issues/2
13
4. [9]Summary of Action Items
5. [10]Summary of Resolutions
_________________________________________________
<scribe> scribe: zkis
Guest
Kaz: for today's meeting Cristiano is an invited guest
<kaz>
[11]https://www.w3.org/Consortium/Patent-Policy-201708
01/
<kaz>
[12]https://www.w3.org/2003/12/22-pp-faq.html#non-part
icipants
[11] https://www.w3.org/Consortium/Patent-Policy-20170801/
[12] https://www.w3.org/2003/12/22-pp-faq.html#non-participants
Prev minutes
<zolkis>
[13]https://www.w3.org/2020/05/04-wot-minutes.html
Previous minutes approved.
[13] https://www.w3.org/2020/05/04-wot-minutes.html
Issues
Daniel: we need to discuss and plan about the virtual
F2F
... also about the plugfest
... maybe we can tackle the OAuth issue and some open
explorations
... created github label for issues marked with F2F
Zoltan: all F2F discussion topics should appear as
github issues
... we could also create a F2F label on node-wot as
well
* Issue [14]https://github.com/w3c/wot-scripting-api/issues/214
Cristiano: presents the issue
... the developer may want to control the flow for not
needing to redirect to an authorization page and then
back
... as solutions, we might want to leave it entirely
to the UA showing any dialog needed in the flow, or
provide an API
Zoltan: we have a MitM problem with the second
solution
... another option is to have a separate security
setup, by provisioning or separate API
... without the API implementation or the script
having access to the tokens/keys involved
... the servient stack needs to be security hardened
Daniel: agreed to first set up security
Cristiano: there might be multiple flows
<dape> DP: developer could launch security dummies
first. So it is in the hand of the developer
Zoltan: we might want a separate API entry point for
security setup (i.e. a separate require in node)
Cristiano: fine with that
Daniel: does it work with the API we have right now?
Cristiano: it does work, but we have 4 flows, of which
2 are implemented, so we need to check
Zoltan: the use case for OAuth was required by
Singapore?
Daniel: yes, they need that
Zoltan: then let's ask them which flows are needed
Daniel: 2 flows are implemented, we are discussing the
3rd (the code flow) and the 4th is deprecated
Zoltan: let's discuss this in the security call
... none of the options are ruled out, but would
prefer to stay consistent with browser APIs and solve
security issues outside the API if possible
[14] https://github.com/w3c/wot-scripting-api/issues/214
PR [15]https://github.com/w3c/wot-scripting-api/pull/209
Zoltan: presents the PR
... the API has not changed, only the algorithms
... is backwards compatible
Daniel: depending on protocol we might get different
data
Cristiano: what about streaming data?
Zoltan: we could use Fetch Standard (Response object),
it'a available both in the browser and Node
... we need to work more on that
... of course one could use Fetch at low level, but
this API tries to be a convenience API
Daniel: Siemens thinks this API is useful
Cristiano: agreed
Daniel: I plan to add the TypeScript definitions for
this PR
... so that we can explore with InteractionData
Zoltan: should we merge the PR for now?
Daniel: it's abckwards compatible, just extends, so
it's fine
... we can revert if needed
Zoltan: let's wait to see if there are any issues with
the TypeScript definitions
Daniel: ok, let's keep it open for a few more days
[15] https://github.com/w3c/wot-scripting-api/pull/209
Issue [16]https://github.com/w3c/wot-scripting-api/issues/213
Zoltan: optionally specify which lang and encoding to
request
... how does the TD handle this?
Daniel: yes we need to handle it at TD level
Cristiano: agreed
Zoltan: regardless how it is defined in TD we need to
expose it in Scripting
Cristiano: encoding can be handled by the content type
Zoltan: we also need to look into the Encoding
Standard and then come up with the best abstraction
[17]https://encoding.spec.whatwg.org/
<dape> Zoltan: Please read algorithms in
[18]https://pr-preview.s3.amazonaws.com/zolkis/wot-scr
ipting-api/pull/209.html#idl-index
Zoltan: CA please also review the PR
AOB?
[adjourned]
Summary of Action Items
Summary of Resolutions [End of minutes]
_________________________________________________
[16] https://github.com/w3c/wot-scripting-api/issues/213
[17] https://encoding.spec.whatwg.org/
[18] https://pr-preview.s3.amazonaws.com/zolkis/wot-scripting-api/pull/209.html#idl-index
Minutes manually created (not a transcript), formatted
by David Booth's [19]scribe.perl version 1.154
([20]CVS log)
$Date: 2020/05/18 11:20:06 $
[19] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[20] http://dev.w3.org/cvsweb/2002/scribe/
Received on Friday, 22 May 2020 06:02:40 UTC