- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 26 Apr 2021 20:33:54 +0900
- To: public-wot-wg@w3.org
available at:
https://www.w3.org/2021/02/22-wot-discovery-minutes.html
also as text below.
Thanks a lot for taking the minutes, Cristiano and Christian!
Kazuyuki
---
[1]W3C
[1] https://www.w3.org/
WoT Discovery
22 February 2021
[2]Agenda. [3]IRC log.
[2] https://www.w3.org/WoT/IG/wiki/WG_WoT_Discovery_WebConf#22_February_2021
[3] https://www.w3.org/2021/02/22-wot-discovery-irc
Attendees
Present
Andrea_Cimmino, Christian_Glomb, Cristiano_Aguzzi,
David_Ezell, Farshid_Tavakolizadeh, Jack_Dickinson,
Kaz_Ashimura, Kunihiko_Toumura, Michael_McCool,
Philipp_Blum, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
cris_, glomb
Contents
1. [4]minutes
2. [5]logistics
3. [6]F2F topics
4. [7]PR 121
5. [8]PR 113
6. [9]Issue 16 - Handle huge set of Thing Descriptions
(pagination, streaming, etc.)
Meeting minutes
minutes
<kaz> [10]Feb-15
[10] https://www.w3.org/2021/02/15-wot-discovery-minutes.html
McCool: We discussed the F2F, today we'll review it again
… pr 115 is ready.
… we need to discuss how to filter self-discovered TD. In other
words how we can select pieces or the self-exposed TD
… We also discussed about error responses. I reported back to
TD taskforce and we concluded that the additionalResponses
needs a mechanisms to state a dataschema
… I've found a possible typo in the name, michael. Plus I am
not sure if it refers to Koster or to my self
Kaz: it should be him
McCool: to the scribers please use the surname
Kaz: Well, just checked. Last time Koster was not in the call
Philipp: I recall that he joined later
Kaz: not sure..
McCool: let's assume it was me
McCool: I'm finding more typos in names.
Kaz: fixed
McCool: any other major problems?
… ok, any objection for publishing these?
… ok approved.
McCool: any updates?
logistics
McCool: we have a lot of work to do for the F2F, so it might be
worth to have the call even during the PlugFest
… if we end close the discussion today for pagination we could
skip it
… however I don't think the PR is properly ready. We'll need an
hour during the PlugFest. Any objection?
… ok then we'll have 1h meeting during the plug fest
F2F topics
McCool: currently we have a 3 hours section
… we should assign people to different topics
… I can go with the open issues
… any volunteers for other parts
Farshid: I can handle directory
Andrea: I can do SPARQL section, but I have to know when I am
scheduled
… what time?
McCool: we don't have a date
Andrea: after 6 pm I can't join
<kaz> [11]time table for the March vF2F
[11] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_March_2021#Time_table_2
McCool: what about 30 minutes for Query and Filters
Andrea: ok
McCool: examples would be nice to have in query and filters
section
… introduction can be 20 min
McCool: Toumura-san could you volunteer for the introduction
Toumura: there's no much to say in respect to what was already
presented last time
McCool: you could also do some general discovery introduction
Toumura: ok
McCool: about self-description Farshid please can you do this?
Farshid: ok
McCool: which day is better ? any preference?
… Monday, March 15 is taken
… I'd prefer not to do it on the last day
… What about the 22?
Andrea: I'd be better the 18th
McCool: ok noted
McCool: ah the 18th has only two hours spare slots
… let's go for the 17th
… any other logistic issues?
… ok so by March 8 we should be ready for the presentation
<kaz> [12]17 March 2021 will be the Discovery day
[12] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_March_2021#Wednesday_March_17
PR 121
McCool: we have a small editorial pr
<McCool> [13]PR 121 - Type correction in Section 5.4, and some
editorial fixes
[13] https://github.com/w3c/wot-discovery/pull/121
Toumura: is related to issue 120
… the issue raised some concerns about the usage of the links
in introduction mechanism
<kaz> [14]Issue 120 - RD usage (endpoint vs. resource)|a
[14] https://github.com/w3c/wot-discovery/issues/120
McCool: (reading the issue)
… we don't want to submit all our resources in a TDD
… or on the network. We should first check if it safe
… so the only change is a minor name refactor
McCool: also I think it's dangerous to publish metadata in mDNS
… attackers could infer some personal information for these
metedata
… any other comments on the issue?
McCool: noticed a minor grammar issue
<citrullin> [15]https://tools.ietf.org/html/
draft-ietf-core-resource-directory-26
[15] https://tools.ietf.org/html/draft-ietf-core-resource-directory-26
discussion about the correct link to JSONPath specification and
CoRE
McCool: I am ok merging this PR.
Toumura: I also added an assertion
McCool: we have _wot-servient
Toumura: it's just an implementation example
McCool: ok
… there's still some minor issues. we can merge it and do a
later fix
McCool: any objections?
… I'll fix the issue right after merging it
… ok fixed any objections for merging it?
McCool: ok done
McCool: (closing also issue 120)
<kaz> [16]PR 121
[16] https://github.com/w3c/wot-discovery/pull/121
<kaz> [17]Issue 120
[17] https://github.com/w3c/wot-discovery/issues/120
PR 113
McCool: I'm going to skip 114 is still a wip
McCool: let's go to 113
<kaz> [18]PR 113 - Security and Privacy Considerations
[18] https://github.com/w3c/wot-discovery/pull/113
McCool: we discussed a lot about the security. This pr tries to
capture the topics even if some of those were moved to other
documents since they were more open ended
… they issue with privacy arise only when there's personal
information embedded or inferred in TDs/TDDs
<kaz> [19]Preview - 7. Security and Privacy Considerations
[19] https://pr-preview.s3.amazonaws.com/mmccool/wot-discovery/pull/113.html#security-considerations
McCool explains the PR based on the preview
Question: Who own things, who consumes things, who operates
directory.
Or: who makes things available for other?
Denial of service relevant only in certain scenarios
Location tracking: trap locations even if there is no specific
location information since directory is responsible for only a
certain area
Even "more interesting" if geo-location info is present
TD timing out might mean that "I'm not at home"
More at section 7.2
TD update time ...
Explicit location info ...
Nicely written "side-band" info, not normative.
See McCool's comments in issue
PR not issue
Query injection issues might be treated normatively
Kaz: having an informative security/privacy section is OK but
we need to clarify some concrete mitigations for security /
privacy issues
McCool: should be inherent (to some extend)
E.g. in JSONpath spec
Kaz: really need to ready for sec / priv wide reviews before
reaching the REC
McCool: mention risk and point to normative mitigation
PR #113 merged
Issue 16 - Handle huge set of Thing Descriptions (pagination,
streaming, etc.)
Pagination: [20]https://github.com/w3c/wot-discovery/issues/16
[20] https://github.com/w3c/wot-discovery/issues/16
Format of response?
How does the container look like?
ID inside TD is optional
Outside ID generated by directory not necessarily identical
with inside ID
How are TDs returned by server?
ID might be random and changing over time?
Extension of discovery context instead of TD context
Farshid: two proposals, w/ and wo/ HTTP headers
McCool: problem that this is HTTP specific
Farshid: other things are too
McCool comments his thoughts in issue
Also summary of proposal / issues there
Main issue: response might not be a TD
Array vs. object
Kaz: would like to see use cases
Kaz: If we want to handle pagination of the resulted data, we
need to handle the "border of the pages" and how to define the
minimum chunks for the pagination or streaming
McCool - wants examples
Contradiction w/ enriched TDs
Query one TD vs query multiple TDs
McCool: Might want to have responses w/ non-enriched TDs
Per TD metadata?
Challenge w/ signatures
Local ID vs. ID inside TD
Please also see "Concerns" in issue comment
McCool: Should rule out what is not possible / feasible
McCool: Object cannot guarantee order
Embed TDs vs Linking TDs
<kaz> kaz: let's clarify our scope for the current Charter
period :)
McCool: Let's look at other APIs
Farshid: Have already done this (see link inside issue)
Use of arrays seems to be quite common.
<kaz> [adjourned]
Minutes manually created (not a transcript), formatted by
[21]scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).
[21] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 26 April 2021 11:34:01 UTC