[wot-discovery] minutes - 12 April 2021 from Kazuyuki Ashimura on 2021-04-26 (public-wot-wg@w3.org from April 2021)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 26 Apr 2021 21:02:47 +0900
To: public-wot-wg@w3.org
Message-ID: <87bla1p82g.wl-ashimura@w3.org>
available at:
  https://www.w3.org/2021/04/12-wot-discovery-minutes.html

also as text below.

Thanks,

Kazuyuki

---
   [1]W3C

      [1] https://www.w3.org/

                             WoT Discovery

12 April 2021

   [2]Agenda. [3]IRC log.

      [2] https://www.w3.org/WoT/IG/wiki/WG_WoT_Discovery_WebConf#12_April_2021
      [3] https://www.w3.org/2021/04/12-wot-discovery-irc

Attendees

   Present
          Andrea_Cimmino, Christian_Glomb, Farshid_Tavakolizadeh,
          Jack_Dickinson, Kaz_Ashimura, Kunihiko_Toumura,
          Michael_McCool, Tomoaki_Mizushima

   Regrets
          -

   Chair
          McCool

   Scribe
          kaz

Contents

    1. [4]Prev minutes
    2. [5]Quick updates
         1. [6]wot-security issue 196
         2. [7]Canonicalization
         3. [8]PR 1085
    3. [9]Publication preparation
    4. [10]Issue 149

Meeting minutes

  Prev minutes

   [11]March-8

     [11] https://www.w3.org/2021/03/08-wot-discovery-minutes.html

   McCool: (goes through the minutes)

   (approved)

   [12]March-29

     [12] https://www.w3.org/2021/03/29-wot-discovery-minutes.html

   McCool: we got a resolution about PR 145, and are waiting for
   an additional PR

   Farshid: yes

   McCool: should add speaker's name for Cristiano's comment

   Kaz: will do

  Quick updates

    wot-security issue 196

   [13]wot-security issue 196 - Update security and privacy
   considerations in Discovery

     [13] https://github.com/w3c/wot-security/issues/196

   McCool: we had discussion about that
   … Maybe add note about use of object security in unencrypted
   networks, e.g. .local domains that can't use normal TLS?
   … need to talk with Ben about that point
   … planning to do some more work on this issue

    Canonicalization

   [14]wot-thing-description PR 1086 - Add section to define
   Canonical serialization

     [14] https://github.com/w3c/wot-thing-description/pull/1086

   McCool: also validation

   [15]wot-thing-description PR 1085 - WIP: Add Validation Section

     [15] https://github.com/w3c/wot-thing-description/pull/1085

   McCool: regarding the canonicalization
   … need discussion during the TD call on Wed
   … (shows Farshid's comment 3 days ago)

   [16]Farshid's comments

     [16] https://github.com/w3c/wot-thing-description/pull/1086#pullrequestreview-632217058

   McCool: we could leave this out
   … any more to track down?

   [17]Farshid's 2nd comment

     [17] https://github.com/w3c/wot-thing-description/pull/1086#discussion_r610486386

   McCool: what about the default?
   … the problem is we don't have information about the original
   user's assignment

   Farshid: can understand it
   … but do we mandate it?

   McCool: (adds comments)

   Farshid: people should be aware any kind of defaults will be
   removed

   McCool: yeah
   … The problem is that when you pull things into a database, you
   will fill in all the default values. Later you don't know
   whether a value was assigned during import or by the
   originator. Would only apply to defaults defined in the TD
   spec, not in extensions.

   [18]McCool's comment

     [18] https://github.com/w3c/wot-thing-description/pull/1086#discussion_r611673680

   McCool: (also adds another comment)

   McCool: do we need to have a special filter to get a canonical
   form?
   … concerned it's expensive to implement it
   … also if the signature is broken, the canonicalization will be
   also broken

    PR 1085

   McCool: and then next, validation

   [19]wot-thing-description PR 1085 - WIP: Add Validation Section

     [19] https://github.com/w3c/wot-thing-description/pull/1085

   McCool: we have outstanding points with validation for
   directories
   … any other quick updates?

   (none)

   McCool: regarding canonicalization...
   … (adds some more notes to the agenda wiki)

   

   Pending, items to discuss

   Plan B: store original string in directories still an
   option/safe fallback

   ]]

  Publication preparation

   McCool: planning to do Call for Review today

   Farshid: thought you sent a request 2 weeks ago

   [20]message on editorial updates from McCool (Member-only)

     [20] https://lists.w3.org/Archives/Member/member-wot-wg/2021Mar/0058.html

   Kaz: to be strict, that message is not a call for consensus for
   publication

   McCool: still need to wrap-up

   [21]PR 151 - HTML formatting and editorial notes

     [21] https://github.com/w3c/wot-discovery/pull/151

   McCool: (goes through the PR 151)

   Farshid: I've added notes

   [22]HTML diff

     [22] https://pr-preview.s3.amazonaws.com/w3c/wot-discovery/151/e3ca84b...farshidtz:f68f63b.html

   McCool: (creates a branch, wd-update-candidate, for the next
   publication)

   [23]wd-update-candidate branch

     [23] https://github.com/w3c/wot-discovery/tree/wd-update-candidate

   McCool: the question is it would take two more weeks to get
   resolution for publication :(

   Kaz: if the final changes are just editorial, we can note that
   and ask the whole group for quick review, e.g., within one week

   McCool: (generates a request message and send it to the group)

  Issue 149

   [24]Issue 149 - Anonymous TDs in a directory

     [24] https://github.com/w3c/wot-discovery/issues/149

   Farshid: (explains his generated issue)

   McCool: directory stores legal TD. right?

   Farshid: potential privacy issue there

   McCool: (adds a comment)
   … possibly we can use some auto-generated ID which is used only
   within the Directory service

   Farshid: thought we already had some discussion

   McCool: right

   Farshid: where to put the ID?
   … not associated with the TD itself?

   McCool: technically, we could use some key separately from the
   TD itself

   Farshid: would like to see the comments on the issue a bit more
   … how to solve the problem if there is no ID available?
   … can we improve the signing algorithm?

   McCool: I'm ok with generating a tentative ID and put it into
   the metadata part of the TD
   … we can have a chaining mechanism to handle that

   Kaz: do we have consensus to have an auto-generated ID, e.g.,
   generated by the Directory, for the system-wide purposes?

   McCool: ok to use some local ID
   … e.g., could be a rotated ID
   … another question is if the local ID should be generated based
   on the original ID
   … but should be discussed separately
   … when we specify signing, we can include a "chaining" label to
   make sure this additional data does not break the signature
   … (then records our consensus from the call)
   … consensus:
   … 1. directory assigns a local ID to all TDs
   … 2. this ID can be (optionally) embedded in an enriched TD
   just like other metadata
   … 3. API needs to allow for looking up TDs by local ID (in a
   URL)
   … 4. signatures need to support chaining mechanism that omits
   enriched metadata

   Farshid: maybe we should call it "proposal" at the moment given
   Victor is not here

   McCool: (changes "consensus" to "proposal")

   [adjourned]


    Minutes manually created (not a transcript), formatted by
    [25]scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).

     [25] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 26 April 2021 12:02:54 UTC