W3C

- DRAFT -

Discovery and Provisioning Task Force

27 Aug 2015

Agenda

See also: IRC log

Attendees

Present
Dave, Arne, Carsten, Frank, Louay, Yingying, Michael, ??, Oliver
Regrets
Soumya
Chair
Arne
Scribe
Dave

Contents

<scribe> scribenick: dsr

Arne summarises the agenda for today’s call

Task force wiki page: https://www.w3.org/WoT/IG/wiki/Discovery_TF

with more details in https://www.w3.org/WoT/IG/wiki/Discovery_Categories_and_Tech_Landscape

Arne requests feedback on the discovery landscape.

Louay: for directories, UPnP+ also offers some cloud based features.

Also see https://github.com/w3c/wot/blob/master/TF-DI/Interactions.md

Dave: we should add search based upon social networks and rich descriptions of the environment, e.g. buildings

This is essentially about semantic based discovery

Arne: yes, this isn’t present in the wiki as yet

Dave: there have been quite a few research papers on this …

It is related to directories, but we should consider this as an abstraction rather than focus directly on the API

Arne: any other mechanisms? [no]

Identification of Discovery Work Items

What is the plan for work on discovery? Arne asks for ideas.

Arne describes Soumya’s thoughts on this

Dave: this task force was set up to cover discovery and provisioning, are we going to cover provisiioning in this task force or do we need a new task?

Michael: provisioning is a broad term, what do you mean?

Dave: the initial setting up of IoT devices and services, binding to network and security attributes, and later the process of applying security and other updates.

Arne: how does this relate to discovery as a work item?

Dave: we can cover discovery as one strand of work and provisioning as another, with use cases helping us to clarify how they are interconnected

Arne: let’s focus on the discovery work items right now

Louay: in designing a discovery API we need to pay careful attention to security and privacy

He summarises existing W3C work on network discovery and presentation API

Louay volunteers to give an overview of the presentation API in a future TF-DI call

Arne: we could have that in our next call

Joint work with Security and Privacy Task Force

Oliver joins the call

<Louay_> Presentation API: http://www.w3.org/TR/presentation-api/

<Oliver> https://www.w3.org/WoT/IG/wiki/Security,_Privacy_and_Resilience

We want to identify security and privacy requirements for the use cases across the WoT IG task forces.

We have a table we want to fill out on the page at https://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements

<Oliver> https://www.w3.org/WoT/IG/wiki/Things_Discovery_Authorization

I’ve done some work analysing requirements emerging from that wiki page.

My finding was that so far you’ve mostly focused on securing the communication. There is some reference to authentication and access control, but not how to realise that.

Oliver talks about OAuth and client registration

Authorisation for discovery is significant concern, but there isn’t a lot of prior art

Dave: this is less of an issue in home networks, but definitely becomes a big issue for cloud based discovery.

Oliver: authorisation as a basis for privacy

Carsten: there is definitely a problem to be addressed.

For the home, the security is given by the wifi password — an egg shell— this isn’t a good basis for strong security

… in the sense of once you’ve cracked the egg shell you have full access to discovery within the home network

Oliver invites people to provide input and encourages us to draw up some more detailed use cases that highlight security and privacy

We can then study these and prepare for the Sapporo face to face

Arne: this sounds really good, thanks for the work you’ve already done.

We should use the wiki to describe the security and privacy aspects for each of the discovery technologies

Arne ask for volunteers to help with this study?

Oliver: Soumya has previously indicated his interest in this

In the next call Oliver would like to discuss confidentiality and other requirements.

Arne: that sounds good
... any other business?

[no]

Next call in 2 weeks time

<scribe> scribe: Dave

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/08/27 14:01:30 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/out/our/
Succeeded: s/withing/within/
Found ScribeNick: dsr
Found Scribe: Dave
Present: Dave Arne Carsten Frank Louay Yingying Michael ?? Oliver
Regrets: Soumya
Agenda: https://lists.w3.org/Archives/Public/public-wot-ig/2015Aug/0072.html
Got date from IRC log name: 27 Aug 2015
Guessing minutes URL: http://www.w3.org/2015/08/27-wot-di-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
[End of scribe.perl diagnostic output]