See also: IRC log
carsten: quickly skims the agenda
@@1: W3C WoT IG is tackling Thing Description
scribe: machine-readable format
based on JSON-LD
... Data Model and Semantics and application protocols
... testing for IPv6
... understanding WoT IG's work
... long-running apps and status transition
... it sounds like generic and not application-specific
... "TD" stands for Thing Description
... mapping to CoAP
... abstract conept and bind to protocols
... focus on REST
... plugfest done for REST-full systems
... need to see how TD works for non-REST systems
... discussion on cookbook
... i.e., Ari's early adaptation document
... TD more like the entry points
... model of the services must be programmmed into the
client
... collection resources (CoMi, CoOL)
<scribe> ... new concepts
UNKNOWN_SPEAKER: Question: should
we have compatible "IoT" and Web" worlds? or isOK to have
app/domain specific proxies?
... problem is nothing for testing
... PlugREST discussion
... T2T RG to finish our testing and W3C WoT IG to see the
results
... big idea to use REST architecture
... joint meeting ind of January in France?
carsten: webex call, hangout,
etc.?
... would be good to have discussion on the ML
... issues complete?
@@1: collection of resources
scribe: Alex will also continue that
ari: would try to discuss more
@@2: should not try everything
scribe: if there is a single
resource, it's OK
... but not, we need resource collection
carsten: how to continue?
@@1: ought to continue discussion
carsten: what are the output
documents
... draft-garcia
... cover whole lifecycle, avoid "media breaks"
... everything security, including ACE
... Sandeep's comments
... easily could become 100 of pages
... terminology
... SF's comments
... handing over device ownership
... e.g., hotel room scenario
... vendor role, OS provider, app-store provider, OEMs,
ODMs
... cross domain, e.g., car-to-car communication
... Editor team: Sandeep, Mohit
... the second document: Security Bootstrapping
... very old document
... need more vendors
... a new survey document different from the previous one
... Contributors: Mohit, Carsten
... list solutions and reference draft-garcia
... everything securitybut not covered by ACE
... app security vs. network security
... pre-operational security issues
... terms
... pre-operational setup including discovery
... possible solutions documents
... small windows of vulnerability -- acceptability of limited
opportunity to exploit
... usability
... per-solution charastrics
... manufactured with key
... out-of-band channels
... usability
... what is provisioned
... bundles
... interfaces to shopping systems
... peer-topeer vs. infrastructure-based
... registration, authentication of human users
... rebootstrapping, ownership handover
kaz: there is security discussion
within the W3C Automotive group as well
... would suggest even stronger collaboration between IRTF T2T
and W3C
... e.g., work with the W3C Automotive group as well
carsten: agree
... next, Report from W3C WoT IG
... Oliver reports from W3C WoT IG IoT breakout session
... W3C is a Member consortium, so need to be a Member company
employee or an Invited Expert
cullen: W3C discussion is done using public mailing lists
carsten: consensus on landscape
of security&privacy means
... extensive toolset for security&privacy
... web security mechanisms need to be standard
... technology generations
... classic (Kerberos, SAML, TLS, ...)
<scribe> ... new (OAuth, FIDO, ...)
UNKNOWN_SPEAKER: and future
ones
... specific WoT needs
... physical objects
... constrained devices
... constrained networks
... TLS is the only really standardized one
... links to the W3C work
... https://www.w3.org/WoT/IG/wiki
->
ttps://www.w3.org/WoT/IG/wiki/Security,_Privacy_and_Resilience
->
https://www.w3.org/WoT/IG/wiki/Landscae_of)Security%26Privacy_Means
->
https://wee.w3.org/WoT/IG/wiki/Design-time_Security%26Privacy_Means
... can invite people to W3C's bi-weekly webex calls
... other W3C WGs exist
... want to understand the relationship to Web security
model
... Actuator security
... need freshness
... DTLS (replay protection) doesn't guard against delay
attacks
... limited validty time of authorized commands
... 1st exchange: get a token and a clock value
... 2nd exchange: client updates the clock value ... another
2nd exchange: client updates the clock value again
... standardization for token and clock value
... ideas on the next steps?
dsr: happy to talk about my personal views
carsten: more like the breakout A
(=W3C collaboration)
... move on the agenda
... alex to give his presentation
s/@@3:/alex:/
alex: would present a couple of
slides
... CoOL (Constrained Objects Language)
... Alexander Pelov
... You want to manage things
... constrained domain vs. non-constrained domain
... RESTCONF + YANG model language
<michael> Is there a feed or file for the slides?
alex: yesterday we had a couple
of discussion (during the breakout A)
... want to manage LPWAN (LR-WAN)
... 10000 devices per antenna
... 50kbps max (can be 270 bps)
... 1-10% dury cycle
... see draft-pelov-core-cosol-00
... CoOL
... CoOL + YANG
... Identifier 32 bits, CBOR magic (1 byte) + Collections
<Zakim> kaz, you wanted to ask about rent-a-car scenario
dsr: depending on the number of the server?
alex: T2T management
... Thread/ZigBee/Other
... Architecture
... CoOL client over CoAP client over Lower layers
... CoOL server
... CoOL
... perform on a single resources
... "Fields" option contains the list of nodes
s/nodes/nodes/selected, encoded using a CBOR array
scribe: CoMI vs CoOL -
Identifiers
... CoMI: unmanaged, Hash(long identifier), Collisions
(re-hashing, handling thousands of nodes)
CoOL: managed, module ID (20bits)
+ Node ID (10 bits), automatically allocated, cenral repository
for modules, e.g., IANA
... regarding URI
... CoMI: BASE64 mapping (30bits -> 5URIsafe chars)
... Conclusion CoOL
... managed IDs
... RESTful collections
s/RESTfull/RESTful/
scribe: explicit PATCH
... use CoOL to manage apps
... next steps
... use of deterministic multimaps vs maps
... multicast for application management
... e.g., turning on all lights on one controller
daniel: @@@d
alex: module IDs
... 200-300
carsten: we have had discussions
on what the efficient tools for managing devices
... structure of management information
... transition from SMI to YANG?
... next step to see RESTCONF
... module identifier
... YANG is xml-based
... using XPath
... have to do something for any cases
@@@4: constraint to get back to every device?
scribe: issues on hierarchical mechanism vs. flat mechanism
UNKNOWN_SPEAKER: this
problem
... https://maps.google.com/maps?........
... What if > ~ 1KiB?
... switch to POST?
... can send detailed parameters in payload instead
... lose GET properties
... safe, idempotent
... HTTP SEARCH
... like GET
... add a body
... no longer need to POST a > 1KiB search
... CoAP FETCH
... similar to HTTP SEARCH
... add request payload to a GET
... slightly different semantics: cacheable
... FETCH and collectins
... FETCH request payload has a media type
... can define application-specific formats
... addressing collections
... Caveat
... GET operates on a link
... FETCH additionally requires guidance how to construct
payload (form relations!)
... with GET, can tell how to move to the destination
... FETCH rhymes with PATCH
... GET, PUT, POST, DELETE
... FETCH, iPATCH, PATCH
... patch payload, e.g. { * selector => action }
... moved towards to this general solution
johannes: clear mapping for FETCH?
carsten: good questions
... probably more than one operations for FETCH
... e.g., the long URI of Google Maps
... can be mechanically translated
johannes: might be a recommendation/guideline for that?
carsten: 1h50m till lunch
... can go into breakouts again
(some comments)
carsten: coffee break till eleven, and then breakouts
[ morning break ]
carsten: put topics on his
emacs
... Charter
... -- deliverables
... ---- REST cookbook (limited discussion of HATEOAS)
<inserted> (from draft-keranen-t2trg-iot), design patterns
carsten: ---- security
considerations (from draft-garcia)
... ---- bootstrapping survey (from draft-he)
...
<inserted> ... ---- link types, form types, HATEOAS
carsten: ---- plugREST
... ------ documents: reference framework, prototype
formats/protocols
... ------ software
ari: give comments
carsten: updates the list
(some more comments)
carsten: a couple topics from
draft-keranen-t2trg-iot
... milestones?
... next joint meeting with W3C in January?
dsr: Jan. 26?
joerg: maybe 28?
... actually earlier
... 25/26
... plugfest and plugrest might be linked to breakout a
carsten: splits plugREST into two
pieces and bring "plugREST: initial testing" to track b
... goes to breakout b
... add "weekly activity mid-Nov to mid-Jan" to milestone
section
... meetings:
... Jan 25th
... Eurocom says they have space to meet
<inserted> ... (April 12-14 W3C, North America, maybe MIT)
<inserted> ... IETF95, April 3-8, Buenos Aires
carsten: Berlin IETF96,
July
... Carter for proposed RG
... Logs: https://jabber.ietf.org/logs/t2trg/
... T2TRG Charter: https://datatracker.ietf.org/rg/t2trg/charter/
joerg: suggest we make the charter discussion the focal at Sigcomm conf
<inserted> achilleas: AIOTI European Commission
UNKNOWN_SPEAKER: achilleas: T2T
RG work active in collaboration with IETF innovation
... 100M budget
... 6 big areas
... workshop Wednesday, 2015-11-04 in Brussels
[ break for Lunch till 1pm ]
breakout A: Room 304
breakout B: room 513
s/mark:/cullen:/g
This is scribe.perl Revision: 1.140 of Date: 2014-11-06 18:16:30 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/Reports from Breakouts/Today's agenda/ Succeeded: s/industry specific/application-specific/ Succeeded: s/RES/REST/ Succeeded: s/device/handing over device/ Succeeded: s/, but/but/ Succeeded: s/hanover/handover/ Succeeded: s/... cunsensus on landscape of security&privacy means// Succeeded: s/exists/exist/ FAILED: s/@@3:/alex:/ WARNING: Bad s/// command: s/nodes/nodes/selected, encoded using a CBOR array FAILED: s/RESTfull/RESTful/ Succeeded: s/had/had discussions on/ Succeeded: s/NETCONF/RESTCONF/ Succeeded: s/FETCH rhymes/... FETCH rhymes/ Succeeded: s/between FETCH and PATCH/for FETCH/ Succeeded: s/REST cookbook/REST cookbook (limited discussion of HATEOAS)/ Succeeded: i/plugREST/... ---- link types, form types, HATEOAS Succeeded: s/security considerations/security considerations (from draft-garcia)/ Succeeded: s/bootstrapping survey/bootstrapping survey (from draft-he)/ Succeeded: i/security considerations/(from draft-keranen-t2trg-iot), design patterns Succeeded: i/Berlin/... (April 12-14 W3C, North America, maybe MIT) Succeeded: i/Berlin/... IETF95, April 3-8, Buenos Aires Succeeded: s/https/Logs: https/ Succeeded: s/the Spain meeting/Sigcomm conf/ Succeeded: s/IETF/IETF innovation/ Succeeded: s/Achileas/Achilleas/ Succeeded: s/Achilleas/Achilleas Kemos: AIOTI work/ Succeeded: i/T2T/achilleas: AIOTI European Commission Succeeded: s/T2T/achilleas: T2T/ Succeeded: s/mark:/cullen:/ FAILED: s/mark:/cullen:/g No ScribeNick specified. Guessing ScribeNick: kaz Inferring Scribes: kaz Present: Sebastian_Kaebisch WARNING: Fewer than 3 people found for Present list! WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Got date from IRC log name: 01 Nov 2015 Guessing minutes URL: http://www.w3.org/2015/11/01-wot-minutes.html People with action items:[End of scribe.perl diagnostic output]