WoT f2f - Day 3 -- 19 May 2017

<McCool> all: we are starting about 10m late, Kaz and Matthias were delayed (they are here now, setting up)

<McCool> also, quick note that schedule will be a little reorganized so we can end by 3:00; Marketing to start at 13:30 followed immediately by "Next Meetings" discussion

Security Summary - McCool

<inserted> scribenick: kaz

mm: [Initial version of Threat Model]
... [Threat Model]
... stakeholders, roles, assets, adversalies, attack surfaces, threats, use cases, security objectives/non-objectives
... attack surfaces
... we have an opensource implementation
... hierarchy of trust
... different levels of trust
... [External References and Standards]
... if any ideas, please create an issue on GitHub
... External references
... industrial internet consortium security framework
... IETF ACE, RFC 7252 (CoAP) security model, RFC 3552, RFC 6973, STRIDE Threat Model, OWASP IoT Attack Vectors, IoT Security Foundation, FIPS and other national standards
... Liaison references
... OCF 1.0 Security spec
... oneM2M security solutions, OPC, Echonet, BACnet

kaji: can we add even more references?

mm: see pullrequest 319

kaji: emotion technology consortium
... btw, what would be the concrete methodology for the security discussion?

mm: shows [Process]
... opensource implementation
... also clarifying requirements
... 1. threat model, 2. scoping, 3. state-of-art, 4. solutions, 5. implementation and evaluation

nimura: regarding attack surfaces

mm: protocol bindings execution boundary

nimura: distributed way
... with multiple WoT servients

mm: multiple instances and bridges
... should clarify what would be in-scope and what would be out-of-scope

dsr: single system here

mm: WoT is basically a bridge
... very important to be secure

nimura: use cases?

mm: e.g., smart homes
... gateway as a firewall

kaz: the final deliverable would handle safety as well?

mm: mainly security and privacy but would see the charter

Scripting API summary - Nimura

nimura: [WoT Stack]
... also [Role of scripting API]
... discussion on the management interface
... will update the rational document with the WoT stack diagram as well

kaji: registration of the WoT servient?
... possible need for a specific servient for management purposes

nimura: shows the slide on synchronization

TD summary - Sebastian

sk: TD core model, TD lifecycle, semantic annotation in JSON Schema, ...
... [Set this TD Model as Baseline]
... shows the basic TD model and sample instances in different formats
... JSON-LD vs JSON
... [TD Lifecycle]

kaji: proposed to introduce additional operatons like "@remove" and "@include"
... to modify/update TDs over its life time
... collaboration with the JSON-LD team

dsr: similar topics for the API side as well

yz: dynamic modification or kind of static?

kaji: modify attributes
... e.g., when copy existing attributes, maybe don't need part of them
... also variation of products like air conditioners
... basic template and various additional features based on each product
... mainly thinking about lifecycle of products

dsr: possible live update

kaz: possibly update the OS or library weekly?

kaji: yes, so related to scripting as well

sk: [Missing Thing in JSON Schema]
... long discussion
... keep collaboration with the JSON Schema team
... reuse JSON-LD keys such as @context and @type
... would ask Dave and Yongjing to join the discussion
... [TD Serialization]
... TD core model could be serialized using various formats
... separation between text-based representation and binary one
... maybe should select one default text rep and one default binary rep
... but don't invent new serialization formats
... evaluation of binary versions (e.g., EXI4JSON, CBOR)
... how to evaluate?
... Daniel and Carsten are volunteering

yz we should support all the possible formats?

dsr: how to work with broader communities?
... need to have a plan for that

TF-LD summary - Dave

dsr: relationshp between interaction models and semantic models
... scarable approach based on commercial reality
... need for bridging ontologies
... valuable discussion and working on a plan for a roadmap with clearly defined short term goals

sk: TD related to the semantic model

mm: bridging multiple standards
... mapping of concepts for transformation

dsr: don't think there could be a single mapping

mm: model for some given standard
... maybe need for an abstract model for IoT

sk: motivation of this mapping?

dsr: different vendors may have different models
... need to allow bridging different models

mm: there are ontologies out there
... could have a common ontology and mapping to that

yz: the mapping itself is not in our scope?

sk: this TF is working on that

dsr: this is a TF of the IG side
... not for the standard work

mm: we should have some concrete example
... possible output is about what should be added to TD

dsr: slides available from the agenda wiki

kaz: related to the discussion on TD vs protocol binding
... TD should handle abstract semantics and protocol binding should handle concrete information on the device level

mm: but the separation is not that simple

Synchronization summary - Matsukura

rm: [WoT Servient architecture]
... 2 types of applications
... [Discovery and Provisioning fro device]
... [Example diagram for sever-client]
... one servient on the gateway
... and another servient on the cloud side
... [Device registered to master repository]
... will continue the discussion and clarify the requirements

yz: thought we had 2 approaches
... will support both?

rm: yes

[ morning break ]

<dsr> We also need to consider peer to peer approaches for fully distributed repositories which can offer greater security, e.g. against denial of service attacks.

<dsr> scribenick: dsr

Use Cases

Michael McCool as the session lead.

(slides to be uploaded later)

Outline: discuss process and goals, gather/brainstorm, prioritize, derive requirements and incorporate into our plan. An example is the security objectives.

The goals: use cases as a basis for justifying specification design choices

Use cases for mindshare and building a concrete understanding, e.g. as a basis for recruiting new companies to help with work on standards

This needs concrete and compelling examples.

To drive requirements and test cases we need a range of use cases.

There are two broad axes: one is technical and the other the application domain

On the technical axis: simple use cases to explore the data types, interactions and architecture

Complex test cases to test boundaries including pathological cases

Distributed use cases, multi-device use cases, lifecycle use cases, different audiences, etc.

Including real time and streaming.

Example contexts: application domains such as smart Home, smart Building, smart *

We need examples that explore the use of contextual information richer semantics.

Other dimensions: simple to complex, local to global, trusted to untrusted, number of devices, number of ecosystems, asynchronous (deliver whenever) vs Synchronous real-time delivery

Lossy vs guaranteed (transactional)

My expectation is that we should start at the easy end of this multidimensional space and then expand along some key dimensions.

Issues to test: dependency chains, distributed race condiitions, translation of information, and possible loss of meaning and capabilities.

Performance and so forth.

For the smart home: connection of personal devices owned by a family (need to develop personae)

Some devices installed in house, some owned by family some by individual family members.

Assume that there is a firewall with a wifi network, and a gateway/hub that has capability for computation and storage, e.g. acting as a bridge and small services.

Some scenarios: onboarding a new device, controlling a single device, services coordinating multiple devices from different ecosystems, family member moving to new household, visiting guest need access to a subset of devices

Yesterday, Barry talked about some interest scenarios we should look at.

For smart cities: a constellation of smart buildings as well as city infrastructure.

System integrator that combines systems from different manufacturers.

Need for large scale monitoring and maintenance

etc.

The smart factory context involves a combination of IT and OT (operational technology), including strict requirements in respect to safety, reliability and so forth.

The need to address brownfield systems, pre-IoT OT systems.

The need to enable data driven decision monitoring of devices and processes.

More background available from the Industrial internet consortium.

Barry: we could take forever to think about use cases. It would be a good idea to constrain this by considering how use cases change what we think.

Is our goal to list the use cases on the website for internal use or do we want to publish them for external consumption?

Michael: we already have several external bodies working on use cases, perhaps we can leverage these?

Dave: I see a need for a small set of polished use cases for marketing materials in addition to those we use internally for technical guidance.

Michael: we need to decide on our key values and how we can show and explain these to others.

Barry: having simulated devices can be really valuable for ease of demonstrations

Michael: the benefits need to be really clear.

Sebastian: use cases can help with design choices in the architecture, e.g. thing to thing, thing to cloud

I think we can look at smart city use cases from the BigIoT EU project

This includes some automotive use cases.

Michael: we’re trying to enable larger ecosystems that span multiple standards

Smart cities could be fruitful in that regard

Kajimoto-san: what guidelines should we adopt for describing use cases, e.g. the granularity

Sebastian: in the early work of the Interest Group, we rapidly switched to focusing on atomic use cases.

Uday: we should consider use case scenarios involving a handover of domains

e.g. home, workplace and city

Importance of focus and prioritisation

Michael: perhaps we could survey existing use cases and identify a taxonomy

So an action on studying existing use case collections and identify use cases where the web of things would add value.

Another action is to take our key value(s) and brainstorm some example use cases that demonstrate it, and then build the corresponding demos.

<mkovatsc> http://w3c.github.io/wot/wot-ucr.html

<mkovatsc> https://github.com/w3c/wot/tree/master/ucr-doc

Dave: one idea is to make simulated deviced available by our member companies for use in demonstrating the power of the Web of things across ecosystems.

Michael: we could also support online information on how to download and install demos, e.g. onto a Raspberry Pi.

Likewise, we could make it easy for people to download and run simulations.

Some companies could offer evaluation kits

We could collect, maintain and publish a large collection of use cases — however that would be a lot of work.

Kaz: do we want to have an internal collaboration within W3C, e.g. across groups with demos at TPAC?

Michael: yes, e.g. with the automotive and sensor group.

Dave: how about some short term goals?

Michael: yes, we should soon decide on what is and what isn’t in scope.

I would like to assemble a list of references to IoT use case collections

Secondly to work on the marketing needs

For security, we will need to describe what we’re looking for from use cases.

Michael: any volunteers for driving the collection of references for use case collections?

Kajimoto-san: I have some use cases I can offer to the group for consideration

Michael: we should aim to work top down rather than bottom up, so that can ensure that we’re efficiently addressing our goals.

I will put this up on Github and we can use the issue tracker to work on it.

scribe: . we break for lunch ….

F2F Meetings - Matthias

<inserted> scribenick: kaz

mk: [Change for 2018?]
... issue: little time between f2f meetings
... slow progress in PlugFest implementations
... still very little at f2f time for TFs

mm: security input

mk: no other comments?

(none)

mk: would go for this
... proposal only 3 f2f meetings in 2018
... and having regional+online
... [Dusseldorf f2f 9-13 July 2017]

uday: give explanation

Dusseldorf f2f logistics

uday: airport concress center
... accommodation details to be followed
... f2f wiki will be created shortly

mk: deadline for registration?

uday: not decided yet

mm: need deadline for logistics (food, party, etc.)

mk: hosted by RWE/Lemonbeat
... 9-13 July
... 2months to work
... todos:
... populate wiki: hotel list, collect topics
... block rooms in nearest hotel
... open registration (Kaz to help)

mm: network connection (cable, wifi)

uday: looking into that

mk: check network infrastructure of the venue
... usually I bring a wifi router
... got inquiry from possible attendees for OpenDay

uday: when would be the OpenDay?
... possibly Sunday for PlugFest preparation and PlugFest on Monday

mk: good to have demos on OpenDay as well

uday: half day on Sunday (afternoon) for preparation?

mk: yeah, don't want to work the whole Sunday
... btw, there will be the IRTF T2T meeting in Plague next week
... 9-13 July (Sun-Thu; Sat-Fri IETF in Plague)
... [F2F Meeting November 2017: Burlingame, CA, USA]
... TPAC 2017
... 6-10 November 2017
... 4 months to work
... plugfest preparation: open space or room on Sunday
... plugfest: request full-day room or at least 3 hours on Wed.
... plan observers/groups to meet

kaz: will talk within the W3C Team
... about the PlugFest planning

mk: joint meetings?

kaz: automotive, DAS, TV, etc.
... will contact Chairs of those groups

mk: accept observers?

kaz: yes

mk: [F2F eeting spring 2018]
... in US?
... collocated with security conf?
... internetsociety.org/events/ndss-symposium/ndss-symposium-2017: San Diego, 18-21 Feb.
... ieee-security.org/TC/SP2017/index.ml: San Jose May)
... look at calendars
... IETF: London, UK, 18-23 March 2018
... OCF? oneM2M?
... todos:
... organize academic conf workshop (with T2TRG)
... will discuss in Chairs call
... good to have the ndss symposium as a fallback if we fail the possible workshop
... [F2F Meeting Summer 2018]
... Asia?

<inserted> @@@missing log to be added@@@

<inserted> scribenick: taki

YZ: I would like to contribute OneM2M binding to TD.
... Examples are in JSON formats.

Marketing and Outreach

MM: More people need to be involved from those organizations.
... What is the key message about our value.
... showing "messages" from 5/17 minutes...
... How can we evaluate good message?
... Who we are targeting... Decision makers. ( business person).
... We are not targeting consumers.
... Trying to connect audio...
... Testing, testing tesing...
... Criteria about message.
... I listed goals. Give meesages to audience.
... They have to agree with us.
... How thimgs are differemt.
... They have to engage with us.
... Messages must be simple.

<naomi> +1 > must be simple

MM: It is all about simple message, and repeat again.
... no jargon.
... You want to target one level lower.
... avoid confusing words. data model.
... for example.

SK: JSON, XML are also maybe confusing.

MM: You want to communicate concepts people already know.
... Key message. One key idea. Whats the one thing?
... I looked through. Key ideas.
... I saw Interoperability between multiple standards...

MM is going through the list "key value cadidates" in the slide...

MM: Expand eco-system....
... Not crisp enough. We still have time. In Github, I can upload.
... I can create pull request.
... It is gonna be public, we have to be careful. can make private.
... As far as further discussion. Web presence.
... reinforces message, is important.
... Web presence and presentation, should be nice clean.
... Communication meeting. I try to get presentation template.
... Simple, practical template is what we need/

Matthias: When do we get good example?
... When do we get it applied?

MM: This is difficult.
... I have been doing two months.
... We need some more proposals.
... By next meeting, less than a meeting, let's prepare for a proposal.

Matthias: We need to allocate time, or hire marketing people.

MM: We could try to ask for intel marketing people help.

Matthias: Let's make a good concrete plan.

MM: This is all on record, let's continue.

WoT Web Pages

Matthias: We use various content management.
... Dashboard in WG page.
... So much text.

<kaz> WoT landing page

Matthias: It has to be concise.

MM: Content system is one reason.
... We need to make some good proposal.
... Make sure the very first thing in each page points to this page.

Matthias: We can even use static system...
... We need simple landing page.
... People should be able to be focused.
... Kaz, can we change content management system on WG landing page?

<kaz> WoT WG page (managed on GitHub)

Matthias: This is not good for marketing... Three pages has inconsistent information...
... As fast as possible, correct structure.

MM: Landing page, someone is maintaining upcoming pages...

Matthias: Sometimes not updating.

Kaz: I will talk to W3C comm team.

Matthias: We could open issue in github IG space.

<kaz> ACTION: Kaz to talk with the W3C Comm Team about the landing page [recorded in http://www.w3.org/2017/05/19-wot-minutes.html#action01]

<trackbot> Created ACTION-105 - Talk with the w3c comm team about the landing page [on Kazuyuki Ashimura - due 2017-05-26].

Matthias: Or, do we need steering team?

MM: every month, we used to have WoT Comm TF calls.

<kaz> WoT WG repo

Matthias: It is now part of main call.

MM: yingying, naomi should be part of the discussion.
... We can find out where information on page is coming from.
... We can also poll.
... Remove page? Redirect better?
... Change content management, etc.

Matthias: Dave had opinion before. But he already left today...

DP: I had similar question several weeks ago. Dave said content is sometimes duplicated with multiple pages. It is difficult to maintain.
... We may want to converge them together.

MM: Let's separate out what we want.
... Having a single page, clear messaging.
... Let's get a meeting with marketing people.

Matthias: We need something concrete as a result.
... We need to check whether it complies with W3C policy.

MM: WoT, WoT IG, WoT WG, same look and feel is an objective.

Matthias: What are we telling people.
... and design page accordingly.

MM: Get organization done.
... Then content.

Matthias: Let's see if there is any objection.
... With regards to policy.

MM: We wanna say clearly and concisely what's our value.

Matthias: Can Daniel help?

DP: Sure.

Matthias: can't hear, naomi

<naomi> sorry to say this but w3c does't accept members directly to modify, write, update w3c pages so I'd like to collect your "raw" voices to reflect to our marketing materials. I don't recall marcomm had a place to hear voices from groups in the past.

Kaz: W3C doesn't allow members directly update these pages.
... Naomi-san says.
... Yingying and Dave are organizing TF. TF and comm team should work together. would like to talk with the W3C Comm Team.

MM: I want comm team active on this.

Matthias: concise, consistent messages will stay stable.
... can naomi apply radical changes?

<naomi> Matthias, we'll change

<naomi> with hearing your inputs

Matthias: comm team can make private changes.

<naomi> exactly

Matthias: It also works.
... We will contact you guys.

<naomi> thanks Matthias!

Matthias: then please tell us what's allowed and what's not.

<naomi> wot groups++

Kajimoto-san's remark

Kajimoto-san: thank you very much for cobtribution.
... Dusseldorf meeting is coming shortly.
... Let's prepare quickly.
... I hope you guys can go home safely, and enjoyed here.
... If you have a chance, it is good chance to go to Osaka castle.
... Ohsumi-san also suggested to visit Kyoto.

Sebastian: I really enjoyed the week.
... Very organized. Thank you for great food.

Uday: It was so such delicious food.
... Thank you for hosting.

Kajimoto-san: Thank you.

<kaz> [ Osaka f2f meeting ends ]

- DRAFT -

WoT f2f - Day 3

19 May 2017

Attendees

Contents