W3C

- DRAFT -

Web of Things IG - TF-AP

09 Sep 2015

Agenda

See also: IRC log

Attendees

Present
Kaz_Ashimura, Michael_Koster, Johannes_Hund, Kazuaki_Nimura, Kazuo_Kajimoto, Oliver_Pfaff, Taki_Kamiya, Yingying_Chen, Victor_Charpenay, Joel_Vogt, Ryuichi_Matsukura, Frank_Reusch
Regrets
Chair
Johannes
Scribe
vcharpenay, vcharpenay_

Contents

<jhund> scribenick: vcharpenay

agenda is as announced by Johannes

<kaz> Agenda: https://lists.w3.org/Archives/Public/public-wot-ig/2015Sep/0018.html

security & privacy "Requirements shopping" for the home automation use case (Oliver)

First topic: Security/privacy

<inserted> Security&Privacy Requirements wiki

Oliver: security & privacy requirements on a Wiki page

everyone is invited to add their own UCs on this page. Example now of a Home Automation System

Confidential data (likely yes, ex of BMW requesting services in the cloud)? -> in the corresponding row "Yes: TODO:... deployment..."

Auth needed? (same answer, often coupled with confidentiality) -> idem

Credentials ? (shared keys hard to have., so likely credential mechanism) -> "Yes"

IDs?

Johannes: in case home owners wants to grant access to others

Oliver: -> "Yes but depends..."

Authorization enforcement (e.g. near field maybe not)? -> "Depends on network characteristics"

Auth mgt ()? ->

"Yes, starts with owner can do all..."

SSO (hard in IoT since originatley a human-centric notion)? -> "Yes for humans, TODO for devices"

Johannes: if someone tries to sign in with their Google account, is it related to SSO?

Oliver: SSO defines authorities. May say there is no external authority other than me

(could OAuth be used for SSO?. Answer from Oliver: should distinguish industrial UCs and consumer UCs)

Rate limitation (DOS attacks are unlikely inside someone's place)? -> "Probably yes but for portals"

Intrusion detection (ex. of SQL injections)?

Johannes: maybe not now. Not a big issue

Info self-determination (ex. of healthcare)?

Michael: 2 things: personal data in the sense it refers to one identified person vs. personal data that should be owned/managed by the id. person

Oliver: dealing with the second point now

-> "Yes, discuss how personal the info is"

Behavior vs. body -> body-related info in Hoöe automation?

Home*

Johannes: can happen

Anonymity? -> "Yes"

<scribe> Done for the Home Automation UC

(all aspects reviewed)

TD should identify more UCs so that it could be discussed again, following the methodology presented here

Plugfest implementations (raise of hands, matchmaking)

<kaz> Demo wiki

Johannes: logistics -> network, hardware needed?

confusion about deadlines

Kaz: next tuesday, final deadline

<kaz> Reminder for Demo setting (Member-only)

ex. of Dave's req: wired net with fixed IPs (no DHCP)

other reqs like this?

e.g. IPv6

the wiki page should be used for that.

<inserted> scribenick: vcharpenay_

Michael: I hope I will

Johannes: others?

seems not.

next topic: Review of the Guidelines for interactions and mappings

(even though there are only 2 potential participants)

<kaz> Plugfest guideline

interaction patterns: REST-compliant mapping of TD

(be the protocol CoAP, HTTP or others)

then concrete mappings : HTTP, WebSocket

Michael: HTTP2 web push to replace an ad-hoc Observe resource (Observe being integrated into CoAP).

Johannes: following a discussion with M. Kovatsch -> for HTTP1.1, use WebSocket instead

Back to the github page: Why? So that we can collaboratively design mappings.

Sebastian made an example of a TD (for a LED lamp)

https://github.com/w3c/wot/blob/master/TF-TD/TD%20Samples/led.jsonld

feedbacks about actions/properties. AP feedbacks now?

Michael: composed property changes-> actions. Sophisticated light control -> actions more handy.

property have simple getters/setters. Actions have more complex handlers

(critical when designing Hypermedia-driven apps)

Kajimoto: some actions are clearly actions, some props clearly props. But boundaries are fuzzy

(switched the topic some lines ago: Discussion on guidelines for the modeling of Things (e.g. when to use a property and when to use an action))

Michael: working on a TD design involving also events. Should share it in the group.

actions are resources on their own, they can be cancelled, edited. They are created whenever an action is called.

Johannes: EVRYTHNG has a very similar model

Time is over. If any other points to raise -> mailing-list.

<kaz> [ adjourned ]

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/09/09 14:36:18 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: i/First topic:/topic: security & privacy  "Requirements shopping" for the home automation use case (Oliver)
Succeeded: i|Oliver:|-> http://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements Security&Privacy Requirements wiki
Succeeded: s/question from Michael/could OAuth be used for SSO?/
Succeeded: s/next topic:/topic:/
Succeeded: s/netword/network/
Succeeded: s/CoAp/CoAP/
Succeeded: i/I hope I will/scribenick: vcharpenay_
Found ScribeNick: vcharpenay
Found ScribeNick: vcharpenay_
Inferring Scribes: vcharpenay, vcharpenay_
Scribes: vcharpenay, vcharpenay_
ScribeNicks: vcharpenay, vcharpenay_
Present: Kaz_Ashimura Michael_Koster Johannes_Hund Kazuaki_Nimura Kazuo_Kajimoto Oliver_Pfaff Taki_Kamiya Yingying_Chen Victor_Charpenay Joel_Vogt Ryuichi_Matsukura Frank_Reusch
Agenda: https://lists.w3.org/Archives/Public/public-wot-ig/2015Sep/0018.html
Got date from IRC log name: 09 Sep 2015
Guessing minutes URL: http://www.w3.org/2015/09/09-wot-ap-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
[End of scribe.perl diagnostic output]