00:07:27 <RRSAgent> RRSAgent has joined #wot
00:07:27 <RRSAgent> logging to http://www.w3.org/2015/11/01-wot-irc
00:07:43 <Sebastian> present+ Sebastian_Kaebisch
00:09:43 <kaz> Meeting: IRTF T2T RG/W3C WoT IG Joint Meeting - Day 2
00:10:44 <kaz> topic: Reports from Breakouts
00:11:36 <kaz> s/Reports from Breakouts/Today's agenda
00:12:45 <kaz> carsten: quickly skims the agenda
00:13:34 <kaz> topic: Reports from breakouts
00:13:43 <kaz> topic: W3C and IRTF Alignment
00:14:20 <kaz> @@1: W3C WoT IG is tackling Thing Description
00:14:59 <kaz> ... machine-readable format based on JSON-LD
00:15:43 <kaz> ... Data Model and Semantics and application protocols
00:15:48 <kaz> ... testing for IPv6
00:16:19 <akira> akira has joined #wot
00:16:23 <kaz> ... understanding WoT IG's work
00:16:56 <kaz> ... long-running apps and status transition
00:17:29 <kaz> ... it sounds like generic and not industry specific
00:17:40 <kaz> ... "TD" stands for Thing Description
00:17:57 <kaz> s/industry specific/application-specific
00:18:26 <kaz> ... mapping to CoAP
00:18:54 <kaz> ... abstract conept and bind to protocols
00:19:13 <kaz> ... focus on RES
00:19:17 <kaz> s/RES/REST
00:19:50 <kaz> ... plugfest done for REST-full systems
00:20:19 <kaz> ... need to see how TD works for non-REST systems
00:20:33 <kaz> ... discussion on cookbook
00:21:02 <kaz> ... i.e., Ari's early adaptation document
00:21:57 <kaz> ... TD more like the entry points
00:22:24 <kaz> ... model of the services must be programmmed into the client
00:22:55 <kaz> ... collection resources (CoMi, CoOL)
00:23:29 <kaz> ... new concepts
00:24:13 <kaz> ... Question: should we have compatible "IoT" and Web" worlds? or isOK to have app/domain specific proxies?
00:25:10 <kaz> ... problem is nothing for testing
00:25:18 <kaz> ... PlugREST discussion
00:25:44 <kaz> ... T2T RG to finish our testing and W3C WoT IG to see the results
00:26:00 <kaz> ... big idea to use REST architecture
00:26:23 <kaz> ... joint meeting ind of January in France?
00:27:40 <kaz> carsten: webex call, hangout, etc.?
00:28:31 <kaz> ... would be good to have discussion on the ML
00:28:44 <kaz> ... issues complete?
00:28:56 <kaz> @@1: collection of resources
00:29:07 <kaz> ... Alex will also continue that
00:29:57 <kaz> ari: would try to discuss more
00:30:28 <kaz> @@2: should not try everything
00:31:08 <kaz> ... if there is a single resource, it's OK
00:31:16 <kaz> ... but not, we need resource collection
00:31:48 <kaz> carsten: how to continue?
00:31:55 <kaz> @@1: ought to continue discussion
00:32:09 <kaz> topic: Security breakout
00:32:17 <kaz> carsten: what are the output documents
00:32:46 <kaz> ... draft-garcia
00:32:56 <kaz> ... cover whole lifecycle, avoid "media breaks"
00:33:09 <kaz> ... everything security, including ACE
00:33:25 <kaz> ... Sandeep's comments
00:34:12 <kaz> ... easily could become 100 of pages
00:34:56 <kaz> ... terminology
00:35:40 <kaz> ... SF's comments
00:36:09 <kaz> ... device ownership
00:36:36 <kaz> s/device/handing over device/
00:36:46 <kaz> q+ to ask about rent-a-car scenario
00:36:59 <kaz> ... e.g., hotel room scenario
00:37:07 <kaz> q?
00:37:14 <Zakim> Zakim has joined #wot
00:37:20 <kaz> q+ to ask about rent-a-car scenario
00:37:37 <kaz> ... vendor role, OS provider, app-store provider, OEMs, ODMs
00:38:06 <kaz> ... cross domain, e.g., car-to-car communication
00:38:35 <kaz> ... Editor team: Sandeep, Mohit
00:38:52 <kaz> ... the second document: Security Bootstrapping
00:38:55 <kaz> ... very old document
00:39:18 <kaz> ... need more vendors
00:39:35 <kaz> ... a new survey document different from the previous one
00:39:43 <kaz> ... Contributors: Mohit, Carsten
00:40:00 <kaz> ... list solutions and reference draft-garcia
00:40:13 <kaz> ... everything security, but not covered by ACE
00:40:19 <kaz> s/, but/but
00:40:28 <kaz> ... app security vs. network security
00:40:46 <kaz> ... pre-operational security issues
00:41:07 <kaz> ... terms
00:41:19 <kaz> ... pre-operational setup including discovery
00:41:29 <kaz> ... possible solutions documents
00:41:58 <kaz> ... small windows of vulnerability -- acceptability of limited opportunity to exploit
00:42:02 <kaz> ... usability
00:42:49 <kaz> ... per-solution charastrics
00:43:07 <kaz> ... manufactured with key
00:43:11 <kaz> ... out-of-band channels
00:43:14 <kaz> ... usability
00:43:19 <kaz> ... what is provisioned
00:43:26 <kaz> .... bundles
00:43:32 <kaz> ... interfaces to shopping systems
00:43:41 <kaz> ... peer-topeer vs. infrastructure-based
00:43:48 <kaz> ... registration, authentication of human users
00:43:57 <kaz> ... rebootstrapping, ownership hanover
00:44:13 <kaz> s/hanover/handover
00:46:32 <kaz> kaz: there is security discussion within the W3C Automotive group as well
00:47:07 <kaz> ... would suggest even stronger collaboration between IRTF T2T and W3C
00:47:19 <kaz> ... e.g., work with the W3C Automotive group as well
00:47:23 <kaz> carsten: agree
00:47:34 <kaz> ... next, Report from W3C WoT IG
00:47:53 <kaz> ... Oliver reports from W3C WoT IG IoT breakout session
00:48:07 <kaz> ... cunsensus on landscape of security&privacy means
00:48:48 <kaz> ... W3C is a Member consortium, so need to be a Member company employee or an Invited Expert
00:49:16 <kaz> mark: W3C discussion is done using public mailing lists
00:50:21 <kaz> s/... cunsensus on landscape of security&privacy means//
00:50:34 <kaz> carsten: consensus on landscape of security&privacy means
00:50:51 <kaz> ... extensive toolset for security&privacy
00:51:23 <kaz> ... web security mechanisms need to be standard
00:51:41 <kaz> ... technology generations
00:51:55 <kaz> ... classic (Kerberos, SAML, TLS, ...)
00:52:07 <kaz> ... new (OAuth, FIDO, ...)
00:52:08 <kaz> ... and future ones
00:52:22 <kaz> ... specific WoT needs
00:52:35 <kaz> ... physical objects
00:52:46 <kaz> ... constrained devices
00:52:58 <kaz> ... constrained networks
00:53:27 <kaz> ... TLS is the only really standardized one
00:53:40 <kaz> ... links to the W3C work
00:55:24 <kaz> ... https://www.w3.org/WoT/IG/wiki -> ttps://www.w3.org/WoT/IG/wiki/Security,_Privacy_and_Resilience -> https://www.w3.org/WoT/IG/wiki/Landscae_of)Security%26Privacy_Means -> https://wee.w3.org/WoT/IG/wiki/Design-time_Security%26Privacy_Means
00:56:01 <kaz> ... can invite people to W3C's bi-weekly webex calls
00:56:14 <kaz> ... other W3C WGs exists
00:56:30 <kaz> s/exists/exist
00:56:46 <kaz> ... want to understand the relationship to Web security model
00:57:20 <kaz> rrsagent, draft minutes
00:57:20 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
00:57:41 <kaz> ... Actuator security
00:58:05 <kaz> ... need freshness
00:58:26 <kaz> ... DTLS (replay protection) doesn't guard against delay attacks
00:58:36 <kaz> ... limited validty time of authorized commands
01:00:54 <kaz> ... 1st exchange: get a token and a clock value
01:01:17 <kaz> ... 2nd exchange: client updates the clock value ... another 2nd exchange: client updates the clock value again
01:02:11 <kaz> ... standardization for token and clock value
01:02:33 <kaz> rrsagent, draft minutes
01:02:33 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
01:02:49 <kaz> ... ideas on the next steps?
01:03:24 <kaz> dsr: happy to talk about my personal views
01:03:45 <kaz> carsten: more like the breakout A (=W3C collaboration)
01:04:17 <kaz> carsten: move on the agenda
01:04:36 <kaz> ... alex to give his presentation
01:04:48 <kaz> s/@@3:/alex:/
01:05:12 <kaz> alex: would present a couple of slides
01:05:25 <kaz> ... CoOL (Constrained Objects Language)
01:05:43 <kaz> ... Alexander Pelov
01:06:14 <kaz> ... You want to manage things
01:06:29 <kaz> ... constrained domain vs. non-constrained domain
01:06:45 <kaz> ... RESTCONF + YANG model language
01:07:05 <michael> Is there a feed or file for the slides?
01:08:02 <kaz> ... yesterday we had a couple of discussion (during the breakout A)
01:08:44 <kaz> ... want to manage LPWAN (LR-WAN)
01:08:58 <kaz> ... 10000 devices per antenna
01:09:08 <kaz> ... 50kbps max (can be 270 bps)
01:09:17 <kaz> ... 1-10% dury cycle
01:09:27 <kaz> ... see draft-pelov-core-cosol-00
01:09:47 <kaz> ... CoOL
01:09:56 <kaz> ... CoOL + YANG
01:10:12 <kaz> ... Identifier 32 bits, CBOR magic (1 byte) + Collections
01:10:13 <kaz> q?
01:10:17 <kaz> ack k
01:10:17 <Zakim> kaz, you wanted to ask about rent-a-car scenario
01:10:58 <kaz> dsr: depending on the number of the server?
01:11:31 <kaz> alex: T2T management
01:11:45 <kaz> ... Thread/ZigBee/Other
01:11:59 <kaz> ... Architecture
01:12:25 <kaz> ... CoOL client over CoAP client over Lower layers
01:12:43 <kaz> ... CoOL server
01:12:50 <kaz> ... CoOL
01:12:58 <kaz> ... perform on a single resources
01:13:10 <kaz> ... "Fields" option contains the list of nodes
01:13:31 <kaz> s/nodes/nodes/selected, encoded using a CBOR array
01:13:53 <kaz> ... CoMI vs CoOL - Identifiers
01:14:51 <kaz> ... CoMI: unmanaged, Hash(long identifier), Collisions (re-hashing, handling thousands of nodes)
01:15:28 <kaz> CoOL: managed, module ID (20bits) + Node ID (10 bits), automatically allocated, cenral repository for modules, e.g., IANA
01:16:23 <kaz> ... regarding URI
01:16:54 <kaz> ... CoMI: BASE64 mapping (30bits -> 5URIsafe chars)
01:17:02 <kaz> ... Conclusion CoOL
01:17:07 <kaz> ... managed IDs
01:17:15 <kaz> ... RESTful collections
01:17:21 <kaz> s/RESTfull/RESTful/
01:17:28 <kaz> ... explicit PATCH
01:17:34 <kaz> ... use CoOL to manage apps
01:17:45 <kaz> ... next steps
01:17:58 <kaz> ... use of deterministic multimaps vs maps
01:18:16 <kaz> ... multicast for application management
01:18:53 <kaz> ... e.g., turning on all lights on one controller
01:19:07 <kaz> daniel: @@@d
01:19:12 <kaz> alex: module IDs
01:19:23 <kaz> ... 200-300
01:19:40 <kaz> rrsagent, draft minutes
01:19:40 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
01:20:28 <kaz> carsten: we have had what the efficient tools for managing devices
01:20:42 <kaz> s/had/had discussions on
01:21:10 <kaz> ... structure of management information
01:21:27 <kaz> ... transition from SMI to YANG?
01:21:40 <kunitake> kunitake has joined #wot
01:22:08 <kaz> ... next step to see NETCONF
01:22:17 <kaz> s/NETCONF/RESTCONF/
01:22:33 <kaz> ... module identifier
01:22:53 <kaz> ... YANG is xml-based
01:23:01 <kaz> ... using XPath
01:23:12 <kaz> ... have to do something for any cases
01:25:18 <kaz> @@@4: constraint to get back to every device?
01:26:13 <kaz> ... issues on hierarchical mechanism vs. flat mechanism
01:26:48 <kaz> topic: CoAP FETCH (Carsten)
01:26:57 <kaz> ... this problem
01:27:09 <kaz> ... https://maps.google.com/maps?........
01:27:48 <kaz> ... What if > ~ 1KiB?
01:27:57 <kaz> ... switch to POST?
01:28:09 <kaz> ... can send detailed parameters in payload instead
01:28:17 <kaz> ... lose GET properties
01:28:24 <kaz> ... safe, idempotent
01:28:52 <kaz> ... HTTP SEARCH
01:29:01 <kaz> ... like GET
01:29:07 <kaz> ... add a body
01:29:22 <kaz> .. no longer need to POST a > 1KiB search
01:29:53 <kaz> rrsagent, draft minutes
01:29:53 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
01:30:41 <kaz> ... CoAP FETCH
01:30:49 <kaz> ... similar to HTTP SEARCH
01:30:57 <kaz> ... add request payload to a GET
01:31:12 <kaz> ... slightly different semantics: cacheable
01:32:05 <kaz> ... FETCH and collectins
01:32:15 <kaz> ... FETCH request payload has a media type
01:32:24 <kaz> ... can define application-specific formats
01:32:35 <kaz> ... addressing collections
01:32:38 <kaz> ... Caveat
01:32:45 <kaz> ... GET operates on a link
01:33:12 <kaz> ... FETCH additionally requires guidance how to construct payload (form relations!)
01:35:02 <kaz> ... with GET, can tell how to move to the destination
01:35:11 <kaz> FETCH rhymes with PATCH
01:35:20 <kaz> ... GET, PUT, POST, DELETE
01:35:28 <kaz> ... FETCH, iPATCH, PATCH
01:36:55 <kaz> ... patch payload, e.g. { * selector => action }
01:37:08 <kaz> s/FETCH rhymes/... FETCH rhymes/
01:37:37 <kaz> rrsagent, draft minutes
01:37:37 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
01:38:29 <Sebastian> Sebastian has joined #wot
01:39:45 <kaz> ... moved towards to this general solution
01:43:30 <kaz> johannes: clear mapping between FETCH and PATCH?
01:43:54 <kaz> carsten: good questions
01:44:13 <kaz> ... probably more than one operations for FETCH
01:44:28 <kaz> ... e.g., the long URI of Google Maps
01:44:52 <kaz> ... can be mechanically translated
01:45:13 <kaz> johannes: might be a recommendation/guideline for that?
01:45:38 <kaz> s/between FETCH and PATCH/for FETCH
01:46:02 <kaz> carsten: 1h50m till lunch
01:46:37 <kaz> ... can go into breakouts again
01:48:05 <kaz> (some comments)
01:48:15 <kaz> carsten: coffee break till eleven, and then breakouts
01:48:20 <kaz> [ morning break ]
01:48:25 <kaz> rrsagent, draft minutes
01:48:25 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
02:03:54 <kaz> topic: Charter (Carsten)
02:04:09 <kaz> carsten: put topics on his emacs
02:04:25 <kaz> ... Charter
02:04:33 <kaz> ... -- deliverables
02:04:40 <kaz> ... ---- REST cookbook
02:04:56 <kaz> ... ---- security considerations
02:05:06 <kaz> ... ---- bootstrapping survey
02:05:06 <kaz> ...
02:05:12 <kaz> ... ---- plugREST
02:05:35 <kaz> ... ------ documents: reference framework, prototype formats/protocols
02:05:40 <kaz> ... ------ software
02:05:45 <kaz> ari: give comments
02:05:55 <kaz> carsten: updates the list
02:06:18 <kaz> s/REST cookbook/REST cookbook (limited discussion of HATEOAS)
02:06:41 <kaz> i/plugREST/... ---- link types, form types, HATEOAS/
02:06:48 <kaz> rrsagent, draft minutes
02:06:48 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
02:07:27 <kaz> (some more comments)
02:08:01 <kaz> s/security considerations/security considerations (from draft-garcia)/
02:08:19 <kaz> s/bootstrapping survey/bootstrapping survey (from draft-he)
02:08:57 <kaz> carsten: a couple topics from draft-keranen-t2trg-iot
02:09:30 <kaz> i/security considerations/(from draft-keranen-t2trg-iot), design patterns/
02:10:16 <kaz> rrsagent, make log public
02:10:27 <kaz> rrsagent, draft minutes
02:10:27 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
02:11:13 <kaz> carsten: milestones?
02:11:21 <kaz> ... next joint meeting with W3C in January?
02:11:46 <kaz> dsr: Jan. 26?
02:11:52 <kaz> joerg: maybe 28?
02:12:08 <kaz> ... actually earlier
02:12:08 <kaz> ... 25/26
02:13:02 <kaz> joerg: plugfest and plugrest might be linked to breakout a
02:14:10 <kaz> carsten: splits plugREST into two pieces and bring "plugREST: initial testing" to track b
02:15:08 <kaz> ... goes to breakout b
02:16:09 <kaz> ... add "weekly activity mid-Nov to mid-Jan" to milestone section
02:16:12 <kaz> ... meetings:
02:16:22 <kaz> ... Jan 25th
02:16:37 <kaz> ... Eurocom says they have space to meet
02:17:08 <kaz> ... Berlin IETF96, July
02:18:48 <kaz> i/Berlin/... (April 12-14 W3C, North America, maybe MIT)/
02:19:09 <kaz> i/Berlin/... IETF95, April 3-8, Buenos Aires
02:19:22 <kaz> rrsagent, draft minutes
02:19:22 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
02:35:15 <kaz> carsten: Carter for proposed RG
02:35:38 <kaz> ... https://jabber.ietf.org/logs/t2trg/
02:38:02 <kaz> s/https/Logs: https/
02:39:19 <kaz> ... T2TRG Charter: https://datatracker.ietf.org/rg/t2trg/charter/
02:40:39 <kaz> joerg: suggest we make the charter discussion the focal at the Spain meeting
02:41:25 <kaz> s/the Spain meeting/Sigcomm conf/
02:42:44 <kaz> topic: Achileas
02:43:09 <kaz> ... T2T RG work active in collaboration with IETF
02:43:20 <kaz> s/IETF/IETF innovation/
02:43:59 <kaz> ... 100M budget
02:44:06 <kaz> ... 6 big areas
02:44:31 <kaz> s/Achileas/Achilleas
02:45:08 <kaz> s/Achilleas/Achilleas Kemos: AIOTI work/
02:45:22 <kaz> ... workshop Wednesday, 2015-11-04 in Brussels
02:47:34 <kaz> i/T2T/achilleas: AIOTI European Commission
02:47:54 <kaz> s/T2T/achilleas: T2T/
02:48:23 <kaz> rrsagent, draft minutes
02:48:23 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
02:48:38 <kaz> [ break for Lunch till 1pm ]
02:48:56 <kaz> breakout A: Room 304
02:49:08 <kaz> breakout B: room 513
02:49:09 <kaz> rrsagent, draft minutes
02:49:09 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
03:10:39 <Zakim> Zakim has left #wot
04:06:55 <cabo> cabo has joined #wot
04:35:26 <kaz> kaz has joined #wot
05:19:01 <naokis> naokis has joined #wot
05:59:10 <cabo1> cabo1 has joined #wot
07:00:07 <cabo> cabo has joined #wot
07:33:27 <cabo> cabo has joined #wot
11:00:41 <kaz> kaz has joined #wot
11:01:01 <kaz> s/mark:/cullen:/
11:01:05 <kaz> s/mark:/cullen:/g
11:01:09 <kaz> rrsagent, draft minutes
11:01:09 <RRSAgent> I have made the request to generate http://www.w3.org/2015/11/01-wot-minutes.html kaz
11:42:19 <naokis> naokis has joined #wot
11:57:46 <naokis> naokis has joined #wot
13:24:59 <knagano> knagano has joined #wot
14:19:51 <knagano> knagano has joined #wot
15:33:07 <knagano> knagano has joined #wot
21:48:48 <kaz> kaz has joined #wot
22:09:59 <dfr> dfr has joined #wot
23:00:05 <knagano> knagano has joined #wot
23:07:31 <cabo> cabo has joined #wot
23:09:03 <cabo1> cabo1 has joined #wot