00:44:36 topic: PlugFest pitch 00:44:46 topic: PlugFest 01:19:33 [ OpenDay ends ] 01:19:38 rrsagent, draft minutes 01:19:38 I have made the request to generate http://www.w3.org/2017/02/07-wot-minutes.html kaz 01:26:19 Max has joined #wot 01:32:50 Karen has joined #wot 03:15:04 dsr has joined #wot 17:09:42 RRSAgent has joined #wot 17:09:42 logging to http://www.w3.org/2017/02/07-wot-irc 17:09:52 dape has joined #wot 17:10:06 Meeting: PlugFest/Tech_Breakouts Day 17:10:42 present+ Carlos 17:10:49 topic: Day2 17:11:43 Agenda: https://www.w3.org/WoT/IG/wiki/F2F_meeting,_February_2017,_USA,_Santa_Clara#Tue.2C_07_Feb_2017:_PlugFest_.2F_Technical_Breakouts 17:12:00 taki has joined #wot 17:12:30 topic: Plenary 17:12:35 mk: check agenda 17:12:39 yamada has joined #wot 17:12:40 tokuyama has joined #wot 17:12:40 ... and WebEx logistics 17:13:06 action: kaz to allocate another WebEx for the breakout session 17:13:06 Created ACTION-100 - Allocate another webex for the breakout session [on Kazuyuki Ashimura - due 2017-02-14]. 17:13:31 topic: [Matthias] Scripting API vs REST/network API - API design for HATEOAS 17:13:41 mk: WG Charter Feedback 1 17:13:52 s/WG/(WG/ 17:13:56 s/1/1)/ 17:14:03 ... Scope: 17:14:08 masato has joined #wot 17:14:14 ... Make Thing Description the main deliverable 17:14:23 ... TD work has priority in the case of conflicts 17:14:35 ... RDF dependency: don't reinvent a similar framework 17:14:43 ... don't make RDF a prerequisite 17:14:46 ... Security: 17:14:58 ... conduct security reviews before releasing WG doc 17:15:12 ... include systematic security testing in the test suite 17:15:48 s|dependency:|dependency:
... | 17:16:11 mm: do we hire outside reviewers for security work? 17:16:40 mm: one possibility is submitting an internet draft and submit it to IETF 17:17:16 ... IRTF T2T has joint meetings as well 17:17:27 taki1 has joined #wot 17:17:29 ... (WG Charter Feedback II) 17:17:37 s/Feedback 1/Feedback I/ 17:17:45 ... why a scripting API for interaction? 17:17:54 ... we expect a REST API for Things 17:17:59 ... go back to... 17:18:03 ... (Scripting API) 17:18:27 ... 2 different APIs: scripting API and WoT API 17:18:38 ... Scripting API used inside the servient 17:19:00 ... simplifies app development for the IoT using patterns from the Web 17:19:17 mk: Scripting API is an optional feature for Servient 17:19:28 s/Scripting/note that Scripting/ 17:19:41 s/mk:/mm:/ 17:19:58 s/mm: one/mk: one/ 17:20:21 mk: WoT API for interoperability 17:20:26 ... (REST API) 17:20:37 ... given by TD and its interaction model 17:22:39 taki has joined #wot 17:23:18 ... client-server, stateless, cache (tricky for legacy protocols; patch through TD?), uniform interface, layered system, code-on-demand 17:23:39 ... similar elements: data, components, connectors 17:24:17 ... (EVRYTHNG Web Thing Model) 17:24:27 ... 4. Web Things Integration Patterns 17:24:35 ... 5. Web Things Requirements 17:24:40 ... 6. Web Things Model 17:24:50 ... how does it compare to the current practices? 17:25:00 ... (4. Web Things Integration Patterns) 17:25:16 ... direct connectivity: WoT API on Things 17:25:28 ... gateway-based connectivity: WoT API on gateway 17:25:45 ... (4. Web Things Integration Patterns - contd) 17:26:05 ... cloud - gateway - direct 17:27:55 (discussion on physical devices and its shadow on cloud) 17:28:03 taki1 has joined #wot 17:28:30 mk: (5.1 Web Things Requirements) 17:28:36 ... R0.1: MUST use HTTP 17:28:57 ... $0.2: MUST have Entry point URI ("root resource") 17:29:07 s/$/R/ 17:29:20 ... R0.3: MUST support GET, POST, PUT, DELETE 17:29:32 ... R0.4: MUST utilize HTTP status codes 17:29:40 ... R0.5: MUST support JSON 17:29:51 ... R0.6 --R0.1 (MUST support GET on it) 17:31:37 ... note the "MUST"s above came from the Member Submission 17:34:00 -> https://www.w3.org/Submission/2015/SUBM-wot-model-20150824/ Web Thing Model Member Submission 17:34:49 (discussion on requirements for REST) 17:35:04 sano has joined #wot 17:37:01 mk: (5.2 Web Things Requirements) 17:37:13 ... R1.1: SHOULD use secure protocol ("HTTPS") 17:37:20 ... R1.2: SHOULD use WebSockets 17:37:34 ... R1.3: SHOULD support [6.] Web Thing Model 17:37:36 ... 17:37:48 ... (5.3 Web Things Requirements) 17:37:59 ... (6. Web Things Model) 17:38:12 ... 6.0: Standardized relative URI paths 17:38:18 ... 6.1: Common Constructs 17:38:47 ... 6.2: Link to related resources 17:38:56 ... 6.3: Values 17:39:17 ... 6.4: Typed resources (allowed verbs and responses) 17:39:36 ... 6.5: Semantic Extensions 17:40:01 ... (EVRYTHNG Web Thing Model) 17:40:21 ... (WoT Current Practices) 17:40:35 ... mostly in line with the Web Thing Model 17:40:57 ... evolved to: machine-understandable descriptions, multi-protocol REST support 17:41:04 ... hypermedia controls 17:43:52 (JSON-LD equivalent format for small devices, e.g., CBOR or EXI) 17:44:16 sebastian has joined #wot 17:45:14 mk: in Montreal there was discussion on level of types 17:45:44 henry: looking at how put was described 17:46:25 ... within: https://www.w3.org/Submission/2015/SUBM-wot-model-20150824/ 17:46:58 mk: our uniform interface is a bit higher 17:47:51 ... (Hypermedia-driven WoT) 17:47:59 ... TD already as hypermedia controls 17:48:12 ... links: readable property, see linking breakout 17:48:32 ... forms: inputData for actions 17:48:41 ... (Start Work on Hypermedia) 17:49:06 ... Actions: response to invoke might need to describe interactions on the created running Action, e.g., monitor, update, cancel 17:49:26 ... Events: some events such as alarms might need interaction, e.g., confirm, mark resolved 17:49:54 ... Errors: error responses should provide interactions to solve the problem, e.g., 401 unauthorized->link to auth server 17:50:12 ... (Hypermedia Client) 17:50:58 -> https://github.com/t2trg/2016-03-san-jose/blob/master/slides/11-Kovatsch-2016-03-Interaction-Model.pdf pdf on github 17:51:06 mk: project of mine 17:51:25 ... high-level browse path description to interaction resource based on link relation types 17:51:36 ... programming abstraction based on Futures/Promises 17:51:53 ... entry point 17:51:58 ... link relation type 17:52:02 ... returns Future 17:52:09 ... lazy evaluation of Future, not GET 17:56:48 (discussion) 17:56:58 mk: (Generic Process Relation Types) 17:57:39 ... detailed state machine and high-level state machine 17:58:17 ... (Handle Change) 17:58:32 ... control alternative things 17:58:35 ... add new things 17:58:41 ... still control old things 17:58:47 ... also control future things 17:59:00 ... (Idea) 17:59:10 ... diagram of ideas 17:59:16 ... programming abstractions? 18:01:01 jh: comment on hypermedia client 18:02:08 mk: we can extend the model based on this hypermedia model 18:02:52 henry: think it's something actually working for WoT 18:03:14 ... building a hyper media client 18:03:29 mk: think about use cases like this 18:03:37 ... would like to create a TF 18:03:47 ... also work for error model 18:04:10 ... report errors and recover from them 18:04:25 ... overlaps between those two topics 18:04:38 dsr: overlap with semantic work as well 18:06:12 mk: next Sebastian? 18:06:33 sk: need some more time; maybe some time tomorrow? 18:06:43 s/sk: need some more time; maybe some time tomorrow?// 18:06:49 A thing description can be considered as an RDF graph with links to other such graphs. So for an RDF API you have a means to follow such links to access the linked graphs 18:07:16 topic: [Sebastian] TD model (discussion of the TD model independent of serialization format) 18:08:33 sk: would like to go a bit backward 18:08:44 ryuichi_ has joined #wot 18:09:02 ... to make clearer understanding 18:09:26 ... (WoT TD Basic Assumption) 18:09:45 ... Servient1 using JS and Servient2 using C/C++ 18:10:12 ... S1 provides information and S2 consumes it 18:10:25 ... S2 understands what S1 provides 18:10:41 ... what is the core information of the TD? 18:11:04 ... TD should be independent of any platforms and programming languages 18:11:12 ... reflect the core data model 18:11:20 ... (JSON-LD vs TD Model) 18:11:29 ... promising candidate for TD serialization 18:11:33 yamada has joined #wot 18:12:04 ... quite human readable, good experience in plugfests 18:12:22 ... (Inputs for the TD Information Model) 18:12:56 ... (Tool?) 18:13:21 ... what kind of graphic tools? 18:14:12 dsr: have some idea 18:14:48 present+ Daniel 18:15:00 sano has joined #wot 18:16:02 sk: (TD (core) Model) 18:16:24 ... Thing has name 18:19:49 sano_ has joined #wot 18:20:51 (discussion on "name") 18:24:10 sk: (starts to draw a diagram on the whiteboard) 18:24:29 Sebastian's diagram 18:30:26 mk: would suggest we clarify the basic pieces needed for implementations 18:30:39 taki has joined #wot 18:30:40 ... and then we can agree on the vocabulary 18:30:53 s/vocabulary/terms/ 18:31:20 ... recommending bottom-up approach 18:31:42 mm: building a model based on use cases 18:32:45 mk: we can optimize the model but don't have to use the whole RDF mechanism 18:39:46 mk: would like to summarize the discussion 18:40:01 ... we go based on implementations using bottom-up approach 18:40:26 ... the most important point is how many boxes are needed here (=within the TD Model) 18:41:20 mm: we should write down requirements 18:41:54 dsr: we should look at existing specs generated by other SDOs, e.g., OCF 18:42:20 mk: we can see their implementations via liaison 18:43:04 mm: grounded with the PlugFest results is important 18:43:55 ... prototyping using RDF 18:44:37 mk: we have the Current Practices as the starting point 18:46:19 ... (draws a diagram of discussion cycle on the whiteboard) 18:46:31 Matthias' diagram 18:47:36 mk: RDF prototyype => Serialization => Implementation => ER Model => RDF again 18:48:05 mm: like that 18:48:29 dsr: in addition, other SDOs' IoT platforms as well 18:50:12 greg: mentions importance of test suites 18:51:03 mk: (adds "Existing platform") 18:52:23 mm: wonders how to handle, e.g., OCF test suite 18:55:36 kaz: would it make sense to invite OCF guys and/or oneM2M guys to PlugFest? 18:55:45 sk: already trying, though... 18:56:17 mk: why don't we have a morning break now and calm down :) 18:56:22 [ morning break ] 18:56:27 rrsagent, make log public 18:56:31 rrsagent, draft minutes 18:56:31 I have made the request to generate http://www.w3.org/2017/02/07-wot-minutes.html kaz 19:07:10 Victor has joined #wot 19:10:27 yamada has joined #wot 19:24:56 scribenick: dsr 19:25:49 ktoumura has joined #wot 19:26:19 Topic: Type system 19:27:14 Matthias introduces the session and talks about JSON Schema 19:28:28 A discussion around the type system and which one should we choose. 19:28:45 Can we use an existing one or do we need to define our own? 19:29:11 Greg: in any case you should ground this in RDF. 19:30:59 zkis has joined #wot 19:31:07 https://github.com/w3c/wot/tree/master/proposals/type-system 19:31:27 Matthias displays a table that has different kinds of types and columns for different type systems, e.g. JSON schema, Schema.org, and so forth 19:31:33 s|https:|-> https:| 19:32:01 s/that has/that has rows for/ 19:32:04 s|type-system|type-system Type System discussion on GitHub| 19:32:09 rrsagent, draft minutes 19:32:09 I have made the request to generate http://www.w3.org/2017/02/07-wot-minutes.html kaz 19:33:14 JSON schema can be mixed into other frameworks, e.g. RAML 19:33:52 Specs for JSON Schema have been geared around having a media type 19:35:05 Matthias: the aim is to have a machine interpretable format, so that a servient can understand the data model types. 19:35:21 -> http://w3c.github.io/wot/current-practices/wot-practices.html#type-system 3.2.4 Type System from the Best Practices document 19:35:58 Interactions can be considered as web forms that guide how to interact with a remote server 19:36:38 Hyperschema covers both client requests and server responses. 19:38:17 Some discussion around REST APIs in relation to what is needed in the request and response. 19:38:18 yamada has joined #wot 19:39:14 Matthias: the thing description enables a client to know how to interpret the server's response. 19:40:24 In the WoT IG current practices, we have used JSON Schema to describe the structure of the data in the requests/responses. 19:41:19 Greg: one of the reasons for using URIs for naming is to allow you to dereference them to get further information. 19:43:15 Time for thinking about how to evolve JSON schema to better support the increased level of interest in Linked Data and JSON-LD 19:44:31 Matthias: the recent discussion around iot.schema.org sounds promising. 19:45:57 Its great to have people from the different groups here today, and it would be great to continue this remotely (some discussion about number and timeslots for telecons) 19:48:04 Matthias: we need to be careful to avoid tying the data models to the serialization formats 19:48:53 Sebastian shows a slide where JSON Schema is used to link to an external model (modelReference) 19:51:26 Some issues around use of "properties" and potential role of scoped contexts in JSON-LD as a work around 19:51:42 -> http://big-iot.eu/ BIG IoT EU Project 19:52:16 Sebastian shows an example from the EU project BigIoT which he is a part of 19:54:10 MichaelK: I've seen "describedBy" rather than "modelReference". 19:55:43 Greg talks about having a document being both JSON-LD and JSON-Schema 19:56:54 Both specs need a namespace for their core concepts. In JSON-LD is is common to alias terms beginning with $, except for @context where must use the term as is. 19:57:49 The $id in JSON schema does provoke a lot of discussion as it can be a little confusing 19:58:27 There is a means to set the base URI when combining several schema into one document. 19:59:19 present+ Darko, Victor 19:59:49 MichaelMc: We can used JSON-LD's scoped context to only apply some aliases within the scope of a valueType object. 20:01:31 yamada has joined #wot 20:01:50 thanks 20:01:56 s/thanks// 20:02:29 Greg and Henry agree to further discussions on avoiding conflicting identifiers in JSON-LD and JSON Schema. 20:03:26 JSON Schema exists to describe the structure of a document, whereas JSON-LD exists to express Linked Data in JSON. 20:03:50 They therefore serve different purposes and are complementary. 20:05:59 Greg: it would be interesting to use JSON-LD to embed annotations into a JSON Schema descriptio of a JSON document. 20:06:41 s/descriptio/description/ 20:07:54 Matthias: for thing descriptions we have requirements where both JSON-LD and JSON Schema are relevant. 20:08:52 Matthias: we will have the security break out at 13:30 PST 20:08:54 rrsagent, make minutes 20:08:54 I have made the request to generate http://www.w3.org/2017/02/07-wot-minutes.html dsr 20:55:15 yamada has joined #wot 20:57:57 ahaller2 has joined #wot 21:19:41 [ lunch ] 21:22:43 ktoumura has joined #wot 21:26:03 sano has joined #wot 21:31:01 Topic: Security for the Web of things 21:31:28 Zoltan introduces the session, starting with a review of security in OCF. 21:31:56 A platform can host multiple devices, and a device can host multiple resources. 21:32:48 Security is needed for connectivity, discovery, access control and device management. 21:33:21 Each device as a globally unique UUID that is validated by OCF 21:33:49 Access control is granted on the level of the device resources 21:33:59 yamada has joined #wot 21:34:09 tokuyama has joined #wot 21:34:16 The access control information is held in secure storage. 21:34:43 All requests are passed through the OIC resource manager. 21:35:34 Security bootstrapping is complex: on-boarding, provisioning and configuration are defined by OCF. 21:35:52 naka has joined #wot 21:36:03 Configuring resources and provisioning cloud services are application specific. 21:37:12 OCF hasn't discussed how to provision cloud based services. 21:38:56 OCF devices may act as clients and/or servers. 21:40:51 Access control lists are held in the server or in an external resource. 21:41:58 OCF on-boarding involves a transfer of ownership, which entails anonymous key exchange using the Diffie-Hellman algorithm. 21:43:10 Alternatively, you can use a clean room transfer (to avoid man in the middle attacks) 21:43:40 Or you could use a second channel, e.g. NFC or Bluetooth 21:45:17 Provisioning deals with certificate exchange. 21:47:04 This is followed by a configuration step. 21:47:52 yamada has joined #wot 21:48:08 Message integrity is based upon DTLS over CoAP, along with JSON Web Encryption + Web Signatures. 21:50:00 What are the prerequisites for the Web of things in respect to security? 21:51:23 Is on-boarding and provisioning in scope for the web of things, or are these something specific to the given IoT platform? 21:55:07 Zoltan: I've described OCF's approach to security as relevant background knowledge, but we need to discuss the requirements more broadly for the web of things 21:56:16 Do we go by the web browser security model along with an origin URI? 21:56:30 I don't think so, as it doesn't scale well. 21:57:03 Black listing is poor practice. White listing is better. 21:59:05 Zoltan: Ownership transfer is best done with manufacturer's certificates. 21:59:26 Matthias: we need authorization in addition to authentication 22:02:02 yamada has joined #wot 22:02:10 Dave: last year we were discussing organising a joint white paper on security with individual contributions from people from a broad range of organisations. 22:02:44 Zoltan: perhaps we just need to establish a secure tunnel and defer security to the platform. 22:03:23 Zoltan: I have no opinion in respect to the joint white paper 22:04:14 MichaelMc: One suggestion is to involve the IETF to help drive a dialogue on security. 22:05:32 Matthias: We could write an Internet Draft on a particular scenario and use that for discussions within the IETF, and to focus on how to use the mechanisms that the IETF groups have developed. 22:06:12 Michael: the WoT WG charter makes a number of requirements on the work we are expected to do, including strong security review. 22:06:53 Matthias: different platforms use different security building blocks. 22:07:41 If a device hasn't been onboarded then we wouldn't have a means to talk to it. 22:09:49 Discovery is dependent on the kind of network things are hosted on. 22:10:39 Johannes: the IG discovery task force came up with a handful of categories of techniques for discovery. 22:13:00 In principle, thing descriptions could include certificates signed by device manufacturers. 22:13:43 The biggest problem is that we now need to attract security experts for the task force. 22:14:27 ... end of session ... 22:14:36 rrsagent, make minutes 22:14:36 I have made the request to generate http://www.w3.org/2017/02/07-wot-minutes.html dsr 22:35:38 topic: PlugFest 22:36:54 ahaller2 has joined #wot 22:52:43 naka has joined #wot 23:11:06 kaz has joined #wot