<McCool> https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf#Agenda_08.08.2018
<kaz> scribenick: kawaguch
<kaz> scribe: Toru
McCool: Agenda
... quick update
... Review from Bundang Plugfest
... Next Plugfest
McCool: Update from Fujitsu?
<kaz> plugfest reports
Matthias: Siemens result
<kaz> Siemens results
Matthias: had machine capability
issue on directory
... Property handling should be splited into three cases
... read/write/observe
... Node WoT hasn't implemented observe property yet
... after two weeks at IETF hackathon some additional products
were tested
McCool: Added Online and Lyon to GitHub repo
https://github.com/w3c/wot/tree/master/plugfest
Matthias: Will provide initial preparation template
McCool: Online plugfest at late
September
... Work 4 weeks to identify what to test
... One thing is security schemes
... New protocol binding features
... including actions and event descriptions
... event splitting into input and output data
... Logistics
... Next week is vacation in Japan
... Want to create VPN and Virtual NAT
... to simulate what we do locally
... Will provide OAuth server
... Other thing?
Matthias: WebEx coordinate
... Or alternative video stream such as Hangout
McCool: For safety will have both
Matthias: Hangout has good
quality
... but maybe has some restriction on number of
participants
McCool: What will Panasonic provide?
Kawaguchi: Online simulator as already provided
McCool: add documentation under
online plugfest
... Thing directory services and proxy services on cloud will
be provided
... For cloud version of thing directory I will use
authentication
... under documentation there will also be preparation
template
... and result template
... Another section is validation and testing
... We will have TD validation tool and network testing
tool
... Also security validation
Kaz: Under Goals section there should be also scenario
McCool: add Scripting API to Validation
Matthias: Also semantic validation in TD
McCool: Let's continue discussion. Please make PR
<McCool> https://github.com/w3c/wot/blob/master/testing/plan.md
McCool: Please read and
comment
... TD testing template is under preparation
... Scripting and Binding are currently broken
... 5 steps for TD validation
... 1. JSON file
... 2. JSON Schema
... 3. Semantic checking
... 4. Validation against OWL
... 5. Special case test
... One addition to network interface testing is Fuzz
testing
... Generates random garbage input
... such as thousand-nested JSON file
... partly robustness, partly security testing
<kaz> Scapy
McCool: Tools can be found, but
Ege's tools may be also extended
... Security testing
... added new description about positive and negative
testing
... negative testing is to check vulnerability
... also added descriptions per protocols
... such as HTTP, CoAP, MQTT
... For CoAP small set of schemes will be tested
... For MQTT there is no standard
... session resumptions
... not all brokers support all versions
... need to identify typical use
... some parameters might be indicated by protocol
binding
... Any input to DTLS or MQTT testing?
<inserted> Kaz: we should ask people to try those security approaches (DTLS, MQTTS, CoAPS, etc.)
McCool: At next plugfest
everybody should implement security
... Will try to make MQTTs broker running
<McCool> https://tools.ietf.org/html/rfc7252#section-9.1
McCool: Section about security in
CoAP
... DTLS is recommended
... There's a pre-shared key
... Also raw public key
... Also keys and cert mode
... One issue is cipher suite
... Need to check newest version
<Zakim> kaz, you wanted to ask about result-intel.md (sorry just noticed)
Kaz: result-intel.md?
McCool: will update eventually
<kaz> [adjourned]