15 Jul 2020



Kaz_Ashimura, Michael_McCool, Taki_Kamiya, Michael_Koster, Tomoaki_Mizushima, Daniel_Peintner


<kaz> scribenick: mjk__

Review minutes from virtual F2F TD session

Taki: any objections to the minutes?

<kaz> vF2F minutes

McCool: already decided to publish them in the main call

Taki: last week minutes, any comments or objections?

<kaz> July-10

Taki: minutes from July 10th approved

Technical issues

<kaz> Issue 926

Issue #926 - oauth client and device flows

<McCool_> https://github.com/w3c/wot-usecases/blob/master/USE-CASES/oauth.md

McCool: reviewed the various flows, some deprecated terms
... discussion of specific flow types: code, client, implicit, password
... there is a device flow to be added in addition to code and device
... not planning to use implicit or password flows

<kaz> PR 927

<kaz> proposed section " OAuth2SecurityScheme"

McCool: also edited the table in the TD editors draft section
... added normative assertions to the specification
... users can define additional flows by adding .ttl files, using password and implicit as examples

<kaz> files changed

McCool: changed the ontology as well
... updated the official nomenclature for "OAuth 2.0"
... should these changes be a maintenance release or queued up for 2.0
... should not break any existing TD
... no change to the JSON schema file, should be 1.1 compatible
... we can hold for now and discuss more in the security tf

Issue 901

<kaz> Issue 901

McCool: need to read this issue and think about it more

Issue 922 - how to describe api key in a query

<inserted> Issue 922

McCool: seems to be a testing problem, to elaborate and test for all the possible cases
... will assign issue to mm
... write 4 different test scripts

Daniel: will look at node-wot to see what is implemented

<dape> https://github.com/eclipse/thingweb.node-wot/tree/master/packages/binding-http#feature-matrix

<dape> ... apikey for consumer only

McCool: discussion of header vs. query options
... whether to change the default to header, would be a breaking change

Issue 923 - phillips hue security scheme with URI-key

<inserted> Issue 923

McCool: will need to use a URI template and define a new scheme for apikey
... where do we indicate the name of the template variable, could use a fixed naming scheme
... will follow up on the issue

Issue 899 - dynamically created resources

<inserted> Issue 899

McCool: dynamic TDs are troublesome for directories because of the cache syncing issues
... personally like the action description

Daniel: dynamic TDs may not be the right pattern for actions, but dynamic TD may have other use cases for changing resources
... it would be a lower frequency and not as problematic

McCool: there are update cases but only for low rate of updates, not per millisecond

Daniel: agree

McCool: td signing will make it not a lightweight process
... still favors an action description
... need to use the action description as a template

Koster: still need to do the design and make some examples
... opc-ua has a long-running call called a program
... distinguished from a short running call, which is called a method

Daniel: there is an opc-ua binding in node-wot contributed by Cristiano and (Luca Sciullo)

Taki: other topics for today?

Kaz: do we want to wait for 30 minutes for Ege?

McCool: if there are no specific topics, we could adjourn

Taki: will send Ege an email
... adjourned

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/07/16 14:06:33 $