WoT-IG/WG vF2F Meeting - Day 5 -- 22 Oct 2020

Scribes

<kaz> 1. Sebastian

<kaz> 2. Daniel

<kaz> 3. Kaz

Agenda

<inserted> scribenick: sebastian

MM shows agenda for today

Logistics

<inserted> Oct-22 Agenda

MM: about cancellations of TF meetings next week

Daniel: not sure about Scriting call on Monday. I will ask Zoltan.

MM: all cancelled calls are listed at the main wiki page

https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf#Cancellations

there is no Scripting call!

no architecture

no TD

Breakouts

<McCool> https://www.w3.org/2020/10/TPAC/breakout-schedule.html

MM: lets talk about the break session next week
... overview is given here

https://www.w3.org/2020/10/TPAC/breakout-schedule.html

MM gives an overview which are interesting like GeoSpatial, Connected Vehicle Interface, etc.

MM: we need to request the slot for Tuesday, 22:00 UTC (=15:00 PDT, 18:00 EDT, 19:00 ADT, 23:00 CET, 07:00+1d JST)
... please let me know if you like to join
... as well if you have a presentation
... we use same slot as discovery TF call. We can use the same logistics

WoT Scripting

<inserted> Slides

<inserted> Scripting API draft

Zoltan: we have updated ReSpec
... we discontinued writeAllProperties()
... solved the issue with DataSchema with TD TF
... support for formIndex
... introduction of InteractionData
... improve some algorithms
... about DataSchema vs Form: script can select a Form by providing the formIndexing.
... however, if this fails, the communication fails

<Zakim> kaz, you wanted to mention actually EU summer time ends this weekend and the time will be *one hour earlier* in Europe

<kaz> @@to be moved

kaz: Note: Next week there will be a time shift.

Zoltan: <shows current API>
... we have arrayBuffer, check data schema algorithm
... there is an explanation about InteractionInput and InteractionOutput
... we have also error handling
... we have improved the event handling
... <shows example about ExposedThing, Example 6 in API Spec>
... <shows the feature of expose() method>
... like to show about the status of the Discovery API

MM: We have a constrain here regarding privacy

Zoltan: this is a face two API

<kaz> present David_Ezel

Zoltan: Promise can be fetchable and streamable
... as next we like to talk about script management, provisioning, and runtime
... we are going to creat a Note and continue the work

cris: I have a comment about the docker container. I did this for RasPi and works good

MM: what happen when we pass semantic filtering, however, semanitc search is optional?

<kaz> 9. The ThingDiscovery interface

Cris: Maybe we need a script manifest

MM: We need also privacy consideration

Zoltan: we should consider that we are in IoT environment which needs provision for some actions
... have not discussed yet, if wot can run in a shared worker

Seb: wondering if we should discover Thing Models

MM: question about if there is a link that says that the Thing have implemented a TM
... second question is if I have to check what is implemented of the model
... we need to save TM also in thing directory

Zoltan: I can also search for a model and result fill out the placeholder

<inserted> kaz: technically, TD and TM are different features and there should be some different requirements on how to handle them, so we should clarify what is needed for which with concrete sequence description based on some concrete use case.

MM: we should explain use cases about this

Daniel: how about the semantic API. Is this done on the top of the current API?

MM: Can we do a sparql seach yet?

<Zakim> kaz, you wanted to ask about the resolution for Scripting API Note publication

MK: I did some experience on this few years ago. Mainly you need JSON pointer for this.

<kaz> @@kaz here

<cris> just want to say that I think 90% of the time devs will use TM models at dev time not at a runtime. I agree that first we need to clarify better runtime use cases.

Kaz: shall we do resoultion today?

zkis: yes

<kaz> @@cris point to be moved later

<McCool> proposal: publish the current editor's draft of the WoT Scripting API as an updated note

RESOLUTION: publish the current editor's draft of the WoT Scripting API as an updated note

<Mizushima> +1

Zoltan: thanks to Cris
... note I'll have less time in the future..

:-(

<cris> thank you everybody for the opportunity :)

<kaz> [10min break]

<dape> scribeNick: dape

Security - Overview

<inserted> Slides

MMC: Session going over "smallish" things
... merged & deferred PRs
... 1. Combo scheme
... marked as "at risk" feature
... use-case: "OR" combinations
... avoids repeated notations by using AND and OR
... nesting of AND and OR is also possible
... 2 level nesting sufficient?
... AND -> allOf combinations
... OR -> oneOf combination
... Simplifying inlice security definitions were deferred
... PR exists that allows string or inline security definition
... breaks validation -> Deffered to 2.0 version
... Signing TDs and LD-PROOFS
... needs canonical form of TD
... no formal definition exists yet
... JSON-LD is working on it
... in the phase of checking the proofs
... DID also waits for this feature
... plain JWS signing works in most cases but fails for directory service
... hence we will wait for it

Kaz: Q: How to handle order/preference of combo scheme?

MMC: no preference for allOf
... oneOf has choice
... first form order preference?
... consumer can pick though

<inserted> kaz: if there is some expectation/assumption, we should describe that within the spec

Cris: In scripting we added formIndex... we might add securityIndex also

MMC: agree
... preference for "highest" security might be another solution

<Ege> I will be muting the incoming audio since I need to listen to another meeting. Please ping me here if I am needed :)

Security - OAUTH2

<Zakim> kaz, you wanted to ask about the order/preference for combo setting

<kaz> Slides

CA: OAuth 2.0
... authorization protocol
... based on HTTPS
... 4 different entries: client, auth server, resource server, resource owner
... (a) auth request -> (b) auth request -> ...
... OAuth 2.0 scopes: limits application access to user account
... scopes are simple string identifiers
... e.g., consent screen
... is OAuth2 nice fit for WoT?
... I think so
... 4 flows: code, implicit. resource owner, client credentials, and extension flows
... "implicit" and "resource owner" flow are no longer recommended
... 3 flows left
... Code flow
... resource owner -> client -> user agent -> auth serveer -> user agent -> owner approves -> client
... client -> auth server -> access resource
... Example: dashboard application accessing washing machine
... Another Example: dashboard application accessing TD directory

MMC: another use case is smart city

CA: Device flow
... basically code flow with limited input devices
... if device is not able to prompt

<Ege> wrong alarm, I will be here all the time :)

CA: client -> auth server -> request code & url -> code displayed to owner (open how this is done) ->
... cient polls for access token -> owner adds code to user agent
... "clicked" OK --> client get access token
... with token it can access resource
... Example: Smart radio and WoT speakers
... Client flow
... no resource owner or user agent (outside)
... client > id -> auth server -> access token
... Scenario: Application talking to washing machine
... Scenario: City opening sensor access to people
... Open points
... * provide examples how to use deprecated flows
... * multiple Oauth 2.0 flows in security definitions: issue#929
... * address implementations variability (MS service access token in header/url), issue#923
... * node-wot implementation supports 2 flows only. Code and device flow is missing. see issue#325

MMC: we need 2 implementations. Directory might be 2nd implementation

CA/MCC: humans in the loop are difficult to handle

scribe: * WoT scripts handle OAuth 2.0 code gracefully, scripting issue#214

<kaz> ack

Kaz: concrete settings would be nice when talking about code flow device flow

CA: thing directory work might be useful here

MMC: OAuth use case is written up also

Kaz: Concrete settings might lower the barriers for other people

CA: PDF is uploaded

Kaz: slides url is added to minutes also

<kaz> [8min break till 5min past the hour]

<kaz> scribenick: kaz

PlugFest report out

mm: no presentation slides for this
... would like to gather materials from people

outcome issues

mm: would ask people for resources and have discussion during the usual Discovery slot on Monday, Oct 26
... anyway let's go through the outcome issues
... various things marked with "Plugfest Outcome" label
... would collect materials like presentations and video for each outcome issue

Issue 92

mm: got Cristiano's materials
... and would get NHK's one as well
... 3-5 mins for each
... Cristiano's one is related to "Farm/TUM mashup: display sprinkler status"
... would have three more listed there
... e.g., collaboration between coffee machine and TV

Issue 64

mm: Issue on discovery
... Toumura-san, any resources?

Toumura-san's slides

tou: how to integrate Things and Node-RED

mm: cool
... can download the PPTX version as well
... it's nice this can integrate Node-RED with catalogue service
... (shows the animation embedded in the PPTX on Node-RED programming)
... this is related to the use cases for retails proposed by David Ezell
... great result
... then next issue

<cris> really cool indeed

Issue 76

mm: visualization in maps
... the prototype doesn't work now

Geolocation of WoT Things proto

kaz: why don't we ask Daniel for help?

dape: some security issue there
... but can provide some screenshot

mm: ok
... (shows Intel's location example)

Intel-OCF-button1touch.jsonld

mm: device is installed at some geolocation
... a couple of scenario to handle it

Intel-OCF-button2touch.jsonld

mm: (shows the 2nd example)
... position by longitude, latitude, accuracy and accuracyUnit
... also timestamp
... yet another system

intel-camera.jsonld

mm: (shows another example of camera)
... and then NHK

NHK's example

mm: interesting mash-up including TV
... this is an accessibility use case

kaz: NHK is not here, so I'll ask them about their video and also ask them to join the Monday call for prep

mm: yeah, let's follow them up by email
... we can discuss the detail on Monday
... all, please provide links for your materials for Issue 92

Issue 92

Marketing

Draft WoT Welcome page

dp: want to show you the recent updates
... easily identify the three groups: WG, IG, CG
... some more links to be added
... got comments from Lagally

(and Kaz :)

dp: recent proposal to add TF information
... but maybe would be better to add a section/page on "WoT activities" including all the TFs
... developer tools page lists information related to implementations
... would not stop the improvement though there are several remaining issues
... existing issues from Ege, Kaz, etc.

mm: agree we should not block the improvement
... would be nicer to make the TFs more visible
... TFs belong to WG or IG
... so would be nicer to make the activities more visible

kaz: agree
... probably having 2 directions, top-down and bottom-up, would make sense
... meaning (1) the current page which describes 3 groups which have various TFs and (2) activity page which describes all the TFs which belong to 3 groups

ml: this page is for alignment of the activity
... for people to see what W3C WoT is doing
... showing top level work and also actual activity would be important

dp: will generate a PR for improvement

ml: btw, how to handle the PlugFest work?

mm: PlugFest should be put under the activity

kaz: and describing which activity is handled by which TF would be useful

ml: what is described in the WG page, for example?

dp: currently quite simple
... but we can add contents

mm: note that there are several joint TFs

cris: agree we need to focus on the activities more
... just wondering about the WoT log

dp: we can generate a new one if needed

<McCool> proposal: accepted inverted colors as an official version of the WoT logo

<McCool> proposal: accept inverted colors as an official version of the WoT logo (e.g. for a menu bar)

<McCool> proposal: accept inverted colors as an official version of the WoT logo (e.g. for a menu or title bar)

slides Including a WoT logo

kaz: I'm ok with any improvement with the WoT log, but we need to add the W3C logo on the left side of this WoT logo

<inserted> kaz: that point is included in my issue 84 https://github.com/w3c/wot-marketing/issues/84

<McCool> I was suggesting in the upper right corner, on the white, but below the title bar; note there is no inverted form of the W3C logo, either...

sk: possibly an animation version of the logo?

<cris> http://arces143100.arces.unibo.it/

<cris> https://twitter.com/relucri/status/1319278759627739136/photo/1

kaz: I'm personally ok with any versions, but we should check with the Accessibility guys and the MarComm Team if we want to use another version of the WoT logo

mm: next, I'd like to show you the draft animation video
... (shows the animation video)
... some voice over available

Breakout planning

mm: will have prep discussion during the Discovery slot on Monday, Oct 26
... will send an invite

Architecture call?

ml: cancelled today

Spec checks

sk: yesterday, I asked all the Editors to check the ReSpec issues, etc.
... please double check your documents
... the deadline is tomorrow, Oct 23

mm: anything else?

<Ege> https://stackoverflow.com/questions/64173335/do-w3c-thing-description-forms-require-an-op-key

<Ege> was going to say the same :D

cris: some time ago, got a comment from Philipp Blum @@

<McCool> https://github.com/w3c/wot-marketing/pull/87

mm: maybe we can add a link to the plugfest/breakout outcome? any volunteer?

<McCool> WoT Breakout session

kaz: to make sure, McCool, you'll send a request for the 2nd WoT breakout session to Dom. right?

mm: yes, I will

[WoT vF2F adjourned]

- DRAFT -

WoT-IG/WG vF2F Meeting - Day 5

22 Oct 2020

Attendees

Contents