W3C

WoT Discovery

22 February 2021

Attendees

Present
Andrea_Cimmino, Christian_Glomb, Cristiano_Aguzzi, David_Ezell, Farshid_Tavakolizadeh, Jack_Dickinson, Kaz_Ashimura, Kunihiko_Toumura, Michael_McCool, Philipp_Blum, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
cris_, glomb

Meeting minutes

minutes

<kaz> Feb-15

McCool: We discussed the F2F, today we'll review it again
… pr 115 is ready.
… we need to discuss how to filter self-discovered TD. In other words how we can select pieces or the self-exposed TD
… We also discussed about error responses. I reported back to TD taskforce and we concluded that the additionalResponses needs a mechanisms to state a dataschema
… I've found a possible typo in the name, michael. Plus I am not sure if it refers to Koster or to my self

Kaz: it should be him

McCool: to the scribers please use the surname

Kaz: Well, just checked. Last time Koster was not in the call

Philipp: I recall that he joined later

Kaz: not sure..

McCool: let's assume it was me

McCool: I'm finding more typos in names.

Kaz: fixed

McCool: any other major problems?
… ok, any objection for publishing these?
… ok approved.

McCool: any updates?

logistics

McCool: we have a lot of work to do for the F2F, so it might be worth to have the call even during the PlugFest
… if we end close the discussion today for pagination we could skip it
… however I don't think the PR is properly ready. We'll need an hour during the PlugFest. Any objection?
… ok then we'll have 1h meeting during the plug fest

F2F topics

McCool: currently we have a 3 hours section
… we should assign people to different topics
… I can go with the open issues
… any volunteers for other parts

Farshid: I can handle directory

Andrea: I can do SPARQL section, but I have to know when I am scheduled
… what time?

McCool: we don't have a date

Andrea: after 6 pm I can't join

<kaz> time table for the March vF2F

McCool: what about 30 minutes for Query and Filters

Andrea: ok

McCool: examples would be nice to have in query and filters section
… introduction can be 20 min

McCool: Toumura-san could you volunteer for the introduction

Toumura: there's no much to say in respect to what was already presented last time

McCool: you could also do some general discovery introduction

Toumura: ok

McCool: about self-description Farshid please can you do this?

Farshid: ok

McCool: which day is better ? any preference?
… Monday, March 15 is taken
… I'd prefer not to do it on the last day
… What about the 22?

Andrea: I'd be better the 18th

McCool: ok noted

McCool: ah the 18th has only two hours spare slots
… let's go for the 17th
… any other logistic issues?
… ok so by March 8 we should be ready for the presentation

<kaz> 17 March 2021 will be the Discovery day

PR 121

McCool: we have a small editorial pr

<McCool> PR 121 - Type correction in Section 5.4, and some editorial fixes

Toumura: is related to issue 120
… the issue raised some concerns about the usage of the links in introduction mechanism

<kaz> Issue 120 - RD usage (endpoint vs. resource)|a

McCool: (reading the issue)
… we don't want to submit all our resources in a TDD
… or on the network. We should first check if it safe
… so the only change is a minor name refactor

McCool: also I think it's dangerous to publish metadata in mDNS
… attackers could infer some personal information for these metedata
… any other comments on the issue?

McCool: noticed a minor grammar issue

<citrullin> https://tools.ietf.org/html/draft-ietf-core-resource-directory-26

discussion about the correct link to JSONPath specification and CoRE

McCool: I am ok merging this PR.

Toumura: I also added an assertion

McCool: we have _wot-servient

Toumura: it's just an implementation example

McCool: ok
… there's still some minor issues. we can merge it and do a later fix

McCool: any objections?
… I'll fix the issue right after merging it
… ok fixed any objections for merging it?

McCool: ok done

McCool: (closing also issue 120)

<kaz> PR 121

<kaz> Issue 120

PR 113

McCool: I'm going to skip 114 is still a wip

McCool: let's go to 113

<kaz> PR 113 - Security and Privacy Considerations

McCool: we discussed a lot about the security. This pr tries to capture the topics even if some of those were moved to other documents since they were more open ended
… they issue with privacy arise only when there's personal information embedded or inferred in TDs/TDDs

<kaz> Preview - 7. Security and Privacy Considerations

McCool explains the PR based on the preview

Question: Who own things, who consumes things, who operates directory.

Or: who makes things available for other?

Denial of service relevant only in certain scenarios

Location tracking: trap locations even if there is no specific location information since directory is responsible for only a certain area

Even "more interesting" if geo-location info is present

TD timing out might mean that "I'm not at home"

More at section 7.2

TD update time ...

Explicit location info ...

Nicely written "side-band" info, not normative.

See McCool's comments in issue

PR not issue

Query injection issues might be treated normatively

Kaz: having an informative security/privacy section is OK but we need to clarify some concrete mitigations for security / privacy issues

McCool: should be inherent (to some extend)

E.g. in JSONpath spec

Kaz: really need to ready for sec / priv wide reviews before reaching the REC

McCool: mention risk and point to normative mitigation

PR #113 merged

Issue 16 - Handle huge set of Thing Descriptions (pagination, streaming, etc.)

Pagination: https://github.com/w3c/wot-discovery/issues/16

Format of response?

How does the container look like?

ID inside TD is optional

Outside ID generated by directory not necessarily identical with inside ID

How are TDs returned by server?

ID might be random and changing over time?

Extension of discovery context instead of TD context

Farshid: two proposals, w/ and wo/ HTTP headers

McCool: problem that this is HTTP specific

Farshid: other things are too

McCool comments his thoughts in issue

Also summary of proposal / issues there

Main issue: response might not be a TD

Array vs. object

Kaz: would like to see use cases

Kaz: If we want to handle pagination of the resulted data, we need to handle the "border of the pages" and how to define the minimum chunks for the pagination or streaming

McCool - wants examples

Contradiction w/ enriched TDs

Query one TD vs query multiple TDs

McCool: Might want to have responses w/ non-enriched TDs

Per TD metadata?

Challenge w/ signatures

Local ID vs. ID inside TD

Please also see "Concerns" in issue comment

McCool: Should rule out what is not possible / feasible

McCool: Object cannot guarantee order

Embed TDs vs Linking TDs

<kaz> kaz: let's clarify our scope for the current Charter period :)

McCool: Let's look at other APIs

Farshid: Have already done this (see link inside issue)

Use of arrays seems to be quite common.

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).