Meeting minutes
minutes
<kaz> Feb-15
McCool: We discussed the F2F, today we'll review it again
… pr 115 is ready.
… we need to discuss how to filter self-discovered TD. In other words how we can select pieces or the self-exposed TD
… We also discussed about error responses. I reported back to TD taskforce and we concluded that the additionalResponses needs a mechanisms to state a dataschema
… I've found a possible typo in the name, michael. Plus I am not sure if it refers to Koster or to my self
Kaz: it should be him
McCool: to the scribers please use the surname
Kaz: Well, just checked. Last time Koster was not in the call
Philipp: I recall that he joined later
Kaz: not sure..
McCool: let's assume it was me
McCool: I'm finding more typos in names.
Kaz: fixed
McCool: any other major problems?
… ok, any objection for publishing these?
… ok approved.
McCool: any updates?
logistics
McCool: we have a lot of work to do for the F2F, so it might be worth to have the call even during the PlugFest
… if we end close the discussion today for pagination we could skip it
… however I don't think the PR is properly ready. We'll need an hour during the PlugFest. Any objection?
… ok then we'll have 1h meeting during the plug fest
F2F topics
McCool: currently we have a 3 hours section
… we should assign people to different topics
… I can go with the open issues
… any volunteers for other parts
Farshid: I can handle directory
Andrea: I can do SPARQL section, but I have to know when I am scheduled
… what time?
McCool: we don't have a date
Andrea: after 6 pm I can't join
<kaz> time table for the March vF2F
McCool: what about 30 minutes for Query and Filters
Andrea: ok
McCool: examples would be nice to have in query and filters section
… introduction can be 20 min
McCool: Toumura-san could you volunteer for the introduction
Toumura: there's no much to say in respect to what was already presented last time
McCool: you could also do some general discovery introduction
Toumura: ok
McCool: about self-description Farshid please can you do this?
Farshid: ok
McCool: which day is better ? any preference?
… Monday, March 15 is taken
… I'd prefer not to do it on the last day
… What about the 22?
Andrea: I'd be better the 18th
McCool: ok noted
McCool: ah the 18th has only two hours spare slots
… let's go for the 17th
… any other logistic issues?
… ok so by March 8 we should be ready for the presentation
PR 121
McCool: we have a small editorial pr
<McCool> PR 121 - Type correction in Section 5.4, and some editorial fixes
Toumura: is related to issue 120
… the issue raised some concerns about the usage of the links in introduction mechanism
<kaz> Issue 120 - RD usage (endpoint vs. resource)|a
McCool: (reading the issue)
… we don't want to submit all our resources in a TDD
… or on the network. We should first check if it safe
… so the only change is a minor name refactor
McCool: also I think it's dangerous to publish metadata in mDNS
… attackers could infer some personal information for these metedata
… any other comments on the issue?
McCool: noticed a minor grammar issue
<citrullin> https://
discussion about the correct link to JSONPath specification and CoRE
McCool: I am ok merging this PR.
Toumura: I also added an assertion
McCool: we have _wot-servient
Toumura: it's just an implementation example
McCool: ok
… there's still some minor issues. we can merge it and do a later fix
McCool: any objections?
… I'll fix the issue right after merging it
… ok fixed any objections for merging it?
McCool: ok done
McCool: (closing also issue 120)
<kaz> PR 121
<kaz> Issue 120
PR 113
McCool: I'm going to skip 114 is still a wip
McCool: let's go to 113
<kaz> PR 113 - Security and Privacy Considerations
McCool: we discussed a lot about the security. This pr tries to capture the topics even if some of those were moved to other documents since they were more open ended
… they issue with privacy arise only when there's personal information embedded or inferred in TDs/TDDs
<kaz> Preview - 7. Security and Privacy Considerations
McCool explains the PR based on the preview
Question: Who own things, who consumes things, who operates directory.
Or: who makes things available for other?
Denial of service relevant only in certain scenarios
Location tracking: trap locations even if there is no specific location information since directory is responsible for only a certain area
Even "more interesting" if geo-location info is present
TD timing out might mean that "I'm not at home"
More at section 7.2
TD update time ...
Explicit location info ...
Nicely written "side-band" info, not normative.
See McCool's comments in issue
PR not issue
Query injection issues might be treated normatively
Kaz: having an informative security/privacy section is OK but we need to clarify some concrete mitigations for security / privacy issues
McCool: should be inherent (to some extend)
E.g. in JSONpath spec
Kaz: really need to ready for sec / priv wide reviews before reaching the REC
McCool: mention risk and point to normative mitigation
PR #113 merged
Issue 16 - Handle huge set of Thing Descriptions (pagination, streaming, etc.)
Pagination: https://
Format of response?
How does the container look like?
ID inside TD is optional
Outside ID generated by directory not necessarily identical with inside ID
How are TDs returned by server?
ID might be random and changing over time?
Extension of discovery context instead of TD context
Farshid: two proposals, w/ and wo/ HTTP headers
McCool: problem that this is HTTP specific
Farshid: other things are too
McCool comments his thoughts in issue
Also summary of proposal / issues there
Main issue: response might not be a TD
Array vs. object
Kaz: would like to see use cases
Kaz: If we want to handle pagination of the resulted data, we need to handle the "border of the pages" and how to define the minimum chunks for the pagination or streaming
McCool - wants examples
Contradiction w/ enriched TDs
Query one TD vs query multiple TDs
McCool: Might want to have responses w/ non-enriched TDs
Per TD metadata?
Challenge w/ signatures
Local ID vs. ID inside TD
Please also see "Concerns" in issue comment
McCool: Should rule out what is not possible / feasible
McCool: Object cannot guarantee order
Embed TDs vs Linking TDs
<kaz> kaz: let's clarify our scope for the current Charter period :)
McCool: Let's look at other APIs
Farshid: Have already done this (see link inside issue)
Use of arrays seems to be quite common.
<kaz> [adjourned]