W3C

– DRAFT –
WoT Discovery

24 January 2022

Attendees

Present
Andrea_Cimmino, Christian_Glomb, Christine_Perey, Farshid_Tavakolizadeh, Jan_Romann, Kaz_Ashimura, Kunihiko_Toumura, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
FarshidT

Meeting minutes

minutes review

https://www.w3.org/2022/01/17-wot-discovery-minutes.html

no objections to publishing

PRs

PR264 - Update Security and Privacy Considerations

https://github.com/w3c/wot-discovery/pull/264 still a draft

PR251 - Refactor event affordance and event type naming

https://github.com/w3c/wot-discovery/pull/251

Farshid: much clearer now, affordance names and event types are consistent

Farshid: this PR closes two issues

McCool: we can go ahead with merging if Ben is happy with the updates

no objections

PR merged

<cperey> To provide feedback on the draft GeoPose specification, please create issues here https://github.com/opengeospatial/GeoPose/issues

PR259 - Explicitly disallow SPARQL Update queries

<cperey> just heads up, I have to sign off in 15 min (10:30 AM Eastern)

https://github.com/w3c/wot-discovery/pull/259

Andrea: the assertions are split
… three assertions for separation of concern
… still discussing if the error code for disallowing UPDATE should be 501 or something else

McCool: 501 is usually about errors related to the server
… the assertion about request should clarify that 200 is only for successful requests.
… what if an UPDATE request has syntax error. Do we check the syntax first or authorization?

Christian: what about using 400 for both?

McCool: using 400 is also beneficial because we don't have to worry about the order of syntax checking vs security.

McCool: let's go with 400 for the disallowed query response.

Andrea: applied the requested changes

PR merged

PR261 - Update discovery-context.jsonld

https://github.com/w3c/wot-discovery/pull/261

Andrea: the existing context is not valid. It fails the JSON-LD playground validations.
… this PR doesn't fix the issue, but rather removes the recently added parts to make the context valid again for the time being

McCool: let's make sure the context reflects the existing spec, without changing the spec

Christian: let's do the partial fix and I'll take it from there

Andrea: related issue: https://github.com/w3c/wot-discovery/issues/262

McCool: the issue remains open for follow-up work on this fix

PR merged

back to PR264 - Update Security and Privacy Considerations

McCool: The PR is addressing issues discussed under https://github.com/w3c/wot-discovery/issues/254
… (going through the comments on the issue)

<kaz> (McCool quickly skims newly created issue 263 https://github.com/w3c/wot-discovery/issues/263 - Profile needs a simple self descriptive mechanism without huge implementation demands)

McCool: should we make HTTPS mandatory for self-description over HTTP? It is currently recommended.

McCool: added three new considerations
… will update the PR to include them.
… recommendations include those for self-discovery on LANs
… an external onboarding process is needed to define keys
… the access control for self-description should also become a MUST

Farshid: this was kept flexible on purpose to cover local/demo/staging environments as well as production environments

Andrea: what if HTTPS is provided via a proxy?

Farshid: we can reword to be more explicit that public endpoint MUST use HTTPS, and not necessarily those local and behind a proxy

McCool: Created issue to address HTTPS for self-description: https://github.com/w3c/wot-discovery/issues/265

Farshid: relevant existing issue: https://github.com/w3c/wot-discovery/issues/139

schedule

WG extension schedule: https://github.com/w3c/wot/pull/1010

proposed feature-freeze for discovery

McCool: we need to update any remaining assertions by next week
… another pressing open issue is for self-describing devices that expose more than one TD

Farshid: we also discussed the possiblity of using a ThingLink to reference more than one TD from one

McCool: will capture that

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 185 (Thu Dec 2 18:51:55 2021 UTC).