W3C

– DRAFT –
WoT Discovery

23 May 2022

Attendees

Present
Andrea_Cimmino, Ben_Francis, Cristiano_Aguzzi, Farshid_Tavakolizadeh, Jan_Romann, Kaz_Ashimura, Kunihiko_Toumura, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
cris_

Meeting minutes

minutes review

<kaz> May-16

McCool: notice that the explainer was not ready for review
… minor typo it should be objections
… anything else?
… ok minutes approved

explainer

McCool: I have still to check new feedback
… there was one comment
… about HTTP only that we'll resolve in a different discussion
… given the current reviews we only have this issue with HTTP
… we have a PR that might solve this
… but let's discuss it later

<kaz> PR 309 - Draft Explainer

Farshid: I have still to complete the review of the explainer

Cristiano: me too

McCool: ok we'll wait for the next week

PRs

McCool: PR 318 and 317 are related and should be easy to merge

PR 318

<kaz> PR 318 - UTF-8 Constraints and Language Negotiation

McCool: there was a duplicate assertion
… I did changes on 3-cr index.html but I moved them back to main index.html

Farshid: did you fix the duplicate assertion issue?

McCool: let's see the preview
… things like queries (e.g. sparql queries) might be supported
… therefore I don't want to touch the accept content type assertion

Farshid: ok

McCool: should directory support content-language? I don't think so, TD is already multilang

Cristiano: I agree

Farshid: there was a little bit of confusion at first
… but also what about searches?

McCool: it is best effort

Issue 315 - Return charset parameter in content-type

Cristiano: have you check 315?
… I would like to charset parameter add to content-type

McCool: right, suggesting to add it to thing model and text

Farshid: it is related to another issue from Ben
… he wants to have a less strict constraint about content-type

McCool: let's deal with it separately

Farshid: I can volunteer

McCool: ok any objections with PR 318 ?
… ok merged

PR 317

<kaz> PR 317 - Internationalization Questionnaire updates

McCool: I have to resolve some points

313

<kaz> PR 313 - Security Bootstrapping

McCool: long discussion
… I have still to look into all comments

farshit: I just want to mention that is not a full solution for security bootstrapping
… is not solving the problem

Cristiano: is it something that we should ourselves ?

McCool: I would like to use existing mechanisms, http has bootstrapping features that people already use

Farshid: in practice is really useful

McCool: I will be using directory services from browser
… Ben prefers to allow retrieval of html rendered document
… but it is a different topic
… I tried to summarize on the github discussion

Farshid: one comment: providing a TD is different from exposing it

McCool: ok, right

Farshid: federated directories TDs can be nested in the master directory
… I would not force to self-describing

McCool: it would not a big deal
… optional features might be problematic
… any objections to make directories no- self describing

Cristiano: maybe is a wording problem, is not about self describing but about always providing a TD for TDDs

McCool: maybe you are right, I agree that a TD can be hosted somewhere else
… ok if we commit with this, the figure needs to be updated
… we also need to clarify that any enpoints that return TD must suppor security bootstrapping

Farshid: just one thing before continuing
… I left a comment about oauth 2
… is not solving really the security bootstrapping

McCool: good point

Farshid: we can still defer to 1.1 version

Farshid: things id is problematic
… cause we can only support a subset of TD securityDefinitions in bootstrapping

McCool: right
… I'm capturing it on the comment

Cristiano: I also agree with 2 but I would like to see a better explanation about the fact that no sec can be used

McCool: do we have a consensus for 2 ?
… ok

McCool: do we agree to leverage on HTTP existing mechanisms ?

Farshid: if they are good enough yes.

McCool: also can we limit discovery to HTTP ?

Farshid: I don't think we can,
… I don't think it is sufficient
… maybe use cases definition is helpful

McCool: UI is one of those
… public service
… do we want to add complexity to our spec
… what's your take on this Ben?

Ben: I agree if you already have the credential the whole process is not needed
… however for UI it makes sense cause you can ask the user to input credentials
… we have a concrete use case
… "all things are public" scenario is a no go

McCool: ok I'll do my best to capture all points, but I also consider dropping it if I am not satisfied

Ben: are we sure that www-authenticate is not enough ?

Farshid: on browsers it works because there's a man in the loop
… there are some use cases were it does not work

Ben: I agree in that situation
… but is already out of scope

McCool: we need to do a WD
… and then updated
… let's do what we can
… but next week I want to publish a WD

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 185 (Thu Dec 2 18:51:55 2021 UTC).