Meeting minutes
Minutes
approved
Discovery Explainer
McCool: question on HTTP or not
… we're not sure about how to use CoAP
… think we should do HTTP only now
… could add CoAP once we get a PR
… my proposed resolution is leave it asis
(no objections)
McCool: (goes through the changes)
Farshid: looks OK
McCool: (visits Cristiano's comment)
Cristiano: I'm OK with this PR
McCool: ok
… (fixes some typos)
… (shows Farshid's proposed changes)
Farshid: you can go ahead and merge the PR 309
McCool: objection to merge this PR?
(none)
McCool: we can add further changes later
(merged)
PRs
PR 317
PR 317 - Internationalization Questionnaire updates
McCool: would merge this PR as well
… any objections?
(none)
merged
PR 322
PR 322 - Suppress Unused Dfns Respec Error
McCool: suppressing the errors from ReSpec
merged
PR 313
PR 313 - Security Bootstrapping
McCool: a bit difficult one
… (goes through the discussion on the PR)
… related to onboarding discussion
… but we don't have spec for onboarding
Preview - 7.1.2 Security Bootstrapping
McCool: added edit for "Security bootstrapping MAY be provided on any HTTP endpoint that serves a TD."
… (goes through the updated assertions)
… (also shows Mozilla's MDN document on HTTP Authentication)
MDN Web Docs - HTTP Authentication
McCool: (then describes the error code section)
… just in general, do you feel major fixes still needed?
Farshid: looks good now
McCool: small fixes are appropriate
Cristiano: we can merge this PR and then continue to work on the Explainer, etc.
Cristiano: but wondering about some assertion above
McCool: The server MUST respond with the requested TD only after performing necessary authentication and authorization?
Cristiano: yeah
Farshid: could say something else instead
McCool: I know it's tricky
… which line for that assertion?
Cristiano: 947
McCool: (goes to line 947)
… (and edits the text)
… (for the assertion "self-http-access-control")
… If authentication and authorization are necessary
… they MUST be performed before the server...
… next thing is the respond codes
… If the OAuth2 code flow is used during security bootstrapping
… the "302 (Found)" or "303 (See Other)" response code MUST be...
… what other changes needed?
… (fixes some more typos)
… (then goes through the remaining commentson the PR)
… onboarding is kind of out of scope
McCool: (adds responses)
… Ben's point is something I also worry about
… but don't want to weaken security generally
… think we should merge this PR now
… and think about other ways to address this
… making security bootstrapping mandatory in some profiles would be one way
… another way would be to define an onboarding process
… any objections to merge this PR itself?
(none)
merged
PR 323
PR 323 - Update Discovery overview figure and Architecture section
McCool: (shows the overview diagram on his local PC)
kaz: note we're out of time
McCool: would extend the call by 30 mins to get conclusion today
kaz: ok
McCool: any objections to merge the PR?
(none)
merged
PR 326
PR 326 - Self-Discovery Cleanup
McCool: these descriptions are all about the HTTP section
Cristiano: wondering about the relationship with the Issue 315
Issue 315 - Return charset parameter in content-type
McCool: need a PR for that
… regarding the spelling for the spec, we usually use American spelling
… (got conflicts for PR 326)
… (and try to resolve them)
… any objections to merge this?
(none)
merged
WD publication
McCool: (creates a branch named "review-pre-cr-wd" for the WD publication)
… we need a resolution during the main call
<McCool_> proposal: start review process and request a resolution in the main call in two weeks to publish branch review-pre-cr-wd as a WD to be used for wide review; also refer to this branch for now in review requests
RESOLUTION: start review process and request a resolution in the main call in two weeks to publish branch review-pre-cr-wd as a WD to be used for wide review; also refer to this branch for now in review requests
McCool: PR 325 to be discussed next time
[adjourned]