11:01:11 <RRSAgent> RRSAgent has joined #wot-arch
11:01:15 <RRSAgent> logging to https://www.w3.org/2022/12/22-wot-arch-irc
11:02:12 <mlagally> mlagally has joined #wot-arch
11:02:32 <kaz> meeting: WoT Architecture/Profile
11:02:49 <kaz> present+ Kaz_Ashimura, Michael_Lagally, Tomoaki_Mizushima
11:02:52 <kaz> chair: Lagally
11:05:16 <kaz> present+ Michael_McCool
11:06:03 <kaz> q+
11:06:16 <kaz> ack k
11:06:21 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Architecture_WebConf#Architecture_.2B_Profile_-_Dec_22nd.2C_2022
11:07:24 <McCool> McCool has joined #wot-arch
11:07:34 <McCool> scribenick: McCool
11:07:56 <mlagally> https://www.w3.org/2022/12/21-wot-profile-minutes.html
11:08:11 <McCool> topic: minutes review 21 December (Profile)
11:08:52 <McCool> mm: would like to suggest keeping profile and arch separate, and suggest deferring review of profile minutes until next profile call
11:08:58 <McCool> kaz: also agree with that
11:09:19 <McCool> ml: ok, will carry over
11:09:33 <McCool> topic: Testing
11:09:44 <McCool> mm: I think the latest IR was merged
11:10:28 <McCool> ml: also what about DTLS PR?
11:10:35 <McCool> mm: please mark as deferred
11:11:06 <kaz> q+
11:11:19 <kaz> present+ Ryuichi_Matsukura, Sebastian_Kaebisch
11:12:25 <McCool> ml: seem IR was merged, let me create a github.io link to render it
11:12:32 <kaz> -> https://github.com/w3c/wot-architecture/blob/main/testing/README.md wot-architecture/testing/README.md
11:12:34 <McCool> ml: (creates link in the README)
11:12:49 <kaz> -> http://w3c.github.io/wot-architecture/testing/report11.html Implementation Report
11:13:54 <kaz> s/also agree/that's what I've been also suggesting, so agree/
11:14:49 <McCool> mm: so similar improvements to the table in the report
11:15:06 <McCool> ml: would be helpful to have numbers on the implementation descriptions
11:15:09 <kaz> q?
11:15:16 <McCool> mm: yes, I agree, will look into doing that
11:15:42 <kaz> ack k
11:15:47 <kaz> q+ sebastian
11:15:49 <McCool> seb: regarding arch-security-consideration-communication-platform
11:16:35 <McCool> ... it's quite strange, if consumers/Things can generate a correct TD, then it should automatically satisfy this
11:16:50 <McCool> ... number should be much higher
11:16:51 <McCool> q+
11:16:57 <McCool> ack seb
11:17:28 <kaz> q+
11:17:33 <sebastian> sebastian has joined #wot-arch
11:18:35 <kaz> ack m
11:19:23 <McCool> mm: also think this assertion is strange, but consider it a sub-case of the requirement that TDs should reflect Things
11:19:42 <McCool> ... so yes, we could probably generate it from other assertions, even in other docs
11:19:45 <kaz> -> https://github.com/w3c/wot-architecture/issues/888 Issue 888
11:19:48 <McCool> kaz: agree with sebastian
11:20:12 <McCool> ... and mccool that we don't want to change assertions at this point, just how to test
11:20:23 <McCool> ... but might be useful to add some clarifications
11:20:47 <McCool> ... e.g. which assertions can be approved based on implementation experience
11:21:02 <McCool> ml: this is a generic and conditional requirement
11:21:06 <kaz> s/Issue 888/Issue 888 - Evaluating At Risk Assertions/
11:21:16 <McCool> ... esp. "when not covered by binding template"
11:21:48 <McCool> ... TD creator is a human
11:23:09 <McCool> ... anyway, the reason we only have 1 result is that it is conditional
11:23:38 <kaz> s/agree with sebastian/agree with sebastian. We had some preliminary analysis about this during the TD call yesterday, and wanted to check with Lagally as well./
11:23:42 <McCool> mm: so in short it only applies to special cases
11:23:52 <kaz> s/and mccool/and agree with mccool/
11:24:02 <McCool> ... for example, philips hue bulbs
11:24:19 <McCool> ml: and I see we don't have results for that
11:24:27 <McCool> mm: and in fact lots are missing
11:24:30 <kaz> q?
11:24:33 <kaz> ack k
11:24:35 <kaz> q+
11:25:28 <McCool> kaz: suggestion during TD call is to look into the data a bit more, at least for features at risk
11:25:58 <McCool> ... and understand why they are not covered yet, e.g. not-impl vs. problems with testing tool vs. lack of understanding
11:26:34 <McCool> mm: no testing tool for arch, just manual, so probably more lack of understanding
11:26:40 <kaz> ack k
11:27:01 <kaz> kaz: regarding Architecture, that's true
11:27:18 <kaz> s/true/true and we should concentrate on the manual test description./
11:27:37 <kaz> q+
11:28:06 <kaz> ack k
11:28:08 <McCool> mm: also, that assertion is conditional on being an ecosystem, so research project that are one-offs won't be applicable either
11:28:48 <kaz> kaz: we quickly skimmed the assertions
11:29:26 <kaz> s/assertions and data yesterday, and Ege created a preliminary analysis. that is issue 888. so would suggest we start with that.
11:29:27 <McCool> ... also note for that particular assertion, we just need one more result, e.g. Philips hue would do it; intel-ocf also
11:30:04 <kaz> s/... also/mm: also/
11:30:25 <kaz> -> https://github.com/w3c/wot-architecture/issues/888 Issue 888 - Evaluating At Risk Assertions
11:31:19 <kaz> -> https://w3c.github.io/wot-architecture/testing/report11.html Implementation Report
11:31:40 <kaz> q?
11:32:07 <McCool> mm: for HAL things, pretty much any implementation should have one... unless it is virtual
11:32:21 <kaz> q+
11:32:56 <McCool> ... so suggest it is a lack of understanding
11:34:17 <McCool> ... so maybe add some informative text, and maybe invent some way to link that to assertions
11:34:53 <McCool> ... but it may be that the respondents are all virtual things
11:35:13 <McCool> q+
11:36:26 <kaz> ack k
11:36:45 <kaz> kaz: we should remember our basic expectation here
11:36:59 <Ege> Ege has joined #wot-arch
11:37:29 <kaz> s/here/here. using TD to express and expose the device capability is already kind of abstraction of device capability based on the WoT framework./
11:38:03 <kaz> s/framework./framework. we don't require people to implement VMware kind of "virtualization" here./
11:38:52 <kaz> s/here./here. and if people use DTLS to distribute TD, that's already a secure version of the WoT implementation./
11:38:55 <McCool> mm: these assertions are to mitigate a safety risk, and I disagree with ege that they belong in scripting
11:39:07 <McCool> ... also, apply to any implementation or application
11:39:36 <kaz> s/ ege / Ege /
11:39:47 <kaz> present+ Ege_Korkan
11:40:04 <kaz> q+
11:42:23 <kaz> ack m
11:42:43 <Ege> q+
11:42:48 <McCool> mm: for "segmented network" should be easy to satisfy, but probably not well explained
11:43:03 <McCool> ... also, mTLS does require pre-shared keys
11:45:25 <kaz> mm: making all of the unimplemented features informative would be too much, though making some of them informative would be OK
11:46:49 <McCool> mm: a few categories, implementation, deployment, policy
11:47:23 <kaz> q?
11:47:27 <McCool> ... but in general, these are best practices, and if they revert to informative statements it's not too critical
11:49:27 <McCool> kaz: we should prioritize assertions that are important and figure out how to resolve them
11:49:44 <kaz> ack k
11:49:57 <sebastian> q+
11:50:41 <McCool> ml: the one with 1 implmentation should be easy to fix, 0s may be misunderstandings
11:50:47 <kaz> s/resolve them/resolve them. probably we should add informative notes to describe what our actual expectation for those features was./
11:50:57 <McCool> mm: except for the DTLS one, which is know is a lack of libraries
11:51:04 <kaz> ack e
11:51:30 <kaz> q+
11:51:32 <McCool> ml: so maybe we should focus on some of the other orgs that have not submitted results
11:52:00 <McCool> ege: part of the problem, is about deployments
11:52:04 <McCool> q+
11:52:18 <kaz> ack s
11:52:40 <McCool> seb: thinking if we should organize a meeting with developers and go through all of these
11:52:58 <McCool> ... probably some people just don't understand them
11:53:13 <McCool> ... and are not clear if they apply to them
11:53:55 <McCool> ... and once they understand it may be easy for them to provide results
11:54:01 <kaz> q?
11:54:22 <McCool> ml: community group? IG?
11:54:31 <McCool> seb: testfest is IG, so...
11:55:00 <McCool> ... but there are other implementers that are not in the IG, but we can look at who has contributed so far
11:55:26 <McCool> kaz: technically WG is responsible for testing, so should organize in collab with other groups
11:55:43 <McCool> ... also, Japanese CG is organizing something similar
11:56:14 <McCool> ... explaining what is actual requirement for each feature, checking implementation status for those features
11:56:18 <mlagally> q?
11:56:21 <kaz> ack k
11:58:05 <kaz> ack m
11:59:23 <McCool> kaz: and we may find assertion that need some additional explanation, can add informative text to supplement this
11:59:47 <McCool> mm: also, about testing, we should be testing particular things in particular deployments, not libraries
12:00:08 <kaz> q+
12:00:17 <Ege> q+
12:00:55 <McCool> ... so for example, results for node-wot are just a combination of results from a set of things that use node-wot
12:01:30 <McCool> mm: regarding "testing event", it should be relatively short and well-advertised
12:01:35 <mlagally> q?
12:01:38 <kaz> ack k
12:01:48 <kaz> q+
12:02:06 <McCool> ege: agree with a different format for testing
12:02:12 <sebastian> I need to switch meeting. Merry christmas and happy new year. Thanks for the hard work.
12:02:52 <mlagally> q?
12:02:57 <kaz> ack e
12:02:57 <mlagally> ack e
12:03:50 <kaz> q-
12:03:51 <McCool> mm: going through them one-by-one does not really make sense when we have 400, but now we are down to a small set of "hard" ones we can go through them one by one
12:04:03 <McCool> ege: suggest we just do a small number at once, e.g. 10
12:04:36 <kaz> kaz: let's concentrate the remaining 10 features, specifically some of the important ones from them
12:05:08 <kaz> s/concentrate/concentrate on/
12:05:13 <McCool> kaz: what are next steps?
12:05:33 <McCool> mm: let's pick this up in the first meeting next year
12:05:53 <McCool> kaz: also should coordinate with Japanese companies and plan a testing event
12:08:07 <kaz> s/also should coordinate with Japanese companies and plan a testing event/Mizushima-san is already working on basic logistics for the JP version event concentrating on the 10 remaining features from Architecture. that's basically describing our expectation and check the actual implementation status. so should coordinate with that./
12:08:11 <kaz> [adjourned]
12:08:18 <kaz> rrsagent, make log public
12:08:22 <kaz> rrsagent, draft minutes
12:08:23 <RRSAgent> I have made the request to generate https://www.w3.org/2022/12/22-wot-arch-minutes.html kaz
14:04:45 <kaz> kaz has joined #wot-arch
14:14:33 <Zakim> Zakim has left #wot-arch
14:33:40 <kaz> kaz has joined #wot-arch