Meeting minutes
Minutes
<kaz> Dec-22 Architecture minutes
Lagally: minutes from Dec 22 meeting
Lagally: note this was a combined arch/profiles meeting
Lagally: as it was all architecture, let's review it in the arch call tomorrow
WD Publication
Lagally: made a resolution, where are we with publication?
Kaz: unfortunately, was not able to publish during holiday
… still also working on CR publications, but Profile WD also not done
Schedule
McCool: will be proposing a 4mo extension today, to May 31
McCool: for Profiles, to get to PR would need CR in first two weeks of March at latest
… however, have 2wk internal WG review, so end of Feb need CR candidate
McCool: with other things going on, probably 4 to 5 meetings
Lagally: (captures some notes in agenda wiki)
Lagally: what about a testfest?
McCool: probably don't need one for other specs, but ok to focus on profile
… but we should resolve any descoping prior and have a clear WD
Contributions
Lagally: some new PRs
PR 346
<kaz> PR 346 - Add clarification on server behavior of webhook consumer
Lagally: PR #346
… add clarification on server behavior for webhooks
Lagally: feel it is a useful clarification, says consumer provides both client and server behavior
McCool: feel it does address the issues cited and should be merged
Lagally: concur, let's merge
Lagally: rest is WIP; what about #314?
PR 314
<kaz> PR 314 - Allow auto security scheme for other permitted security schemes
McCool: I need some time to catch up on the comments on #314
Testfest results
<mlagally> Rendered version of the draft Implementation Report for WoT Profile
Lagally: (generates rendered version of report)
Lagally: let's look at the at-risk items in the report
McCool: should also look at categories, e.g. TD ones can in theory be automatically validated
… profile-abstract-1 also might have two sub-assertions
Lagally: then there is the a11y assertions
McCool: these are relatively easy to satisfy, we just need people to state
Daniel: don't think we can say node-wot satisfies this...
McCool: to be clear, node-wot is a framework for building things, we want to evaluate these on concrete Thing implementations
… so would be on, say, a coffee machine
Daniel: but from point of view of node-wot would never fulfill
… so hard to give it a "pass" from node-wot
Lagally: it is also a conditional requirement, IF you have a deployment
… that may be used by users with disabilities
… so a coffee machine built with node-wot can be compliant
McCool: again, node-wot by itself is not an implementation
Daniel: right, we need someone else *using* node-wot to be able to report on this
Kaz: understand point, but want to understand dape's position; is like Chromium for browser implementations, provides general framework
… so should somehow consider node-wot an implementation of WoT, though WoT by itself is not an implementation of "WoT Thing" or "WoT Consumer".
Lagally: for all security schemes, is a problem
McCool: most probably it is oAuth
Daniel: yes, problem is schemes that require human input
McCool: we could remove the security schemes that require human input... but keep e.g. the OAuth flows (I believe client) that don't
Lagally: let's create an issue to look into this
McCool: I can do, will have to engage with Ben, since I think the code flow requirement came from Ben
… but will also think about how this relates to bearer tokens
McCool: security bootstrapping has PRs under discussion
… I think we need to clean up discovery vs. normal operation "auto"
Lagally: links
McCool: we need to add some structure here to capture test results for each table row
… since it is unlikely that a single TD will have all of these link types, nor is it expected
… but we would expect a set of TDs that would "cover" these
… suggest making child assertions for each row
Kaz: agree that is important, and it would be nicer to improve the spec itself based on that structural clarification.
McCool: in TD, table rows can be marked as assertions, but the format is different here
… but will see if I can figure out how to mark these up with at-risk formatting, etc.
… similar issue for media types
<kaz> [adjourned]