W3C

– DRAFT –
WoT Architecture/Profile

11 January 2023

Attendees

Present
Daniel_Peintner, Kaz_Ashimura, Michael_Lagally, Michael_McCool, Ryuichi_Matsukura, Sebastian_Kaebisch, Tomoaki_Mizushima
Regrets
-
Chair
Lagally
Scribe
McCool

Meeting minutes

Minutes

<kaz> Dec-22 Architecture minutes

Lagally: minutes from Dec 22 meeting

Lagally: note this was a combined arch/profiles meeting

Lagally: as it was all architecture, let's review it in the arch call tomorrow

WD Publication

Lagally: made a resolution, where are we with publication?

Kaz: unfortunately, was not able to publish during holiday
… still also working on CR publications, but Profile WD also not done

Schedule

McCool: will be proposing a 4mo extension today, to May 31

McCool: for Profiles, to get to PR would need CR in first two weeks of March at latest
… however, have 2wk internal WG review, so end of Feb need CR candidate

McCool: with other things going on, probably 4 to 5 meetings

Lagally: (captures some notes in agenda wiki)

Lagally: what about a testfest?

McCool: probably don't need one for other specs, but ok to focus on profile
… but we should resolve any descoping prior and have a clear WD

Contributions

Lagally: some new PRs

PR 346

<kaz> PR 346 - Add clarification on server behavior of webhook consumer

Lagally: PR #346
… add clarification on server behavior for webhooks

Lagally: feel it is a useful clarification, says consumer provides both client and server behavior

McCool: feel it does address the issues cited and should be merged

Lagally: concur, let's merge

Lagally: rest is WIP; what about #314?

PR 314

<kaz> PR 314 - Allow auto security scheme for other permitted security schemes

McCool: I need some time to catch up on the comments on #314

Testfest results

<mlagally> Rendered version of the draft Implementation Report for WoT Profile

Lagally: (generates rendered version of report)

Lagally: let's look at the at-risk items in the report

McCool: should also look at categories, e.g. TD ones can in theory be automatically validated
… profile-abstract-1 also might have two sub-assertions

Lagally: then there is the a11y assertions

McCool: these are relatively easy to satisfy, we just need people to state

Daniel: don't think we can say node-wot satisfies this...

McCool: to be clear, node-wot is a framework for building things, we want to evaluate these on concrete Thing implementations
… so would be on, say, a coffee machine

Daniel: but from point of view of node-wot would never fulfill
… so hard to give it a "pass" from node-wot

Lagally: it is also a conditional requirement, IF you have a deployment
… that may be used by users with disabilities
… so a coffee machine built with node-wot can be compliant

McCool: again, node-wot by itself is not an implementation

Daniel: right, we need someone else *using* node-wot to be able to report on this

Kaz: understand point, but want to understand dape's position; is like Chromium for browser implementations, provides general framework
… so should somehow consider node-wot an implementation of WoT, though WoT by itself is not an implementation of "WoT Thing" or "WoT Consumer".

Lagally: for all security schemes, is a problem

McCool: most probably it is oAuth

Daniel: yes, problem is schemes that require human input

McCool: we could remove the security schemes that require human input... but keep e.g. the OAuth flows (I believe client) that don't

Lagally: let's create an issue to look into this

McCool: I can do, will have to engage with Ben, since I think the code flow requirement came from Ben
… but will also think about how this relates to bearer tokens

McCool: security bootstrapping has PRs under discussion
… I think we need to clean up discovery vs. normal operation "auto"

Lagally: links

McCool: we need to add some structure here to capture test results for each table row
… since it is unlikely that a single TD will have all of these link types, nor is it expected
… but we would expect a set of TDs that would "cover" these
… suggest making child assertions for each row

Kaz: agree that is important, and it would be nicer to improve the spec itself based on that structural clarification.

McCool: in TD, table rows can be marked as assertions, but the format is different here
… but will see if I can figure out how to mark these up with at-risk formatting, etc.
… similar issue for media types

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 197 (Tue Nov 8 15:42:48 2022 UTC).