W3C

– DRAFT –
WoT-WG/IG - Day 2

15 September 2023

Attendees

Present
Andrei_Ciortea, Chris_Needham, Christian Glomb, Christian_Glomb, Cristiano_Aguzzi, David_Ezell, David_Singer, Hiroki_Endo, Josh_Cohen, Kaz_Ashimura, Kunihiko_Toumura, luca_barbato, Mahda_Noura, Michael_Lagally, Michael_McCool, Ryuichi_Matsukura, SalCataldi, Salvatore_Cataldi, Sebastian_Kaebisch, Takashi_Minamii, Tomoaki_Mizushima, Toshio_Ito, Vagner_Diniz
Regrets
-
Chair
McCool, Sebastian
Scribe
cris_, Ege, kaz, mahda-noura, mahda_noura

Meeting minutes

<sebastian> https://github.com/w3c/wot/tree/main/PRESENTATIONS/2023-09-tpac

Opening

<kaz> Sebastian's slides

Outreach

<kaz> https://github.com/w3c/wot/blob/main/PRESENTATIONS/2023-09-tpac/2023-09-15-WoT-TPAC-Outreach-Sebastian.pdf Sebastian's slides

Sebastian: WoT current charter
… growing number of people attention for WoT and supporting open source implementation
… adaption in the market and commercial usage
… the community group is growing
… WoT definition and the benefits, WoT is not a protocol
… building blocks are created like TD, binding templates to describe what is the Things capabilities and what is needed to interact with the devices
… the existing system doesn't have to be changed and can be complemented with WoT
… WoT needs to be disseminated to SDO's
… to show how WoT can help their ecosystems
… plan to work with OPC UA, Echonet, Asset administration shell, Bacnet Binding, CSA with the matter protocol
… ease the adaption of WoT by decoupling the binding approach
… the registry approach presented by ege yesterday is the right approach to continue
… latest WoT adoptions led by Microsoft called connectivity group
… another adoption is asset administration shell, describes everything that is around a asset
… acitvity that specifies the interface of an asset using the TD
… collaboration with existing W3C groups like the json-ld group, about the signing and canonicalization and serialization
… important topics for the next charter about DID and verifiable credentials
… new interest group designed like digitial twins for the smart city from kaz with WoT as a main building block

McCool: scalability issue, small number of active members working on the spec, what can we move to CG and processes to minimized the work in the WG for more active involvement and contributions
… can we figure out a process for this?

Ege: observed within RDF* group, it makes sense in cases i.e., we don't know what the solution is

<cris_> +1 for example of profiles

Ege: we currently don't have TFs for this and as the CG we should agree on the structure

Kaz: I am happy also with the discussion this morning about the collaboration between the CG and WG, but we need to clarify which topics are targets of which group and what kind of team structure, resources are required for which group about which topic.

<Ege> Anssi Kostiainen and Louay Bassbouss are the chairs of second screen

Sebastian: experienced from another group, we should make sure the CG is not allowed to make forces, CG creates plugfest and WG creating normative documents

Cristiano: like the idea of changing the work mode e.g., WebAssembly, it has more than 1000 participants in the CG
… you can get more input from the public for some topics like manageable actions

dave: how invested are you in the use case?

McCool: make sense to move it to the CG

<McCool> (to clarify what I said: would have made sense to have started UCs in the CG, but since it is now in the IG, may be hard to move, but we can certainly collaborate more closely)

Ege: in the presentation we asked the presenters about things that are not satisfied, Telekom provided feedback which are in the minutes

Kaz: we need to clarify the procedure on how to transfer use cases from the CG side to the WG side. That should be done collaboratively by the WoT WG and the CG

Security

<kaz> McCool's slides

<kaz> McCool's summary of main points from the discusion

McCool: threat models and security and privacy considerations

McCool: see where we can clear things up
… we have a list of stakeholders in the use case requirements but in the S and P document there are actually good definitions
… there are alot of overlap with the general stakeholder

<kaz> WoT Security and Privacy Guidelines

McCool: issue 2: use case and requirements, we want features mapping to requirements to use cases, the question is how we define the security and privacy use cases?
… we need to think about categories
… we need to consider what is the priority of mitigating risks
… how will assertions work
… we need to figure out signing for discovery
… onboarding, we haven't decided whether we want to do onboarding
… security definitions and schemes that are related to a specific protocol need to be moved to their protocol
… we need to figure how to validate the binding especially for security
… we need to decide are security mitigations normative, maybe we need to have them in another document
… we could split up security and privacy guildelines as they are not the same thing
… should profiles find security levels? levels of risk
… there are an issue of how to do with brownfield devices
… problem of not having enough people
… in short term we need to clean up the issues we mentioned
… we need to figure the testability gap in security testing

luca: split the security concern that are about what happened when your software stack hardware get it wrong, the problems can be leveraged to do something, you are misusing the device which can cause damage
… this could be part of next year work

McCool: the reason of a threat model is that security is multi-facet

luca: for that part please be careful use a language that avoids the mistake, make the end user aware that a device could be harmful

Ege: safety guidelines, maybe we need a new type of document for safety guidelines
… how to make people more aware of this document, and how much people take this guidance as we haven't tested

McCool: it is linked, not updated since 2019
… but the content is really good

McCool: the guidelines are high-level, making the document more central is one option

Kaz: going for this direction is fine and important, governance on user data is important for smart city also, we as the WoT group should survey about existing guidelines on user data governance, e.g., for smart cities. Probably that survey could be done collaboratively with the newly proposed Web-based Digital Twins for Smart Cities IG.
… more survey is required

McCool: would be helpful if implementers reviewing the spec
… we need to volunteer for this

Kaz: can introduce some the guidelines including governmental ones as a starting point.

Sebastian: comment to the statement: "developer is not aware of the security guidelines...", maybe we should think extending the specification topic like TD with more hints

<Mizushima> +1 for kaz

McCool: we could say, if your implementing this and that, you need to follow those guidelines

<Ege> mmc not modbus, it is BACnet

SalCataldi: subject is wide, also in the bacnet group, i am wondering why you don't use the existing standards which deal with security in automation
… there are exactly calls for how to standardize securing digital assets

McCool: 5 years ago there wasn't alot, we need re-open that analysis

david: in the past experience, always remember adequate security, what about the domain?

Profiles

lb: a quick introduction first
… they are used in many fields
… you want to restrict capabilities. Like in multimedia you can have a profile with max resolution, framerate
… there are also usb device classes. A keyboard will not produce audio. Bluetooth similar
… if we want out of box interop, we should think of device classes
… our current profiles are not considering resource constraints
… they are all about HTTP
… we do not say that "if you have device with X amount of RAM, here is what you can do"
… in the future we should think about resource or we can think of content negotiation
… currently, it is not clear how we mix two profiles for different forms
… we do not know how to signal that one form uses which profile
… that was it

cg: one of the challenges in the discussion in the past was that profiles was a superset of TD and not on the subset

lb: we did not constrain what is a subprotocol so it is very flexible at the moment
… profiles can do a better job that subprotocol
… there is no way to agree, in a strict way, between Thing and Consumer on what to expect from the TD.

ml: we discussed superset and subset but we are defining something for implementers
… we should not discuss this mathematically
… we did not agree on the device classes since there was no consensus
… thank you Luca for taking the lead here

mm: I think that the set is misinterpreted
… we should discuss about constraints
… another comment. We have also behavioral constraints so the question is whether those are appopriate
… profiles is to increase interop

lb: we can also guarantee if we are strict

mm: we cant since we do not do conformance testing

lb: we can by establishing a consortium

sk: we talked a lot about resource constraints, we can dig up from github
… How about using linting for handling profile mechanisms
… another interesting topic is how bindings relate to bindings

ca: we discussed with ben about profile using defaults of a binding. So a profile can be linting plus defaults
… we can discuss this in the cg as well

mm: the constrained devices can be valid in one case and not in the other
… we need a better way to validate
… TD part and the behavior

ca: we also have schemas in bindings to validate the td containing the binding

ek: we need to agree on what we are trying to solve. resource constraints conflict with human readability
… also linting makes sense in this regard

sk: bringing this topic to the cg makes sense. we should get more feedback
… we need Kaz's opinion whether we can move something like this to cg

mm: to what scenario does a profile apply to. This is something we did not discuss entirely
… we need to resist putting features that does not exist elsewhere
… profiles should be pretty simple
… there can be more than one profile

Kaz: if we have consensus, we can transfer any of the WG deliverables to the CG side.
… However, we need a group-wide consensus, so I' suggest we add this topic to the "possible collaboration targets list for WoT-WG and WoT-CG" as discussed in the morning, and have some more discussion there.

sk: we can bring it back from CG once it is stable

mm: otherwise +1 to sebastian

sk: also what do you think luca?

lb: I have prepared it to start discussion. Profiles can be many things and we should tackle the most interesting one
… so it would be pointless to propose arbitrary limitations if there is no interest
… I have enjoyed SSE profile for example

mm: we have food for thought. We should document where profiles are useful

sk: we can talk about architecture now

Architecture

<kaz> McCool's slides

mm: I want to talk about the issues we have, what do we want out of it and craft a plan
… arch document is trying to satisfy multiple objectives
… it satisfies those in different levels of quality, sometimes overlaps with other documents, sometimes inconsistent with other docs
… we do not need 20 use case examples

+1 on its objective not being clear

goals

mm: I personally think that it should be a good place to start
… the philosophy of the WoT should be clear
… building blocks do not map well to other documents
… abstract servient architecture is in a weird place
… there are assertions about TD in the arch

mm: my planning document assumes it is an explainer document
… a lot of terminology in the beginning works against explainer
… (mm explains the plan)
… if we have normative requirements, they need to be testable
… once we do all this, it will not have to be normative

Ege: multiple points
… in the CG, some discussion
… high level people need expliner document
… read WoT specs starting with WoT Architecture
… also TAG gave a comment that Architecture should be informative
… if it's a guideline, that's still useful
… could try to make assertions also informative

mm: there are still 50 assertions
… need to find a home for them

Ege: regarding transfer of assertions
… maybe use cases and requirements have cross-spec assertions

mm: moving out to the use cases doc?

Ege: yeah
… think the WoT Architecture TF could review all the other WoT specs horizontally

mm: easier to have spec design in general

Kaz: I agree with Michael McCool and this proposal (on slide 6) is in line with what I have been suggesting
… we start with refactoring
… and we start with arch spec
… I agree with the arrow in slide 6. evaluating when the restructuring is complete, whether the document is informative or not

mm: restructuring is important for all specs

sk: I like this idea of having arch as the entry point. Is it necessary to have it in a rec document? Entry point can be a webpage
… sometimes other specs, I see a landing page where it asks "are you a developer? then go here", "are you a manager/decision maker? then go here about conceptual points"

ca: First a question. If we do a restructuring, what happens to the sections like servient architecture
… also is it a REC in the chapter

sk: yes since it easier to make it note from REC than REC from note

mm: I do not know if servient is useful. People get confused

mm: another thing talked about is hateoas and hypermedia but we are not really using it
… we make a big deal about it but do not use again

<cris_> +1 for restructuring

ek: I would like to read in detail before reaching resolution

mm: maybe it is too detailed

ac: I think some points like "hypermedia should be serialized as forms" are very important and should be normative

mm: we can make it an informative point and normative in TD

sk: see you in 15 mins

New/Commercial Use Cases and Requirements

<kaz> Kaz's slides

new commercial use cases and requirements

Kaz: today we will talk about a new commercial usecases for wot
… we are starting WoT 2.0 charter soon
… and for this reason use cases from various industries will be very important

<McCool> slide has discovery three times?

Kaz: so far we have a WoT Use cases document with various use cases.
… we have also technical cross domain use cases like discovery and virtual things
… there are also emerging use cases
… like in the space of smart cities
… takenaka use WoT to integrate different GW
… Sebastian mention smart factories are valid use cases for WoT
… is there any other cases that require integration?
… that's why I invited different stakeholder
… I want to create an open discussion

daihei: the publishing industry lately is paying attention to new technologies: like blockchains. The combination between the physical and the virtual world is already happening in Japan. There is also the idea to have bookstores in the metaverse.

daihei: digital market is expected to expand
… publishers are looking for new ways to connect to users and readers
… publishers know that it could be the need to integrate with IoT world

daihei: some sort of mechanism should be built to make publishers rights avaible

Kaz: it is a big picture which includes payments, wot, ipa, and published content
… nicer and smarter combination of resources and technology is needed

mc: we have AR/VR
… but we are missing geo location
… large format e book reader is a thing
… home assistant has a web integration
… when iot devices can be used directed by a book
… my lab ebook can connect with things
… what are the commons

Kaz: how to use WoT interface from the ipa content

chris: few things
… one is the connected environment. Tv is the central hub
… we have seen the NHK to use WoT from TVs
… more generally than that
… my organization is looking at managing of studios

<McCool> (aside: as a grad student I was the "video guy" and set up all our automation systems to make animations with VCRs (not trivial...))

chris: potentially there is something around a digital twin use case for wot
… I share a lot of use cases with daihei, like linking content to nfts to provide additional values to end users.
… digital assets that you can own
… I am not sure where is the overlap with WoT in this sense

mc: one point, it could be publication of data

Kaz: I started to think about how to manage those assets in the smart city context
… we need to involve matter as well

mc: we discussed about HA and the state of the home automation market
… it is a mess, and there is an usability problem
… can wot help?
… there is space in AI Tech
… in natural language processing
… they can run on the edge
… and WoT can help the model
… surely we can keep this use case in mind.
… also from the accessibility community group we discussed the use case about portability of interfaces of digital devices
… this also involves privacy because your preferences need to be ported in different context

Kaz: usability for everybody should be garanted

Kaz: further collaboration is needed
… meaning HTML and Device and Sensor group

mc: home assistant is unique because is locally controlled
… other have cloud components
… as use case we need to tackle cloud integration
… how to we move data from home to the cloud
… and how we improve security and privacy

seb: when you have an e-book reader, you can adapt the light while you read

<McCool> (read page in ebook, dragon attacks, lights flash red...)

seb: it might intresting
… or the reader fall asleep and the device turn off the lights

mc: existing devices expose information to used in different IoT automation systems

david_singer: if there is matter in my home are we working with them enough to get them on board to the Web platform
… can we link to different matter resources?

mc: we are working on this, in particular with stakeholders to define URI
… some of them don't won't integration because of security contraints

Kaz: wot should think about of matter

chris: on matter, the second screen group is talking about this topic right now
… can a laptop find the screen in the room and interact with it, to give a presentatin on that screen from the laptop
… what's the difference between matter and our protocol?
… we are not working in terms of url is about local device discovery

mc: there are nice things in matter
… but is narrowed in smart home

Kaz: we should think about the potential connections with presentation api and WoT discovery

Ege: two people in the cg are interest in the integration with WoT
… Robert and a start up from Switzerland

salvatore: who is in the cca org?

seb: me

mc: me

seb: WoT is not a protocol
… there is a misunderstanding
… we are not doing it, we are providing a way to describe what is there. Our job is to provide a way to describe matter deployments

mc: part of the matter standardization process is to find a set of classes of devices
… in wot we want to make sure that we can describe any set of devices
… matter is based on the dot dot data standard

Kaz: wot is a flexible software multiple adapter

mc: wot is a way to describe this adapters

+1

mc: matter would take take to overtake what it is

mc: can you tell us about use cases in factory automation ?

seb: I can show slides as examples

*sebastian showing slides*

<kaz> slides@@@

seb: there is joint work that we are doing with microsoft
… generating Thing Description with chat GPT
… works quite well
… but there are small details that are still not working very well
… it is just a starting point
… for siemens onboarding IoT devices is very hard
… because of the number of different type of devices

mc: what are some usecases ? I can list at least three: 1. onboarding: I don't know if we can help but there is a gap in the industry. One part is security the other part in data models. Then we have bridges
… the other use case is the cloud integration
… we can have script embedded int TDs to have data normalization
… but it would be intresting

Kaz: it would be intersting to describe siemens use cases and extract requirements

sal: the picture recalls me an activity that is running in the EU. They started with pilot projects measuring Electric consumption in buildings. They used different protocols but they used the same ontology. The code of conduct is now public and they want producers to sign it
… the picture recalls the usage of the smart grid model
… exactly for achiving interoperability between components
… proposing an ontology would be important

Kaz: grouping of devices is something that we need to consider

seb: the slide goes deeper
… the critical step is always to bring the device into the upper level the application
… and it is very expensive
… in buildings is the same

mizushima: purpose of the JP CG is to promote WoT tech to stakeholders in japan. Many Japanese stakeholders are interested in WoT. They don't have a deep knowldge of WoT, therefore we promote WoT and explain it to them. They of course have use cases for WoT
… we would like to propose that use cases to the WoT WG

tomura: we have cross domain use cases. We have to correct them for this document. We have concrete implementation explainers.

wrap up

Kaz: please give your ideas on github
… thank you for all the inputs
… this session is adjourned

<kaz> wot-usecases GitHub repo

Closing

<kaz> slides @@wrapup

seb: nice to be here, we had a production week
… and we got a nice understanding of others groups are doing with WoT
… we did a lot of discussion of different topics. This time we discussed more about organization and how to proceed with the charter.
… next week we might need to talk about how we organize our web meetings
… at the moment is not perfect, because the time zone is not great for Japanese
… thank you everyone who contributed
… regarding next week we are resuming to regular meetings
… it will be probably changed next October

mc: we are back to regular schedule but no profile and architecture
… testing neither

Kaz: we have to decide when and how to start use cases

mc: not next week but soon

seb: thank you for joining

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 221 (Fri Jul 21 14:01:30 2023 UTC).