Meeting minutes
Protobuf experiment
Ulf: I'm working on implemention protobuf for the JSON payloads
… curious if people are interested or not. I am playing with it and it should be ready early next year
Ted: certainly useful for more efficient off-boarding. worth checking out the schema someone created
Ulf: not well suited for VISS
Gunnar: I spoke with Ulf and understand his impression, would be worth bringing back what he is working on to VSS group
… not sure the existing protobuf approach in vss-tools was appropriate for our needs
Issues and PR
https://
Ulf: this seems reasonable to me, useful addition and I am in favor of accepting it
… any questions or hesitation or should we proceed?
Gunnar: that seems likely something needed
Erick: agree
https://
Ulf: in the specification we have some parts that will be optional instead of mandatory, eg filtering methods supported
… we discussed and agreed client should be informed, I proposed using dynameic metadata
… I'm calling this value's name opt-cap short for optional capabilities
[review of optional capabilities]
Ted: suggest curve instead of clog and capabilities instead of opt-cap. wss really going to be optional? may be less needed when using MQTT
… also want to see less optional
Erik: should it not be possible to not use https via a config, expose less for a given client
… reduces the attack surface
MagnusG: I'm not sure I'm comfortable with that. we are trying to create something for third party app developers, the OEM and suppliers too
… the more that is optional, the more it is diluted
Ulf: optional features should be provided the client instead of it doing trial and error
MagnusG: we suspect additional protocols to be supported later, they won't be on this optional list
Gunnar: agreement some things may be mandatory
… better would be for capabilites to report what is supported including the mandatory components, that would address Magnus' concern
Ted: I interpretted Erik's comment as a suggestion, part of your access control for a given app could include what is available to that client as a security measure
… optional can be customized per client application
Ulf: absolutely
Ulf and Gunnar push back on having that part of access control, it can still exist and be managed by the implementation or security monitor
Peter: I would prefer fewer abbreviations, fine with the known acronyms
Magnus: agree, more readable
Ulf: I'm fine with that
… and will make some changes. please keep an eye out and make comments on the PR
… on issues we agreed the BMW ones were responded to so closed. the top two are to be addressed by this last PR
Ted: suggest we publish as a WD, can setup to have that automatic for iterations
,and try to get wider review
Carine: do we have an explainer?
Ted: an outdated one of sorts in wiki with Patrick L
Carine: an explainer explains what you are going to explain
<caribou> https://
Ulf: both of those steps makes sense
(should create explainer before WD)
<caribou> https://
Ulf: also encourage people to give it a full read, I will and know of some changes that make sense