Meeting minutes
minutes review
https://
no objections to publishing
PRs
PR264 - Update Security and Privacy Considerations
https://
PR251 - Refactor event affordance and event type naming
https://
Farshid: much clearer now, affordance names and event types are consistent
Farshid: this PR closes two issues
McCool: we can go ahead with merging if Ben is happy with the updates
no objections
PR merged
<cperey> To provide feedback on the draft GeoPose specification, please create issues here https://
PR259 - Explicitly disallow SPARQL Update queries
<cperey> just heads up, I have to sign off in 15 min (10:30 AM Eastern)
https://
Andrea: the assertions are split
… three assertions for separation of concern
… still discussing if the error code for disallowing UPDATE should be 501 or something else
McCool: 501 is usually about errors related to the server
… the assertion about request should clarify that 200 is only for successful requests.
… what if an UPDATE request has syntax error. Do we check the syntax first or authorization?
Christian: what about using 400 for both?
McCool: using 400 is also beneficial because we don't have to worry about the order of syntax checking vs security.
McCool: let's go with 400 for the disallowed query response.
Andrea: applied the requested changes
PR merged
PR261 - Update discovery-context.jsonld
https://
Andrea: the existing context is not valid. It fails the JSON-LD playground validations.
… this PR doesn't fix the issue, but rather removes the recently added parts to make the context valid again for the time being
McCool: let's make sure the context reflects the existing spec, without changing the spec
Christian: let's do the partial fix and I'll take it from there
Andrea: related issue: https://
McCool: the issue remains open for follow-up work on this fix
PR merged
back to PR264 - Update Security and Privacy Considerations
McCool: The PR is addressing issues discussed under https://
… (going through the comments on the issue)
<kaz> (McCool quickly skims newly created issue 263 https://
McCool: should we make HTTPS mandatory for self-description over HTTP? It is currently recommended.
McCool: added three new considerations
… will update the PR to include them.
… recommendations include those for self-discovery on LANs
… an external onboarding process is needed to define keys
… the access control for self-description should also become a MUST
Farshid: this was kept flexible on purpose to cover local/demo/staging environments as well as production environments
Andrea: what if HTTPS is provided via a proxy?
Farshid: we can reword to be more explicit that public endpoint MUST use HTTPS, and not necessarily those local and behind a proxy
McCool: Created issue to address HTTPS for self-description: https://
Farshid: relevant existing issue: https://
schedule
WG extension schedule: https://
proposed feature-freeze for discovery
McCool: we need to update any remaining assertions by next week
… another pressing open issue is for self-describing devices that expose more than one TD
Farshid: we also discussed the possiblity of using a ThingLink to reference more than one TD from one
McCool: will capture that
<kaz> [adjourned]