W3C

– DRAFT –
WoT Architecture

08 September 2022

Attendees

Present
Kaz_Ashimura, Kunihiko_Toumura, Michael_Lagally, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
Lagally
Scribe
kaz

Meeting minutes

agenda

Lagally: (goes through the agenda)
… anything to be added?

(none)

minutes

Sep-1

Lagally: (goes through the minutes)
… wondering about the Issue 809

McCool: need some time to fix it
… please assign that to me
… need to fix it by CR transition anyway

Issue 809 - Fix normative references / convert to informative, where applicable

McCool: will do that immediately after this call

Lagally: (creates another issue 828 on "Prepare CR publication" and adds a label of "by CR transition" to it)

<mlagally> https://github.com/w3c/wot-architecture/issues/828

Issues

Issue 820

<mlagally> https://github.com/w3c/wot-architecture/issues/820

closed

Issue 818

<mlagally> https://github.com/w3c/wot-architecture/issues/818

Consider whether this makes more sense as a Note [TAG feedback]

Lagally: (adds comments)
… discussion about the scope and the future deliverables
… in the next Charter period
… during the TPAC meeting

(closed)

Kaz: depending on the response from TAG, would suggest again we have a joint discussion with them

McCool: e.g., we can invite them to our TPAC meeting

Kaz: could you please try to contact Daniel Appelquist and Amy Guy?

<mlagally> https://www.w3.org/2001/tag/

TAG info page

Discovery-related issues

issues with "discovery" label

McCool: we can apply another label of considering to be closed

issues with "close next week" label

McCool: next week, we'll discuss issues around the next Charter

Issue 824

Issue 824 - Adjust policy-like security and privacy assertions

McCool: (describes the situation)
… Security TF has not discussed this yet
… would suggest we review the updated draft during the CR period
… changed a lot of things
… e.g., "isolation" is a vague word
… we really care is untrusted code out of the sandbox
… anyway, I don't want to ask people to do something impossible

Kaz: continuing the review during the CR period is ok
… but we need to make sure there would not be any changes which have impacts for implementations

McCool: right
… there should not be any impacts

PR 827

Revise Security and Privacy assertions

(fixes the issue 824)

Lagally: "isolated" execution environments environments is now "sandboxed" execution

McCool: this has much longer text after it
… about data access

Lagally: about security and data protection

McCool: yes
… private data protection is important here
… btw, typo there...

Lagally: (adds comments about that)
… (around line 4172)
… remove "perform"

(still pending status, though)

Lagally: link to the WoT Security and Privacy Guidelines?

McCool: can add an anchor there

(around line 4204)

McCool: next point is the word of "guarantee"
… which means "SHOULD"

(around line 4296)

McCool: then around line 4608/4604
… MUST to be SHOULD
… mutable IDs required for some use cases

(around line 4613/4609, "required to" to be "should")

(around 4617/1613, MUST to be SHOULD)

(around 4619/4615, "cannot" to be "should not")

McCool: we can remove some of the text, though
… you can add a suggestion using the GitHub interface

Lagally: (adds a suggestion)

McCool: line 4614-4616 (on the right side) to be removed

Kaz: what about the other lower-case "should" sentences?
… like line 4609 on the right side?
… I'm OK with removing them, but we should make sure about our policy at this stage

McCool: right
… also we can add a text mentioning lower-case keywords are not assertions withing the RFC2119 description section

Lagally: (around line 4620, "should not use nosec" to be "should use access control")
… (then shows the preview)

preview: section 2. Conformance

McCool: the question is that the text here comes from ReSpec automatically
… I'm OK with either merging this and add fix later, or wait to fix them

Lagally: ok to merge?

(no objections)

merged

Tag review issues

TAG review issues

Issue 817

Issue 817 - Review for unnecessary normative statements [TAG feedback]

Lagally: (adds comments)
… several normative statements have been weakened from "MUST" to "SHOULD"
… specifically in the security section
… also some of the redundant assertions have been removed
… group-wide review will be done when the implementation report is done
… collecting testing inputs and we'll see which assertions need to be identified as "at risk"

McCool: for CR transition, we need to identify feature at risk

new issue 829 - Provide implementation report on architecture for node-wot

Resolution for CR candidate

McCool: need to make a resolution

<mlagally> proposal: submit the current editors draft as CR candidate and ask for group-wide review

RESOLUTION: submit the current editors draft as CR candidate and ask for group-wide review

[adjourned]

Summary of resolutions

  1. submit the current editors draft as CR candidate and ask for group-wide review
Minutes manually created (not a transcript), formatted by scribe.perl version 192 (Tue Jun 28 16:55:30 2022 UTC).