IRC log of wot-profile on 2023-02-22

Timestamps are in UTC.

11:56:39 [RRSAgent]

RRSAgent has joined #wot-profile

11:56:43 [RRSAgent]

logging to https://www.w3.org/2023/02/22-wot-profile-irc

11:56:47 [kaz]

meeting: WoT Profile

12:02:20 [kaz]

present+ Kaz_Ashimura, Michael_Lagally, Michael_McCool

12:04:42 [mlagally]

mlagally has joined #wot-profile

12:04:44 [McCool]

McCool has joined #wot-profile

12:06:04 [Mizushima]

Mizushima has joined #wot-profile

12:08:00 [McCool]

scribenick: McCool

12:08:06 [McCool]

topic: Minutes

12:08:29 [McCool]

ml: review of minutes from Feb 8, 2023

12:08:34 [mlagally]

https://www.w3.org/2023/02/08-wot-profile-minutes.html

12:08:43 [kaz]

s/http/-> http/

12:08:47 [kaz]

s/html/html Feb-8/

12:09:25 [McCool]

mm: did create the wide review issues

12:09:38 [McCool]

ml: any objections to publishing?

12:09:44 [McCool]

... none, will publish

12:10:09 [McCool]

topic: Wide Review and Explainer

12:10:13 [Ege]

Ege has joined #wot-profile

12:10:26 [kaz]

present+ Ege_Korkan, Tomoaki_Mizushima

12:10:33 [kaz]

agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Profile_WebConf#Profile_-_Feb_22nd.2C_2023

12:11:07 [McCool]

mm: note that I generally set March 20 as deadline for review

12:11:17 [McCool]

ml: suggest a reminder on March 15 or so

12:11:24 [ryuichi]

ryuichi has joined #wot-profile

12:11:47 [kaz]

i|note that|-> https://github.com/w3c/wot-profile/issues/358 wot-profile issue 358 - Wide review|

12:11:55 [kaz]

rrsagent, make log public

12:11:57 [McCool]

mm: suggest adding that to the agenda for the Profile call that week

12:12:00 [kaz]

rrsagent, draft minutes

12:12:01 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz

12:12:08 [luca_barbato_]

luca_barbato_ has joined #wot-profile

12:12:32 [McCool]

ml: ok, that will be March 15

12:13:53 [McCool]

mm: also explainer looks ok

12:14:22 [mlagally]

https://github.com/w3c/wot-profile/pull/362

12:14:25 [McCool]

ml: I did merge the editorial fix for the explainer - PR 362

12:14:43 [McCool]

mm: ok, I reviewed and was ok with it

12:14:47 [McCool]

topic: PRs

12:14:59 [McCool]

subtopic: PR 365

12:15:03 [mlagally]

https://github.com/w3c/wot-profile/pull/365/files

12:15:14 [McCool]

ml: another explainer fix, removing some duplicate text

12:15:24 [McCool]

mm: concur with merging

12:15:28 [McCool]

ml: (merges)

12:16:06 [kaz]

rrsagent, draft minutes

12:16:07 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz

12:16:13 [McCool]

subtopic: PR 364

12:16:29 [McCool]

ml: http security

12:17:12 [Ege]

q+

12:17:36 [kaz]

mm: (explains the discussion during the Security call)

12:18:13 [kaz]

present+ Luca_Barbato

12:18:33 [McCool]

mm: so we discussed this in security and had a set of action items, Luca volunteered to make a PR

12:18:50 [McCool]

... but there were some feedback from Ben we needed to address

12:19:32 [kaz]

i|so we di|-> https://github.com/w3c/wot-profile/issues/6#issuecomment-1427962430 comments on Issue 6 (Recommended Security) based on the discussion during the Security call on Feb 13|

12:20:27 [kaz]

ml: (shows section "5.4 Security" from the diff)

12:20:32 [kaz]

-> https://pr-preview.s3.amazonaws.com/w3c/wot-profile/364/f72b27f...luminem:8b72f9e.html#common-constraints-security diff - 5.4 Security

12:20:43 [kaz]

rrsagent, draft minutes

12:20:44 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz

12:23:53 [kaz]

scribenick: kaz

12:24:25 [kaz]

ml: let's keep this open, and try another PR for simpler fix

12:25:37 [kaz]

... Luca, if you can add necessary change to this PR, we can merge this PR as well

12:25:46 [kaz]

ek: what about Webhook?

12:26:05 [kaz]

... currently, security is a common restriction. right?

12:26:25 [kaz]

mm: Security TF proposed we move the security portion under the HTTP Core Profile

12:26:31 [kaz]

... but Ben objected

12:26:36 [McCool]

q?

12:26:36 [kaz]

... so we're putting it back

12:26:40 [kaz]

ack e

12:26:44 [McCool]

ack e

12:27:32 [kaz]

q+

12:28:22 [kaz]

conclusion: Luca will make necessary changes to PR 364 so that we can merge the PR

12:28:32 [kaz]

subtopic: PR 334

12:28:45 [kaz]

ml: Sebastian is not here, so skip it

12:28:55 [kaz]

subtopic: PR 330

12:29:24 [kaz]

-> https://github.com/w3c/wot-profile/pull/330 PR 330 - Cloud Events Message Format

12:29:46 [McCool]

q+

12:29:58 [kaz]

ml: (shows section "11. Cloud Events Message Format")

12:29:59 [kaz]

ack k

12:30:09 [Ege]

q+

12:30:28 [kaz]

-> https://pr-preview.s3.amazonaws.com/w3c/wot-profile/330/885bfe1...b198791.html#sec-http-webhook-profile-message-format diff - 11. Cloud Events Message Format

12:30:53 [kaz]

mm: there was pretty good resource on Webhook security on the Web

12:31:06 [kaz]

... so the Security TF wanted to follow that

12:31:13 [kaz]

ack m

12:31:29 [kaz]

... looked at several resources

12:31:48 [kaz]

... on possibility is adopting to that kind of definitions

12:32:02 [kaz]

s/definitions/definition/

12:33:12 [kaz]

ml: (shows related issue 224)

12:34:02 [kaz]

-> https://github.com/w3c/wot-profile/issues/224#issuecomment-1437303668 McCool's comments on Webhooks definitions in the issue 224 - subscribeallevents security requirements

12:34:32 [kaz]

q+

12:35:55 [kaz]

ml: (shows the cloudevents repo)

12:36:13 [kaz]

-> https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/http-webhook.md HTTP 1.1 Web Hooks for Event Delivery - Version 1.0.2

12:36:23 [kaz]

mm: would add an Editor's Note

12:36:47 [kaz]

ek: multiple comments

12:37:09 [kaz]

... why do we need to use time for informative part of the spec?

12:37:56 [kaz]

... think normative sections should be more important like sync/async

12:38:49 [kaz]

... not sure if this would be a good format for green-field Things

12:38:52 [McCool]

q?

12:39:00 [McCool]

q+

12:39:05 [kaz]

ml: we're working not only for green-field Things

12:39:08 [kaz]

ack e

12:39:25 [Ege]

not acked yet

12:39:28 [Ege]

qq+

12:39:46 [luca_barbato_]

q+

12:40:25 [kaz]

... need this kind of clarification since there is no normative binding templates spec yet

12:41:38 [kaz]

ek: if metadata-based approach is not available, we need to use this kind of approach like Webhook

12:41:58 [kaz]

s/Webhook/Cloud events/

12:42:23 [kaz]

... but Webhook is not a standard yet

12:44:34 [Ege]

my comments were not exactly what is scribed: cloudevents is putting metadata in the payload which is redundant in WoT since we have TDs. It mandates putting contentType, resource, cloudevents spec version in the payload which can be all in the TD and not in the payload

12:45:30 [Ege]

also cloudevents is in the incubation phase of cloud native foundation at https://www.cncf.io/projects/ and even if it was in the graduated projects, it is not a standard (and probably will not be) unless Cloud Native Foundation is recognized as SDO by the W3C

12:46:02 [kaz]

kaz: sounds like we all are not on the same page

12:46:11 [Ege]

so we need to specify everything ourselves

12:46:39 [kaz]

... so would suggest we once go back to what we want to do for what kind of use case using which mechanism

12:47:07 [kaz]

... then revisit how to describe that within our spec like WoT Profile after that

12:47:13 [Ege]

q+

12:47:18 [kaz]

ack e

12:47:18 [Zakim]

Ege, you wanted to react to Ege and to

12:47:21 [kaz]

ack k

12:47:25 [kaz]

q+ Ege

12:47:33 [Ege]

I am not objecting webhooks btw

12:48:08 [Ege]

also if we are now discussing about supporting brownfield, we are breaking the entire design of profiles...

12:50:18 [Ege]

q?

12:50:21 [Ege]

ack m

12:50:39 [kaz]

mm: from my viewpoint, this is needed for compatibility with existing mechanisms

12:51:20 [kaz]

... Ben's alternative proposal is worth considering

12:52:33 [kaz]

ml: (shows one of Ben's comments)

12:52:55 [kaz]

-> https://github.com/w3c/wot-profile/issues/258#issuecomment-1216599450 Ben's proposal with a table of Member/Type/Mandatory/Comment

12:53:04 [McCool]

luca: two issues, one is web hooks, widely different approaches

12:53:14 [kaz]

i/Luca/scribenick: McCool/

12:53:19 [McCool]

... other is payload, not that closely bound to the pattern

12:53:25 [McCool]

q+

12:53:35 [kaz]

ack l

12:53:40 [kaz]

rrsagent, draft minutes

12:53:42 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz

12:54:03 [McCool]

... so could do payload separately, e.g. profile that does webhook+cloud events, and another one that is webhook+ben's proposal

12:54:07 [kaz]

chair: Lagally

12:54:15 [McCool]

... we don't have to make a decision of one or the other

12:54:31 [kaz]

i/explains the/scribenick: kaz/

12:54:36 [McCool]

ml: agree, I think we can have multiple profiles, and that is way out

12:54:46 [McCool]

ege: not necessarily profiles in that request

12:54:48 [kaz]

i/so we discuss/scribenick: McCool/

12:54:58 [kaz]

i/shows section/scribenick: kaz/

12:55:07 [kaz]

i/Luca will make/scribenick: kaz/

12:55:13 [McCool]

... and if we allow combinations, they could multiply, if we have a lot of profiles, will lose interop

12:55:17 [kaz]

rrsagent, draft minutes

12:55:18 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz

12:55:33 [McCool]

... and then it's not clear to a developer what they should use

12:55:46 [kaz]

i/two issues/scribenick: McCool/

12:55:48 [kaz]

rrsagent, draft minutes

12:55:49 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz

12:56:25 [McCool]

... and don't really want to be recommending and inefficient approach

12:56:25 [McCool]

s/and/an/

12:56:25 [McCool]

... that also raises implementation burden

12:56:25 [kaz]

rrsagent, draft minutes

12:56:26 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz

12:56:36 [McCool]

ml: this profile is specifically for integration with cloud systems that use cloud events

12:56:48 [kaz]

q+

12:57:13 [McCool]

ege: still makes consumer very complicated, consumer has to support everything given in a TD

12:57:29 [McCool]

ml: we are still increasing interoperability with existing systems

12:57:47 [McCool]

ege: not necessarily; if have two proposals, consumer needs to support both

12:57:50 [kaz]

s/comments)/comments including a table)/

12:57:57 [kaz]

ack e

12:58:24 [McCool]

ml: from implementation perspective, still just parsing JSON object, can ignore things they don't care about, not that hard

12:58:49 [McCool]

... would like to ask that we get some alternative PRs

12:58:57 [kaz]

mm: in summary, agree with Lagally

12:59:01 [kaz]

... two proposals here

12:59:43 [kaz]

... let's move on and see the other issues

13:00:31 [McCool]

kaz: my viewpoint, seems this topic is bigger than one section within profiles, and probably needs more analysis and discussion within whole working group

13:01:01 [McCool]

... ok with handling this as part of bindings, but then we need to discuss it there; it may also impact other specifications

13:01:38 [McCool]

mm: also note that event mechanisms not in next charter

13:01:56 [kaz]

i/in sum/scribenick: kaz/

13:02:03 [kaz]

i/my viewpoint/scribenick: McCool/

13:02:07 [kaz]

[adjourned]

13:02:12 [kaz]

rrsagent, draft minutes

13:02:14 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz

13:02:20 [McCool]

ml: I think it would be unfortunate to wait three years for webhooks, however

15:27:02 [Zakim]

Zakim has left #wot-profile