11:56:39 RRSAgent has joined #wot-profile 11:56:43 logging to https://www.w3.org/2023/02/22-wot-profile-irc 11:56:47 meeting: WoT Profile 12:02:20 present+ Kaz_Ashimura, Michael_Lagally, Michael_McCool 12:04:42 mlagally has joined #wot-profile 12:04:44 McCool has joined #wot-profile 12:06:04 Mizushima has joined #wot-profile 12:08:00 scribenick: McCool 12:08:06 topic: Minutes 12:08:29 ml: review of minutes from Feb 8, 2023 12:08:34 https://www.w3.org/2023/02/08-wot-profile-minutes.html 12:08:43 s/http/-> http/ 12:08:47 s/html/html Feb-8/ 12:09:25 mm: did create the wide review issues 12:09:38 ml: any objections to publishing? 12:09:44 ... none, will publish 12:10:09 topic: Wide Review and Explainer 12:10:13 Ege has joined #wot-profile 12:10:26 present+ Ege_Korkan, Tomoaki_Mizushima 12:10:33 agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Profile_WebConf#Profile_-_Feb_22nd.2C_2023 12:11:07 mm: note that I generally set March 20 as deadline for review 12:11:17 ml: suggest a reminder on March 15 or so 12:11:24 ryuichi has joined #wot-profile 12:11:47 i|note that|-> https://github.com/w3c/wot-profile/issues/358 wot-profile issue 358 - Wide review| 12:11:55 rrsagent, make log public 12:11:57 mm: suggest adding that to the agenda for the Profile call that week 12:12:00 rrsagent, draft minutes 12:12:01 I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz 12:12:08 luca_barbato_ has joined #wot-profile 12:12:32 ml: ok, that will be March 15 12:13:53 mm: also explainer looks ok 12:14:22 https://github.com/w3c/wot-profile/pull/362 12:14:25 ml: I did merge the editorial fix for the explainer - PR 362 12:14:43 mm: ok, I reviewed and was ok with it 12:14:47 topic: PRs 12:14:59 subtopic: PR 365 12:15:03 https://github.com/w3c/wot-profile/pull/365/files 12:15:14 ml: another explainer fix, removing some duplicate text 12:15:24 mm: concur with merging 12:15:28 ml: (merges) 12:16:06 rrsagent, draft minutes 12:16:07 I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz 12:16:13 subtopic: PR 364 12:16:29 ml: http security 12:17:12 q+ 12:17:36 mm: (explains the discussion during the Security call) 12:18:13 present+ Luca_Barbato 12:18:33 mm: so we discussed this in security and had a set of action items, Luca volunteered to make a PR 12:18:50 ... but there were some feedback from Ben we needed to address 12:19:32 i|so we di|-> https://github.com/w3c/wot-profile/issues/6#issuecomment-1427962430 comments on Issue 6 (Recommended Security) based on the discussion during the Security call on Feb 13| 12:20:27 ml: (shows section "5.4 Security" from the diff) 12:20:32 -> https://pr-preview.s3.amazonaws.com/w3c/wot-profile/364/f72b27f...luminem:8b72f9e.html#common-constraints-security diff - 5.4 Security 12:20:43 rrsagent, draft minutes 12:20:44 I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz 12:23:53 scribenick: kaz 12:24:25 ml: let's keep this open, and try another PR for simpler fix 12:25:37 ... Luca, if you can add necessary change to this PR, we can merge this PR as well 12:25:46 ek: what about Webhook? 12:26:05 ... currently, security is a common restriction. right? 12:26:25 mm: Security TF proposed we move the security portion under the HTTP Core Profile 12:26:31 ... but Ben objected 12:26:36 q? 12:26:36 ... so we're putting it back 12:26:40 ack e 12:26:44 ack e 12:27:32 q+ 12:28:22 conclusion: Luca will make necessary changes to PR 364 so that we can merge the PR 12:28:32 subtopic: PR 334 12:28:45 ml: Sebastian is not here, so skip it 12:28:55 subtopic: PR 330 12:29:24 -> https://github.com/w3c/wot-profile/pull/330 PR 330 - Cloud Events Message Format 12:29:46 q+ 12:29:58 ml: (shows section "11. Cloud Events Message Format") 12:29:59 ack k 12:30:09 q+ 12:30:28 -> https://pr-preview.s3.amazonaws.com/w3c/wot-profile/330/885bfe1...b198791.html#sec-http-webhook-profile-message-format diff - 11. Cloud Events Message Format 12:30:53 mm: there was pretty good resource on Webhook security on the Web 12:31:06 ... so the Security TF wanted to follow that 12:31:13 ack m 12:31:29 ... looked at several resources 12:31:48 ... on possibility is adopting to that kind of definitions 12:32:02 s/definitions/definition/ 12:33:12 ml: (shows related issue 224) 12:34:02 -> https://github.com/w3c/wot-profile/issues/224#issuecomment-1437303668 McCool's comments on Webhooks definitions in the issue 224 - subscribeallevents security requirements 12:34:32 q+ 12:35:55 ml: (shows the cloudevents repo) 12:36:13 -> https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/http-webhook.md HTTP 1.1 Web Hooks for Event Delivery - Version 1.0.2 12:36:23 mm: would add an Editor's Note 12:36:47 ek: multiple comments 12:37:09 ... why do we need to use time for informative part of the spec? 12:37:56 ... think normative sections should be more important like sync/async 12:38:49 ... not sure if this would be a good format for green-field Things 12:38:52 q? 12:39:00 q+ 12:39:05 ml: we're working not only for green-field Things 12:39:08 ack e 12:39:25 not acked yet 12:39:28 qq+ 12:39:46 q+ 12:40:25 ... need this kind of clarification since there is no normative binding templates spec yet 12:41:38 ek: if metadata-based approach is not available, we need to use this kind of approach like Webhook 12:41:58 s/Webhook/Cloud events/ 12:42:23 ... but Webhook is not a standard yet 12:44:34 my comments were not exactly what is scribed: cloudevents is putting metadata in the payload which is redundant in WoT since we have TDs. It mandates putting contentType, resource, cloudevents spec version in the payload which can be all in the TD and not in the payload 12:45:30 also cloudevents is in the incubation phase of cloud native foundation at https://www.cncf.io/projects/ and even if it was in the graduated projects, it is not a standard (and probably will not be) unless Cloud Native Foundation is recognized as SDO by the W3C 12:46:02 kaz: sounds like we all are not on the same page 12:46:11 so we need to specify everything ourselves 12:46:39 ... so would suggest we once go back to what we want to do for what kind of use case using which mechanism 12:47:07 ... then revisit how to describe that within our spec like WoT Profile after that 12:47:13 q+ 12:47:18 ack e 12:47:18 Ege, you wanted to react to Ege and to 12:47:21 ack k 12:47:25 q+ Ege 12:47:33 I am not objecting webhooks btw 12:48:08 also if we are now discussing about supporting brownfield, we are breaking the entire design of profiles... 12:50:18 q? 12:50:21 ack m 12:50:39 mm: from my viewpoint, this is needed for compatibility with existing mechanisms 12:51:20 ... Ben's alternative proposal is worth considering 12:52:33 ml: (shows one of Ben's comments) 12:52:55 -> https://github.com/w3c/wot-profile/issues/258#issuecomment-1216599450 Ben's proposal with a table of Member/Type/Mandatory/Comment 12:53:04 luca: two issues, one is web hooks, widely different approaches 12:53:14 i/Luca/scribenick: McCool/ 12:53:19 ... other is payload, not that closely bound to the pattern 12:53:25 q+ 12:53:35 ack l 12:53:40 rrsagent, draft minutes 12:53:42 I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz 12:54:03 ... so could do payload separately, e.g. profile that does webhook+cloud events, and another one that is webhook+ben's proposal 12:54:07 chair: Lagally 12:54:15 ... we don't have to make a decision of one or the other 12:54:31 i/explains the/scribenick: kaz/ 12:54:36 ml: agree, I think we can have multiple profiles, and that is way out 12:54:46 ege: not necessarily profiles in that request 12:54:48 i/so we discuss/scribenick: McCool/ 12:54:58 i/shows section/scribenick: kaz/ 12:55:07 i/Luca will make/scribenick: kaz/ 12:55:13 ... and if we allow combinations, they could multiply, if we have a lot of profiles, will lose interop 12:55:17 rrsagent, draft minutes 12:55:18 I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz 12:55:33 ... and then it's not clear to a developer what they should use 12:55:46 i/two issues/scribenick: McCool/ 12:55:48 rrsagent, draft minutes 12:55:49 I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz 12:56:25 ... and don't really want to be recommending and inefficient approach 12:56:25 s/and/an/ 12:56:25 ... that also raises implementation burden 12:56:25 rrsagent, draft minutes 12:56:26 I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz 12:56:36 ml: this profile is specifically for integration with cloud systems that use cloud events 12:56:48 q+ 12:57:13 ege: still makes consumer very complicated, consumer has to support everything given in a TD 12:57:29 ml: we are still increasing interoperability with existing systems 12:57:47 ege: not necessarily; if have two proposals, consumer needs to support both 12:57:50 s/comments)/comments including a table)/ 12:57:57 ack e 12:58:24 ml: from implementation perspective, still just parsing JSON object, can ignore things they don't care about, not that hard 12:58:49 ... would like to ask that we get some alternative PRs 12:58:57 mm: in summary, agree with Lagally 12:59:01 ... two proposals here 12:59:43 ... let's move on and see the other issues 13:00:31 kaz: my viewpoint, seems this topic is bigger than one section within profiles, and probably needs more analysis and discussion within whole working group 13:01:01 ... ok with handling this as part of bindings, but then we need to discuss it there; it may also impact other specifications 13:01:38 mm: also note that event mechanisms not in next charter 13:01:56 i/in sum/scribenick: kaz/ 13:02:03 i/my viewpoint/scribenick: McCool/ 13:02:07 [adjourned] 13:02:12 rrsagent, draft minutes 13:02:14 I have made the request to generate https://www.w3.org/2023/02/22-wot-profile-minutes.html kaz 13:02:20 ml: I think it would be unfortunate to wait three years for webhooks, however 15:27:02 Zakim has left #wot-profile