diff --git a/index.html b/index.html index b68febe1..b265f520 100644 --- a/index.html +++ b/index.html @@ -43,7 +43,7 @@ }, { name : "Farshid Tavakolizadeh", w3cid : "122520", - company : "Fraunhofer-Gesellschaft", + company : "formerly Fraunhofer-Gesellschaft, currently Invited Expert", companyURL : "https://www.fraunhofer.de/" }, { name : "Kunihiko Toumura", @@ -1157,9 +1157,11 @@

Thing Description Directory

Information Model

+ As shown in [[[#exploration-class-diagram]]], the Thing Description Directory can contain zero or more TDs. @@ -1356,11 +1358,13 @@

Directory Service API

set in the HTTP request [[RFC7231]].

+

The APIs set the HTTP status codes as defined in @@ -1577,9 +1581,6 @@

Creation

In particular, if `ttl` (relative expiry) is given during the creation, such servers will calculate and store the `expires` value.

- -

-

@@ -2087,10 +2088,12 @@

Validation

] } + @@ -2165,10 +2168,11 @@

Events API

get multiplexed on a single connection.

- +
Event Data
@@ -2323,6 +2327,7 @@

Search API

Syntactic search: JSONPath

+ Support for JSONPath Search API is optional. If implemented, the JSONPath API must allow searching TDs using an HTTP GET request at `/search/jsonpath?query={query}` endpoint, where `query` is the JSONPath expression. @@ -2405,10 +2411,12 @@

API Specification (Thing Model)

+

The context URIs are tentative and subject to change.

@@ -2940,7 +2948,7 @@

CoRE Resource Types Registration

Link Target Attribute Values sub-registry of the Constrained Restful Environments (CoRE) Parameters registry defined in [[RFC6690]].

- +
diff --git a/publication/3-wd/Overview.html b/publication/3-wd/Overview.html index de0cb9d0..9192dac2 100644 --- a/publication/3-wd/Overview.html +++ b/publication/3-wd/Overview.html @@ -2,7 +2,7 @@ +"HTML Tidy for HTML5 for Linux version 5.8.0"> - +

W3C Working Draft -

-
+
More details about this document
This version:
https://www.w3.org/TR/2022/WD-wot-discovery-20220627/
+"https://www.w3.org/TR/2022/WD-wot-discovery-20220704/">https://www.w3.org/TR/2022/WD-wot-discovery-20220704/
Latest published version:
https://www.w3.org/TR/wot-discovery/
@@ -1074,8 +1089,8 @@

Web of Things (WoT) Discovery

Corp.)
Farshid Tavakolizadeh (Fraunhofer-Gesellschaft)
+"p-org org h-org" href="https://www.fraunhofer.de/">formerly +Fraunhofer-Gesellschaft, currently Invited Expert)
Kunihiko Toumura (Hitachi, @@ -1353,7 +1368,7 @@

Table of
  1. 9.1 Location Tracking
    2. +"secno">9.1 Location Tracking and Profiling
  2. 9.2 Query Tracking
    3. @@ -1387,8 +1402,11 @@

    Table of "secno">A. Recent Specification Changes
    1. A.1 Changes -from First Draft
      2. +"#changes-from-second-draft">A.1 Changes +from 2 June 2021 Working Draft +
    2. A.2 Changes +from 24 November 2020 First Public Working Draft
  3. 7.2 class="internalDFN" data-link-type="dfn" id= "ref-for-dfn-td-16">TD MUST have a 2.05 (Content) status, contain a Content-Format option with value -432 (application/td+json), and the application/json) or 432 +(application/td+json), and the TD in the payload. Note that the payload might be split over multiple message exchanges using @@ -2692,13 +2711,6 @@

    7.3.1 Information Model

-
-
Editor's note: Directory Information Model
-

To Do: Formal definition of information contained in a -directory and its organization.

-
As shown in @@ -2963,30 +2975,6 @@

RFC7231].

-
-
Issue 150: -Definition of Problem Details error types Stretch goalDiscuss2021-10 F2F
-

There are currently no WoT-specific error classes. In -the meantime, the Problem Details error responses may omit the -type field which defaults to "about:blank" and set -title to the HTTP status text.

-

The APIs set the HTTP status codes as defined in Section 6 of [7.3.2.1.1 In particular, if ttl (relative expiry) is given during the creation, such servers will calculate and store the expires value.

-
-
Issue 48: How -to avoid duplicates in a directory Propose -Closing
-

Registration of TDs using non-idempotent HTTP POST -method enables creation of anonymous TDs (TDs without id attribute). The producer can distinguish -between the created TDs using the unique-system generated IDs given -in the response Location header.

-

A side-effect of this is that clients will be able to -register duplicate TDs accidentally or on purpose.

-

Need to clarify:

-
    -
  • What are the use cases where a duplicate TD is desired?
    • -
  • How can we mitigate accidental duplicates (deduplication)?
    • -
-
@@ -3310,7 +3275,7 @@
7.3.2.1.2 "hljs-string">"Simple TD" }
-
Issue 148: @@ -3364,7 +3329,7 @@
7.3.2.1.2 "hljs-string">"Anonymous TD" }
-
Issue 148: @@ -3414,7 +3379,7 @@
7.3.2.1.2 "hljs-string">"Expirable TD" }
-
Issue 148: @@ -3873,32 +3838,9 @@
7.3.2.1.6 "hljs-string">"Invalid type. Expected: string, given: integer" } ] -} -
-
Issue 150: -Definition of Problem Details error types Stretch goalDiscuss2021-10 F2F
-

This example skips the type field due to -the current lack of WoT-specific error types.

-
- +}
-
Issue 99: @@ -3975,23 +3917,6 @@
7.3.2.2 thing_deleted) from the server. When using HTTP/2, multiple subscriptions on the same domain (HTTP streams) get multiplexed on a single connection.

-
-
Issue 176: -Event payload filtering Stretch goal2021-10 F2F
-
Event filtering based on the payload is work in -progress.
-
Event Data
@@ -4075,7 +4000,7 @@
7.3.2.2 data: } id: event_1
-
Issue 148: @@ -4147,8 +4072,8 @@
7.3.2.2 "secno">7.3.2.4 API Specification (Thing Model), namely: thingCreated, thingUpdated, and thingDeleted.

-
-
+
Editor's note: SSE Authorization Header

Some early SSE implementations (including HTML5 @@ -4166,8 +4091,8 @@

7.3.2.3 Search API
-
-
+
Editor's note: Search API Overview

Sub-API to search a directory, e.g. issue a query. @@ -4208,30 +4133,6 @@

This section is non-normative.

-
-
Issue 234: -JSONPath as a search query language Propose -ClosingConsolidation
-
The standardization of JSONPath expressions is in -progress by an independent working group. This section remains -non-normative until the release of final JSONPath specification by -IETF. In the meantime, clients should consider the JSONPath API as -unstable and expect deviations across Thing Description -Directory implementations.
-
Support for JSONPath Search API is optional. If implemented, the JSONPath API must allow searching TDs using an HTTP GET request at @@ -5215,18 +5116,8 @@
-
-
Issue 82: -Creation of OpenAPI spec from Directory TD
-

Need to confirm if equivalent OpenAPI spec can be -easily created out of the TM. If yes, a sentence may be added -indicating this possibility.

-
-
-
+
Editor's note: Context URIs

The context URIs are tentative and subject to @@ -5505,12 +5396,20 @@

9. factory automation, there is the chance that data about employee performance would be captured and would have to be managed appropriately.

-

With these categories established, we will now discuss some -specific privacy risks and potential mitigations.

+

In the following we make frequent reference to "tracking". This +term covers multiple privacy risks, including location tracking and +behavioral profiling. In general, the definition of "profiling" +given in Article 4 of the GDPR [GDPR-Defs] +is to be considered equivalent to "tracking" as used in this +document.

+

With these definitions and categories established, we will now +discuss some specific privacy risks and potential mitigations.

-

9.1 -Location Tracking

+

9.1 Location Tracking and Profiling

@@ -5539,6 +5438,14 @@

9.1 which could be used to infer that a person is NOT in a particular location, e.g. not at home. +

Location tracking is not the only profiling risk. In general, +"profiling" includes any mechanism used to evaluate information +about a person, including economic status, health, preferences, +interests, reliability, and behavior. Some of the metadata in a TD +can be used to infer information of this kind if the described +Thing can be associated with a person. Some of the mitigations +below are also applicable to this more general definition of +profiling.

Some of these risks are shared by similar services. For example, DCHP automatically responds to requests for IP addresses on a local network, and devices typically provide an identifier (a MAC @@ -5548,56 +5455,71 @@

9.1 and infer their location.

Mitigations:
-
-

There are a few options to mitigate this risk:

+
There are a few options to mitigate these risks:

Value
+
@@ -5774,7 +5696,7 @@

Directory Description of a Thing Description +"ref-for-dfn-wot-thing-description-directory-25">Thing Description Directory

ValueA. Recent Specification Changes -
+
-

A.1 -Changes from First Draft

-A.1 +Changes from 2 June 2021 Working Draft +
    +
  • Use wot for well-known URI service name.
    • +
  • Refer to TD and Architecture specs for general constraints on +secure transport.
    • +
  • Define requirements for CoAP-based TD Servers.
    • +
  • Introduction of TD Server exploration, with self-description as +a special case.
    • +
  • Elaboration of class diagram to clarify that not all +Directories need to be self-describing.
    • +
  • Clarify and consolidate error codes and ontology.
    • +
  • Add assertions for UTF-8 supporting internationalization.
    • +
  • Update overview figure showing introduction and exploration +mechanisms.
    • +
  • Add Discoverer section defining requirements for discovery +clients.
    • +
  • Use Thing Model instead of a Thing Description example for +Directory API.
    • +
  • Refactor Directory Service API (td->thing, split anonymous +create action, retrieve one and search as actions, listing as +things property, split events)
  • Add amplification DDOS security consideration.
  • Split Security and Privacy Considerations into separate sections.
    • +
  • Define status of search mechanisms: JSON Path, XPath, and +SPARQL.
    • +
  • Pagination as array and pagination as collection.
    • +
  • Updates to events API.
    • +
  • TD expiry management.
    • +
  • HEAD method support.
    • +
+
+
+
+

A.2 +Changes from 24 November 2020 First Public Working Draft

+
+ diff --git a/publication/3-wd/index.html b/publication/3-wd/index.html index 73d8b2b9..56f81735 100644 --- a/publication/3-wd/index.html +++ b/publication/3-wd/index.html @@ -47,7 +47,7 @@ }, { name : "Farshid Tavakolizadeh", w3cid : "122520", - company : "Fraunhofer-Gesellschaft", + company : "formerly Fraunhofer-Gesellschaft, currently Invited Expert", companyURL : "https://www.fraunhofer.de/" }, { name : "Kunihiko Toumura", @@ -64,6 +64,11 @@ } ] }], localBiblio : { + "GDPR-Defs" : { + title: "General Data Protection Regulation (GDPR) Article 4 - Definitions" + , href: "https://gdpr-info.eu/art-4-gdpr/" + , publisher: "European Union (EU) and the European Economic Area (EEA)" + }, "OWASP-Top-10" : { title: "OWASP Top Ten" , href: "https://owasp.org/www-project-top-ten/" @@ -1107,7 +1112,8 @@

Thing Description Server

A successful response from a CoAP-based TD Server providing a TD MUST have a 2.05 (Content) status, contain a Content-Format option - with value 432 (`application/td+json`), and the TD in the payload. + with value 50 (`application/json`) or 432 (`application/td+json`), + and the TD in the payload. Note that the payload might be split over multiple message exchanges using block-wise transfer [[RFC7959]]. @@ -1157,9 +1163,11 @@

Thing Description Directory

Information Model

+ As shown in [[[#exploration-class-diagram]]], the Thing Description Directory can contain zero or more TDs. @@ -1356,11 +1364,13 @@

Directory Service API

set in the HTTP request [[RFC7231]].

+

The APIs set the HTTP status codes as defined in @@ -1577,9 +1587,6 @@

Creation

In particular, if `ttl` (relative expiry) is given during the creation, such servers will calculate and store the `expires` value.

- -

-

@@ -2089,10 +2096,12 @@

Validation

] } + @@ -2170,9 +2179,11 @@

Events API

+
Event Data

@@ -2329,6 +2340,7 @@

Search API

Syntactic search: JSONPath

+ Support for JSONPath Search API is optional. If implemented, the JSONPath API must allow searching TDs using an HTTP GET request at `/search/jsonpath?query={query}` endpoint, where `query` is the JSONPath expression. @@ -2892,10 +2905,12 @@

API Specification (Thing Model)

--> +

The context URIs are tentative and subject to change.

@@ -3181,11 +3196,17 @@

Privacy Considerations

be captured and would have to be managed appropriately.

- With these categories established, we will now discuss some specific + In the following we make frequent reference to "tracking". This term covers + multiple privacy risks, including location tracking and behavioral profiling. + In general, the definition of "profiling" given in Article 4 of the + GDPR [[GDPR-Defs]] is to be considered equivalent to "tracking" as used in this document. +

+

+ With these definitions and categories established, we will now discuss some specific privacy risks and potential mitigations.

-

Location Tracking

+

Location Tracking and Profiling

A discovery service may potentially allow the approximate location of a person to be determined without their consent. This risk occurs in some specific circumstances which can be avoided or @@ -3212,6 +3233,16 @@

Location Tracking

a while, which could be used to infer that a person is NOT in a particular location, e.g. not at home. +

+ Location tracking is not the only profiling risk. + In general, "profiling" includes any mechanism used to evaluate + information about a person, including economic status, health, + preferences, interests, reliability, and behavior. + Some of the metadata in a TD can be used to infer information + of this kind if the described Thing can be associated with a person. + Some of the mitigations below are also applicable to this more + general definition of profiling. +

Some of these risks are shared by similar services. For example, DCHP automatically responds to requests for IP addresses on a local network, and devices typically provide an identifier (a MAC @@ -3222,13 +3253,12 @@

Location Tracking

Mitigations:
-

- There are a few options to mitigate this risk: -

+ There are a few options to mitigate these risks:
  • - To avoid location tracking, a WoT Thing MAY + To avoid location tracking and other forms of profiling, + a WoT Thing associated with a person MAY disable registration with public directories. Registration would still be possible with personal directories, for example, a home gateway, but a user could disable registration at other @@ -3238,8 +3268,9 @@

    Location Tracking

    access control limiting use to authorized users.
  • - To avoid location tracking, a WoT Thing MAY - use Anonymous TDs. + To avoid location tracking and other forms of profiling, + a WoT Thing associated with a person SHOULD use anonymous TDs + when registering with a public directories. In some cases, it may be possible to use anonymous TDs and omit explicit IDs from TDs submitted to a TDD. In this case the TDD will generate a local ID valid @@ -3250,7 +3281,8 @@

    Location Tracking

  • - To avoid location tracking, a WoT Thing MAY + To avoid location tracking and other forms of profiling, + a WoT Thing associated with a person MAY periodically generate new IDs. Using fixed IDs makes it exceptionally easy to track devices. This problem also occurs in DHCP with MAC address and there is a similar partial mitigation: @@ -3266,8 +3298,18 @@

    Location Tracking

    inferred. This is however exactly parallel to the situation with DHCP and rotation of MAC addresses. In general, however, generating new IDs at least for each service or person to which a TD is supplied makes it harder to connect registration events at different locations and times. +It is also prudent to generate new identifiers upon major changes in configuration, +such as unregistering from a local network or hub and registering with a new one (which typically indicates +a change in ownership). There is a related issue with long-lived IP addresses which might need to be updated periodically to mitigate tracking. In the context of ipv6 [[RFC8981]] discusses this. + Finally, there is a problem with devices that require immutable identifiers, + e.g. medical devices in such jurisdictions. + This is discussed in [[wot-thing-description11]], but in summary the + problem can be avoided if such immutable identifiers are made available + only as protected properties, e.g. via affordances requiring authentication, + not in the TD, and the TD identifier itself (if used) is + independent of the immutable identifier, and so can be made mutable.
  • @@ -3400,7 +3442,7 @@

    CoRE Resource Types Registration

    Link Target Attribute Values sub-registry of the Constrained Restful Environments (CoRE) Parameters registry defined in [[RFC6690]].

    - +
    @@ -3424,13 +3466,32 @@

    CoRE Resource Types Registration

    - +

    Recent Specification Changes

    -

    Changes from First Draft

    +

    Changes from 2 June 2021 Working Draft

      +
    • Use wot for well-known URI service name.
      • +
    • Refer to TD and Architecture specs for general constraints on secure transport.
      • +
    • Define requirements for CoAP-based TD Servers.
      • +
    • Introduction of TD Server exploration, with self-description as a special case.
      • +
    • Elaboration of class diagram to clarify that not all Directories need to be self-describing.
      • +
    • Clarify and consolidate error codes and ontology.
      • +
    • Add assertions for UTF-8 supporting internationalization.
      • +
    • Update overview figure showing introduction and exploration mechanisms.
      • +
    • Add Discoverer section defining requirements for discovery clients.
      • +
    • Use Thing Model instead of a Thing Description example for Directory API.
      • +
    • Refactor Directory Service API (td->thing, split anonymous create action, retrieve one and search as actions, listing as things property, split events)
    • Add amplification DDOS security consideration.
    • Split Security and Privacy Considerations into separate sections.
      • +
    • Define status of search mechanisms: JSON Path, XPath, and SPARQL.
      • +
    • Pagination as array and pagination as collection.
      • +
    • Updates to events API.
      • +
    • TD expiry management.
      • +
    • HEAD method support.
      • +
    +

    Changes from 24 November 2020 First Public Working Draft

    +
    • Update name of directory service to "Thing Description Directory" with acronym TDD, to avoid confusion with the acronym TD used for Thing Descriptions.
      • @@ -3479,7 +3540,6 @@

      Changes from First Draft

    -

    Acknowledgments

    Value