-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Discovery section to HTTP Baseline Profile - closes #112 #121
Conversation
In the last call it was proposed that Well-Known URI discovery mechanism also be made mandatory in the Core Profile. I have spent some time looking into this further and wanted to report back my findings. tl;dr: My recommendation is not to make the well-known URI discovery mechanism mandatory for the Core Profile because in many cases it also has the unintended consequence of making the Directory Service API mandatory too. As I think @danielpeintner mentioned on the call, there's a limitation which means that there can only be one well-known URI per origin, at This means that a consequence of making the well-known URI discovery mechanism mandatory would be that for implementations which host multiple Things (e.g. a gateway or directory or just a device which exposes itself as two Web Things), it would also be mandatory to provide a Directory Description and implement the whole of the Directory Service API as well. I don't necessarily think it's a bad thing for the Core Profile to make the Directory Service API mandatory, but it would significantly increase the amount of work needed to make implementations conformant with the Core Profile (this is particularly onerous as long as the write and search functions are still mandatory, though I'm hoping those requirements might be dropped, see w3c/wot-discovery#208). In the short term this may also cause a problem with making sure we have two implementations of the specification for standardisation purposes. Whilst it is my intention to implement the Core Profile on WebThings Gateway over the next few months as the specification stabilises, although I would like to I can't guarantee implementing the Directory Service API as well since I don't currently have enough funding for that. If there isn't another implementation within the publication timeline of the Profile specification then this might put this feature at risk. I don't imagine that when people suggested making the well-known URI discovery mechanism mandatory it was also their intention to make the Directory Service API mandatory too, so I think this warrants further discussion. I also don't particularly think that the well-known URI discovery mechanism adds much value over the Direct discovery mechanism. For the Direct Discovery mechanism a Consumer needs to be provided with the URL of a Thing Description (e.g. https://mythings.com/things/foo), but for the well-known URI discovery mechanism it still needs to be provided with the host (e.g. https://mythings.com) in order to derive the URL of the Thing Description (e.g. https://mythings.com/.well-known/wot-thing-description). In some cases the Thing Description URL and host URL may even be the same (e.g. https://toaster42.things.com/). The well-known URI discovery mechanism also puts an additional constraint on the URL of a Thing Description since it always has to have an absolute path of .well-known/wot-thing-description and can't just be hosted at the root domain for example (unless a redirect is implemented). Taking into account all of these factors my recommendation is not to make the well-known URI discovery mechanism mandatory for the Core Profile. There may be an argument for making the Directory Service API mandatory in cases where a single origin hosts multiple Thing Descriptions, but that's really a separate discussion. CC @mlagally, @mmccool, @sebastiankb, @farshidtz, @relu91, @egekorkan |
153a554
to
5f83d3d
Compare
I think requiring the directory API is not what we want to achieve here. |
@mlagally wrote:
I agree that wasn't the intention, and that would be a separate discussion.
Putting the issue of the Directory Service API aside, I still don't think it's possible to make the Well-Known URI discovery mechanism mandatory for all Web Things conforming to the Core Profile. You can only have one well-known URI per origin, so it doesn't work for cases where multiple Thing Descriptions are hosted from the same origin. I don't think this is something that the discovery task force (I assume you meant them, and not the security task force?) can fix, because it's inherent in the way well-known URIs work (see RFC8615). My recommendation is therefore that only the Direct discovery mechanism (i.e. that a Thing Description must be retrievable from an HTTP URL) should be mandatory for the Core Profile, so we should land this PR as it is. |
For reasons other than those cited (which I think are all fixable) I would not recommend making .well-known mandatory since it's only useful for self-description, and making self-description mandatory has privacy* implications. Note however it is mostly for the case where you don't have the real URL, just e.g. an IP address. The privacy implications are mostly because of the frustrating lack of a general security/authentication mechanism that can be supported in all use cases, esp LANs. Depending on "closed networks" is in fact current practice in many home IoT deployments but is somewhat... unsatisfying. |
I think the privacy problem can be solved even with a mandatory self description mechanism.
With these thoughts, I suggest to make the well known URL mechanism mandatory. |
As of today, the current discovery specification is in flux and may create significant additional implementation burden on the consumer. I suggest we hold off with this MR until the discovery spec is consolidated. After that we should consider whether the constraints that are defined in the discovery specification are causing significant implementation burden. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggest we wait until the discovery spec is more stable.
Proposal based on w3c/wot-discovery#263 (comment)... How about we say that for the HTTP Baseline Profile:
In other words, Things and Consumers must support the Direct introduction mechanism and Self-description exploration mechanism, but don't necessarily have to implement Thing Directories and Thing Links. |
Arch call on 11.5.: |
Yes the PR needs some work, but I was hoping to agree on the general requirement first.
It doesn't prevent the TD being shared by email, it just requires that TDs which conform to the HTTP Baseline profile can be fetched over HTTP. That means that any conforming consumer will be able to discover any conforming Thing using the Direct introduction mechanism. If no discovery mechanisms are mandatory then the TD may not be discoverable at all by conforming consumers, and therefore not interoperable.
I see now harm in a self link in the TD, but how does that help with discovery? |
It's currently looking like support for "security bootstrapping" (aka "Thing Description authentication") may be made optional in the WoT Discovery specification. This may mean that out-of-the box interoperability between WoT Consumers and WoT Directories (or in fact self-describing Things) is not possible for Thing Descriptions which require authentication. If this is the case, I think it further strengthens the argument to add a Discovery section to the HTTP Profile which adds additional constraints on top of what is described in the WoT Discovery specification. Specifically:
Without this third constraint it's likely that (where TD authentication is required) only WoT Consumers and WoT Directories (and Things) from the same vendor will work together, since Consumers will require custom code for each Directory implementation they consume. See also: w3c/wot-discovery#313 (comment). |
I am not against some additional constraints on Discovery in the http-baseline-profile but want to make some observations:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think with a few tweaks, to mention a TD Server that the URL provided by Direct points at (a Direct Introduction itself does not provide a TD, it points at a TD Server that provides it) this could be merged. But the whole problem does need more thought.
index.html
Outdated
<h2 id="discovery">Discovery</h2> | ||
<p class="rfc2119-assertion" id="core-profile-discovery-1"> | ||
In order to a conform with the Core Profile, a Web Thing's Thing | ||
Description [[wot-thing-description]] MUST be retrievable from a URL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the new terminology, what you want to say here is the Thing Description for a Thing must be available from a TD Server, given a URL provided with (at least) Direct introduction (which just means the user needs to provide the URL, somehow).
See my other comments. Given we are talking greenfield devices, it might be best after all if we require .well-known and self-description, as long as we can resolve the privacy/security issues.
index.html
Outdated
Direct Introduction Mechanism</a> [[wot-discovery]]. | ||
</p> | ||
<p class="rfc2119-assertion" id="core-profile-discovery-2"> | ||
In order to a conform with the Core Profile, a Consumer MUST be |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe "retrieve a TD from a TD Server" using the new terminology in WoT Discovery.
We could (and should) use a self descriptive mechanism, which may require authentication. This would be up to the device manufacturer to decide. All OOTBI scenarios would work, if the consumer knows the credentials.
I'm ok with the finite set of auth mechanisms, we may be even able to define the list. |
I think the profile should not make directories mandatory, because profile compliant things will work in many use cases that do not require them.
This is similar to the approach in my previous comment, bnut it needs more thought. Who would provide this "group key"? Can it be revoked/updated when a device is transferred to a new owner? |
@benfrancis |
I said making Discovery mandatory, not Directories... |
Arch call on July 20th: |
OK, I've reduced this down to the simplest, least contentious form I can think of, following the new terminology in the WoT Discovery specification.
Hopefully this establishes the most basic requirement for discovery via HTTP. I think two further points require further discussion as follow-up work:
I would like to do the former if possible, but it will require defining a fixed set of authentication mechanisms (see #250). I don't think the latter is necessarily a good idea, because of the limitations of only one well-known URL per origin. |
@mlagally wrote:
I originally thought this was a good idea too, but we've now established that this doesn't work as a bootstrapping mechanism because the security metadata in a Thing Description refers to the endpoints of interaction affordances, not to the Thing Description resource itself. See w3c/wot-discovery#135. The WoT Discovery specification now describes another mechanism in 7.1.2 Security Bootstrapping which uses HTTP 401, 302 or 303 response codes (depending on the security mechansim being used). Support for this bootstrapping mechanism is not currently mandatory for either Producers or Consumers, so as things stand only unauthenticated Thing Descriptions (consumed by Consumers which support HTTP and a Direct introduction mechanism) are guaranteed to be discoverable with the above addition to the HTTP Baseline Profile. |
@benfrancis Thanks for fixing the merge conflict. |
<section> | ||
<h2 id="http-baseline-profile-discovery">Discovery</h2> | ||
<p class="rfc2119-assertion" id="http-baseline-profile-discovery-1"> | ||
In order to conform with the HTTP Baseline Profile, a Web Thing's Thing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this language is problematic, since it mandates the presence of a TD server as part of a deployment of profile compliant devices and I don't understand the rationale behind it.
How does the manufacturer of a thing ensure that the TD is deployed in this way? What if all TDs are stored on an old-fashioned FTP server or are stored in the file system (or hard coded) in the consumer?
I don't see a clear business model for a 3rd party to provide a TD server with a revenue stream that pays for running the server.
I'm afraid that if we enforce that constraint, we might risk adoption of the profile.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I sort of agree with this comment but we don´t have to make a one size fits all profile anyways, just an implementable subset is fine. If we are trying to make something that fits all, lots of other parts of the spec are open for change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mlagally wrote:
I think this language is problematic, since it mandates the presence of a TD server as part of a deployment of profile compliant devices and I don't understand the rationale behind it.
A TD server is just an HTTP server which can serve a single JSON Thing Description. A Web Thing conforming to an HTTP already has to have an HTTP server serving JSON resources, so there's no reason the Thing Description (the most important resource of all) couldn't be served over HTTP too.
How does the manufacturer of a thing ensure that the TD is deployed in this way?
The obvious way is for the Web Thing to serve its own Thing Description, as described above. But they could host it elsewhere if they really wanted to... I don't think I understand the problem.
What if all TDs are stored on an old-fashioned FTP server or are stored in the file system (or hard coded) in the consumer?
Then it's not compliant with the profile. I don't know why on earth a manufacturer of a greenfield HTTP-based device would want to do either of those things. Hard-coding TDs in a Consumer is particularly counterproductive as far as interoperability is concerned.
I don't see a clear business model for a 3rd party to provide a TD server with a revenue stream that pays for running the server.
They don't need to. The Web Thing can serve the TD itself.
I'm afraid that if we enforce that constraint, we might risk adoption of the profile.
I'm afraid that if Thing Descriptions don't have even one single basic mechanism for discovering them, it will risk adoption of the profile. Do you have another proposed mechanism other than the HTTP profile requiring the TD be served over HTTP?
I'm really surprised that having the HTTP Profile require that Thing Descriptions are served over HTTP is in any way controversial. I thought we already agreed that in the last meeting:
Arch call on July 20th:
It seems to ok to require that TDs have a HTTP URL, wording of the spec needs to be aligned with the discovery spec.
Proposed way forward: upate language, resolve merge conflict.
Arch call on Aug 3rd: agree to merge |
This PR adds a Discovery section to the Core Profile as suggested in #112.
I propose that the only mandatory discovery mechanism for the Core Profile should be Direct discovery, simply meaning that the Thing's Thing Description must be retrievable from an HTTP URL.
Preview | Diff
Preview | Diff