-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unique id #139
Comments
There is an ongoing discussion on this topic in w3c/wot-discovery#190 My view is that two different Thing Descriptions retrieved from two separate URLs should be treated by a Consumer as two separate Web Things, regardless of what they provide as an I don't agree that As a compromise, if we make Direct discovery mandatory by saying that a compliant TD has to be retrieved from an HTTP URL, then I propose that the URL from which the Thing Description was retrieved could be used as the default |
You can trigger a bad feedback from the wide review. Strongly discouraging |
Arch call on May 4th: |
Resolution: use uuidv4 for ids: https://datatracker.ietf.org/doc/html/rfc4122 and make ids mandatory |
I looked into UUIDs and it seems that v4 is appropriate. Versions v1-v3 are obsolete. Version v5 might be an option but v4 uses pure random numbers and v5 uses SHA-1 hashing. Version v3 also used hashing, but MD5, which is now considered obsolete (broken from a security point of view). I think v4 is the safe choice; if SHA-1 is broken in the future like MD5 was it will cause a problem. |
The only issue with v4 is it NEEDS a "good" source of random numbers which might be a problem for constrained devices. Therefore also allowing v5 would be ok if we are concerned about this (perhaps with some guidance on what should be used as input to the hashing algorithm; ideally it would be information that does not have PII issues; in particular it is better to hash the MAC instead of the TD; there is probably guidance in the uuid spec so I would just say "id MUST be in the format of a uuidv4 or uuidv5 URI" and leave it at that). |
Making it mandatory that IDs have to be UUIDs is going to be a problem to implement in WebThings Gateway. Firstly, I don't really agree that IDs should be mandatory, I think that the URL of the Thing Description should be used as the default identifier. But putting that aside for a moment (since requiring that the description of a web thing has a URL on the web is apparently controversial)... In WebThings Gateway, the value of the
Requiring that all IDs must now be UUIDs would require deep architectural changes in WebThings Gateway, but also the cooperation of the authors of around 100 add-ons. What is the rationale for requiring that IDs be UUIDs? I understand there is a privacy concern about immutable identifiers, but I don't really understand the rationale behind that either (see w3c/wot-thing-description#1497). Ideally I don't think the id member should be mandatory, but failing that why can it not just be "any URI" like in the Thing Description specification, potentially with a recommendation to use a mutable UUID (in the form of a URN) in certain use cases where privacy is a factor. |
I'm a bit confused about this statement, to me it is counterintuitive. If you buy a book at Amazon or in a local bookstore, it is still the same book with the same ISBN. |
@benfrancis Thanks for the concrete proposal:
I believe that is a solution where we can get consensus.
|
@mlagally wrote:
I think this boils down to the usual difference in assumptions about whether WoT is just metadata which describes physical IoT devices, or a software abstraction on top of IoT upon which web services can be built. My perspective on this is that a web thing is an abstraction of a physical device as a web service, and therefore the identifier identifies the web thing, not the physical device which may be underlying it. A web thing is an abstraction which may represent zero, one or many physical devices and a physical device may be represented by one or many web things. Web resources are identified by URIs and those URIs should ideally not change. Therefore the URI of the Thing Description could be sufficient as an identifier of a web thing.
That would be fine. |
Unless TD 1.1 requires ID rotation, in which case requiring an ID may suddenly become a lot more complicated to implement. |
There's an ID Proposal in #271 |
Without a canonical representation of a TD a consumer needs a different way to identify if two TDs describe the same thing.
unique ids are optional in the TD specification, but should be mandatory for profiles.
The text was updated successfully, but these errors were encountered: