Update WoT runtime related text based on discussion in #2

Signed-off-by: Zoltan Kis <[email protected]>

Author: zolkis

index.html

@@ -107,26 +107,23 @@
     This document defines conformance criteria that apply to a single product: the <dfn>UA</dfn> (user agent) that implements the interfaces it contains.
   </p>
   <p>
-    The UA may be implemented in the browser, or in a separate runtime environment.
+    This specification can be used for implementing the WoT Scripting API in multiple language bindings. Currently ECMAScript and TypeScript definitions are described in this document. For specifying bindings in other languages, extensions of this document may be created later.
   </p>
   <p>
-    This specification can be used for implementing the WoT Scripting API in multiple language bindings. Currently ECMAScript and TypeScript definitions are described in this document. For specifying bindings in other languages, extensions of this document may be created later.
+    The UA may be implemented in the browser, or in a separate runtime environment, such as [Node.js](https://nodejs.org/en/) or small embedded runtimes such as the [JavaScript Runtime for Zephyr OS](https://www.zephyrproject.org/community/blog/introducing-javascript-runtime-zephyr-os).
   </p>
   <p>
     Implementations that use ECMAScript executed in a browser to implement the APIs defined in this document MUST implement them in a manner consistent with the ECMAScript Bindings defined in the Web IDL specification [[!WEBIDL]].
   </p>
   <p>
-    Implementations that use TypeScript or ECMAScript in a <a>RunTime</a> to implement the APIs defined in this document MUST implement them in a manner consistent with the TypeScript Bindings defined in the TypeScript specification [[!TYPESCRIPT]].
+    Implementations that use TypeScript or ECMAScript in a runtime to implement the APIs defined in this document MUST implement them in a manner consistent with the TypeScript Bindings defined in the TypeScript specification [[!TYPESCRIPT]].
   </p>
   <p>
     This document serves a general description of the WoT Scripting API. Language and runtime specific issues are discussed in separate extensions of this document.
   </p>
   </section>
 
   <section> <h2>Terminology and conventions</h2>
-  <p>
-    A <dfn>WoT runtime</dfn> or simply <dfn>Runtime</dfn> is defined as a software stack that manages the lifecycle of WoT application scripts (see also the [Wikipedia definition](https://en.wikipedia.org/wiki/Runtime_system)). In the case of ECMAScript and TypeScript scripts, it consists of an ECMAScript interpreter, script lifecycle management, and an operating system API that provides access to local and remote resources. A Runtime can be modeled as a virtual machine in the sense that it should be completely isolated from other execution environments on memory address space, storage address space (file system), network namespace, etc. A runtime may be for instance a Node.js environment, an embedded runtime based on a small JavaScript engine, or provided by a browser.
-  </p>
   <p>
     The following terms are defined in [[!WOT-PRACTICES]]:
   </p>
@@ -145,11 +142,19 @@
 
     <dt><dfn>JSON-LD</dfn></dt>
     <dd>A JSON document that is augmented with support for Linked Data by providing an <code>@context</code> property with a defining URI [[!JSON-LD]].</dd>
-
   </dl>
   <p>
     <dfn data-lt="consume|consume a TD|consuming a TD">Consuming a Thing Description</dfn> means parsing the <a>Thing Description</a> and building a resource model with the use of <a>Protocol Bindings</a> that can be used in a script for accessing and controlling the Thing. A <a>Thing</a> when starts up, consumes its own <a>TD</a>, then it exposes its <a>WoT interface</a> as a server. Note that a script on a <a>Thing</a> may consume other <a>TD</a>s and expose a combined interface of the consumed <a>Things</a>.
   </p>
+  <p>
+    A <dfn>WoT Runtime</dfn> or <dfn>WR</dfn> is defined as a software stack that manages the lifecycle of WoT application scripts, implements a script interpreter, an event loop, a security enforcement point for access management and uses an operating system API that provides access to local and remote resources. A <a>WR</a> should be isolated from other execution environments on memory address space, storage address space (file system), network namespace, etc. For instance, a <a>WR</a> may be implemented in a Node.js environment, or in an embedded runtime based on a small JavaScript engine, or in a browser.
+  </p>
+  <p class="note">
+    In this version of the specification, a <a>WR</a> MAY run either an idle event loop, or a script that has been deployed to it by a method that is out of scope of this document. However, new <a>Thing</a>s can be added<a> and Thing</a>s running in the <a>WR</a> can be updated by using the methods of this API from a script run in another <a>WR</a>.
+  </p>
+  <p>
+     A <a>Thing</a> is represented either as a <a>ConsumedThing</a> (for remote <a>Things</a> obtained by discovery) or <a>ExposedThing</a> (local <a>Thing</a>s created with this API inside a <a>WR</a>). All <a>ExposedThing</a>s contained in a <a>WR</a> are serving external requests through the same event loop, and are said to be <dfn>local Things</dfn> to each other. All other <a>Thing</a>s that run in a different <a>WR</a>, even if on the same physical hardware, are said to be <dfn>remote Things</dfn> to each other.
+  </p>
   <p>
     The terms <a href="http://www.w3.org/TR/url-1/"><dfn>URL</dfn></a> and
     <a href="https://url.spec.whatwg.org/#concept-url-path">
@@ -255,7 +260,7 @@
     <ul>
       <li>Discover <a>Thing</a>s by filters defined on <a>Thing Description</a>s</li>
       <li>Discover <a>Thing</a>s by semantic filters</li>
-      <li><a>Fetch and consume a TD</a> of a remote <a>Thing</a>.</li>
+      <li>Fetch and <a>consume a TD</a> of a remote <a>Thing</a>.</li>
       <li>On a consumed <a>Thing</a>,
         <ul>
           <li>Get the value of a property or set of properties.</li>
@@ -307,97 +312,66 @@
   </p>
   </section>
 
-  <section> <h2 id="security">Security and Privacy</h2>
-  <p>
-    The trust model, attacker model, threat model and possible mitigation
-    proposals for the Wot Scripting API are presented in the [Security and Privacy document](http://w3c.github.io/wot-scripting-api/security-privacy.html). This section presents the chosen
-    security and privacy model through normative requirements to implementations.
-  </p>
-
-    <section> <h3>Chain of Trust</h3>
-    <p>
-      Things discoverable and accessible in a WoT network SHOULD be identified and authenticated.
-    </p>
-    <p>
-      The integrity of WoT communication SHOULD be ensured by implementations.
-    </p>
-    </section>
-
-    <section> <h3>Threat Model</h3>
-    <p>
-    The main threats are summarized in the [Security and Privacy document](http://w3c.github.io/web-nfc/security-privacy.html#threats-and-possible-solutions).
-    </p>
-    <p>
-      In this specification the following threats are considered of the highest priority:
-      <ul>
-        <li>
-          Unauthorized gathering of user-sensitive information.
-        </li>
-        <li>
-          Vulnerability of the underlying protocols.
-        </li>
-        <li>
-          Protect the integrity of <a>Thing</a>s and <a>Thing Description</a>s.
-        </li>
-      </ul>
-    </p>
-    </section>
-
-    <section> <h3>Security Mechanisms</h3>
-      <section> <h4>Identification, Authentication, Authorization</h4>
-      </section>
-
-      <section> <h4>Transport-level security</h4>
-      </section>
-
-      <section> <h4>Application-level security</h4>
-      </section>
-    </section>
-
-    <section class="informative"> <h3>Security policies</h3>
-      <p>
-        This section summarizes the security policies which are specified as
-        normative requirements in the respective algorithms of this
-        specification.
-      </p>
-    </section>
-  </section>
-
   <section> <h2>WoT Data Representation</h2>
   <p>
   </p>
   </section>
 
   <section> <h2>The WoT API</h2>
   <p>
-    The API object provides access obtain <a>Thing</a>s by discovery or creation. A <a>Thing</a> is represented either as a <a>ConsumedThing</a> or <a>ExposedThing</a>.
+    The API object represents an implementation of the <a>WoT Runtime</a> and provides functionality to obtain <a>Thing</a>s by discovery or creation.
   </p>
   <p>
     The <dfn>WoT object</dfn> exposes only functions and has no internal state.
   </p>
-  <p class="issue">
-     Because of this, implementations MAY use a global object, or provide a constructor, or provide the API object, or by other means (e.g. by `require()`). Since the common denominator across various <a>Runtime</a> types would be to use a constructor, this would be recommended. As a consequence, the <a>ConsumedThing</a> and <a>ExposedThing</a> objects could also be constructed, complete with an asynchronous fetch functionality.
-  </p>
   <p class="note">
-    The WebIDL interfaces presented in this initial version of the document are based on the [[!WOT-PRACTICES]]. It is expected to be updated soon.
+     Browser implementations SHOULD use a namespace object such as `wot`, and [Node.js](https://nodejs.org/en/)-like runtimes MAY provide the API object through the [`require()`](https://nodejs.org/api/modules.html) mechanism.
   </p>
   <pre class="idl">
+    // [SecureContext]
+    // [NamespaceObject]
     interface WoT {
-      Promise&lt;void&gt; discover(ThingFilter filter, ThingDiscoveryCallback onfound);
+      Observable&lt;ConsumedThing&gt; discover(optional ThingFilter filter);
 
-      Promise&lt;ConsumedThing&gt; retrieve((USVString or Dictionary) thingReference);
+      Promise&lt;ConsumedThing&gt; retrieve(USVString url);
 
       Promise&lt;ExposedThing&gt; createThing(ThingInit init);
     };
 
-    dictionary ThingInit {
+    dictionary ThingDescription {
+      USVString url;
+    };
+
+    dictionary ThingInit: ThingDescription {
+      DOMString name;
+      USVString url;
+    };
+
+    dictionary ThingFilter: ThingDescription {
+      boolean local;
       DOMString name;
       USVString url;
-      object description;
     };
 
-    callback ThingDiscoveryCallback = void (ConsumedThing thing);
   </pre>
+
+  <p>
+    The <code>discover()</code> method returns an [Observable](https://github.com/tc39/proposal-observable) object that can be subscribed and unsubscribed to.
+  </p>
+  <pre class="example">
+    let subscription = wot.discover().subscribe(
+      thing => { console.log("Found Thing " + thing.url); },
+      error => { console.log("Discovery finished because an error: " + error.message); },
+      () => { console.log("Discovery finished successfully");}
+    );
+
+    setTimeout(
+      () => { subscription.unsubscribe(); console.log("Discovery timeout"); },
+      5000);
+  </pre>
+  <p class="note">
+    Note that canceling a discovery (through unsubscribe) may not be successful in all cases, for instance when discovery is based on open ended broadcast requests. However, once `unsubscribe()` has been called,  implementations MUST suppress further event handling ( i.e. further discoveries and errors) on the Observable. Also, a discovery error may not mean the end of the discovery process. However, in order to respect Observable semantics (error always terminates processing), implementations MUST close or suppress further event handling on the Observable.
+  </p>
   </section>
 
   <section> <h2>The Thing Client API</h2>
@@ -484,6 +458,62 @@
   </pre>
   </section>
 
+  <section> <h2 id="security">Security and Privacy</h2>
+  <p>
+    The trust model, attacker model, threat model and possible mitigation
+    proposals for the Wot Scripting API are presented in the WoT Security and Privacy document.
+    This section presents the chosen security and privacy model through normative requirements to implementations.
+  </p>
+
+    <section> <h3>Chain of Trust</h3>
+    <p>
+      Things discoverable and accessible in a WoT network SHOULD be identified and authenticated.
+    </p>
+    <p>
+      The integrity of WoT communication SHOULD be ensured by implementations.
+    </p>
+    </section>
+
+    <section> <h3>Threat Model</h3>
+    <p>
+    The main threats are summarized in the WoT Security and Privacy document.
+    </p>
+    <p>
+      In this specification the following threats are considered of the highest priority:
+      <ul>
+        <li>
+          Unauthorized gathering of user-sensitive information.
+        </li>
+        <li>
+          Vulnerability of the underlying protocols.
+        </li>
+        <li>
+          Protect the integrity of <a>Thing</a>s and <a>Thing Description</a>s.
+        </li>
+      </ul>
+    </p>
+    </section>
+
+    <section> <h3>Security Mechanisms</h3>
+      <section> <h4>Identification, Authentication, Authorization</h4>
+      </section>
+
+      <section> <h4>Transport-level security</h4>
+      </section>
+
+      <section> <h4>Application-level security</h4>
+      </section>
+    </section>
+
+    <section class="informative"> <h3>Security policies</h3>
+      <p>
+        This section summarizes the security policies which are specified as
+        normative requirements in the respective algorithms of this
+        specification.
+      </p>
+    </section>
+  </section>
+
   <section class="appendix" id="Changes"><h2>Changes</h2>
   <p>
     The following is a list of major changes to the document. For a complete list of changes, see the [github change log](https://github.com/w3c/wot-scripting-api/commits/master). You can also view the [recently closed bugs](https://github.com/w3c/wot-scripting-api/issues?page=1&amp;state=closed).
@@ -494,16 +524,15 @@
   <p>
     The following problems are being discussed and need most attention:
     <ul>
-      <li> Issue [1](https://github.com/w3c/wot-scripting-api/issues) </li>
-      <li> Issue [2](ghttps://github.com/w3c/wot-scripting-api/issues) </li>
+      <li> Issue [1](https://github.com/w3c/wot-scripting-api/issues/2) </li>
+      <li> Issue [2](ghttps://github.com/w3c/wot-scripting-api/issues/17) </li>
     </ul>
   </p>
   </section>
 
   <section> <h2>Acknowledgements</h2>
     <p>
-      The editors would like to thank Dave Raggett, Matthias Kovatsch, and Michael Koster for their
-      comments and guidance to this document.
+      The editors would like to thank Dave Raggett, Matthias Kovatsch, and Michael Koster for their comments and guidance to this document.
     </p>
   </section>