diff --git a/packages/assertions/assertions-csv/assertions.csv b/packages/assertions/assertions-csv/assertions.csv index e086d959d..886ec053b 100644 --- a/packages/assertions/assertions-csv/assertions.csv +++ b/packages/assertions/assertions-csv/assertions.csv @@ -1,34 +1,4 @@ "ID","Status","Assertion" -"bindings-requirements-scheme","null","Every form in a WoT Thing Description MUST follow the requirements of the Protocol Binding indicated by the URI scheme [[!RFC3986]] of its href member." -"bindings-server-accept","null","Every form in a WoT Thing Description MUST accurately describe requests (including request headers, if present) accepted by the Thing in an interaction." -"client-data-schema","null","A Consumer when interacting with another target Thing described in a WoT Thing Description MUST generate data organized according to the data schemas given in the corresponding interactions." -"client-data-schema-accept-extras","null","A Consumer when interacting with another Thing MUST accept without error any additional data not described in the data schemas given in the Thing Description of the target Thing." -"client-data-schema-no-extras","null","A Consumer when interacting with another Thing MUST NOT generate data not described in the data schemas given in the Thing Description of that Thing." -"client-uri-template","null","A Consumer when interacting with another Thing MUST generate URIs according to the URI Templates, base URIs, and form href parameters given in the Thing Description of the target Thing." -"privacy-auth-users-only","null","Only authorized users SHOULD be provided access to the Thing Description for a Thing." -"privacy-centralized-ids","null","TD identifiers SHOULD NOT be generated using a centralized authority." -"privacy-distributed-ids","null","TD identifiers SHOULD be generated using a distributed mechanism such as UUIDs that provides a high probability of uniqueness." -"privacy-essential-metadata-only","null","Only the amount of information needed for the level of authorization and the use case SHOULD be provided in a TD." -"privacy-id-metadata","null","The value of the id of a TD SHOULD NOT contain metadata describing the Thing or from the TD itself." -"privacy-mutable-identifiers","null","All identifiers used in a TD SHOULD be mutable, and in particular there SHOULD be a mechanism to update the id of a Thing when necessary." -"privacy-temp-id-metadata","null","Any temporary ID generated to manage TDs, for example an ID for a database or directory service, SHOULD NOT contain metadata describing the Thing or from the TD itself." -"sec-body-name-json-pointer","null","When used in the context of a body security information location, the value of name MUST be in the form of a JSON pointer [[!RFC6901]] relative to the root of the input DataSchema for each interaction it is used with." -"sec-body-name-json-pointer-array","null","The JSON pointer used in the body locator MAY use the ""-"" character to indicate a non-existent array element when it is necessary to insert an element after the last element of an existing array." -"sec-body-name-json-pointer-creatable","null","When an element of a data schema indicated by a JSON pointer indicated in a body locator does not already exist in the indicated schema, it MUST be possible to insert the indicated element at the location indicated by the pointer." -"sec-body-name-json-pointer-type","null","The element referenced (or created) by a body security information location MUST be required and of type ""string""." -"sec-inj-no-intl-markup","null","HTML markup SHOULD NOT be used for internationalization purposes in TD strings." -"sec-security-vocab-auto-in-no-name","null","If a value of auto is set for the in field of a SecurityScheme, then the name field SHOULD NOT be set." -"sec-vuln-auto","null","The auto security scheme MAY be used if vulnerability scanning is a concern." -"security-jsonld-expansion","null","Consumers SHOULD set and enforce limits on memory usage to prevent buffer overflow and resource exhaustion during JSON-LD processing." -"security-mutual-auth-td","null","Thing Descriptions SHOULD be obtained only through mutually authenticated secure channels." -"security-no-execution","null","A WoT Thing Description JSON-LD serialization MUST NOT be passed through a code execution mechanism such as JavaScript's eval() function to be parsed." -"security-oauth-limits","null","To limit the scope and duration of access to Things, tokens SHOULD be used to manage access." -"security-remote-context","null","Constrained implementations SHOULD NOT follow links to remote contexts." -"security-server-auth-td","null","In cases where the Consumer is associated with a person, e.g. browsers, TDs MAY be obtained through a channel where only the TD provider is authenticated." -"security-static-context","null","Constrained implementations SHOULD use vetted versions of their supported context extensions managed statically or as part of a secure update process." -"server-data-schema","null","A WoT Thing Description MUST accurately describe the data returned and accepted by each interaction." -"server-data-schema-extras","null","A Thing MAY return additional data from an interaction even when such data is not described in the data schemas given in its WoT Thing Description." -"server-uri-template","null","URI Templates, base URIs, and href members in a WoT Thing Description MUST accurately describe the WoT Interface of the Thing." "td-action-arrays","null","The value assigned to forms in an instance of ActionAffordance MUST be serialized as a JSON array containing one or more JSON object serializations as defined in ." "td-action-names","null","All name-value pairs of an instance of ActionAffordance, where the name is a Vocabulary Term included in (one of) the Signatures of ActionAffordance or InteractionAffordance, MUST be serialized as members of the JSON object that results from serializing the ActionAffordance instance, with the Vocabulary Term as name." "td-action-names_at-type","null","The vocabulary term @type MUST be serialized as a JSON name within an Action object." @@ -54,8 +24,14 @@ "td-arrays","null","All values assigned to links, and forms in an instance of the Class Thing MUST be serialized as JSON arrays containing JSON objects as defined in and , respectively." "td-arrays_forms","null","The type of the member forms MUST be a JSON array." "td-arrays_links","null","The type of the member links MUST be a JSON array." +"td-bindings-requirements-scheme","null","Every form in a WoT Thing Description MUST follow the requirements of the Protocol Binding indicated by the URI scheme [[!RFC3986]] of its href member." +"td-bindings-server-accept","null","Every form in a WoT Thing Description MUST accurately describe requests (including request headers, if present) accepted by the Thing in an interaction." "td-boolean-type","null","Values that are of type boolean MUST be serialized as JSON boolean." "td-class-type","null","A Class instance MUST be serialized as a JSON object, following the detailed rules given individually in ." +"td-client-data-schema","null","A Consumer when interacting with another target Thing described in a WoT Thing Description MUST generate data organized according to the data schemas given in the corresponding interactions." +"td-client-data-schema-accept-extras","null","A Consumer when interacting with another Thing MUST accept without error any additional data not described in the data schemas given in the Thing Description of the target Thing." +"td-client-data-schema-no-extras","null","A Consumer when interacting with another Thing MUST NOT generate data not described in the data schemas given in the Thing Description of that Thing." +"td-client-uri-template","null","A Consumer when interacting with another Thing MUST generate URIs according to the URI Templates, base URIs, and form href parameters given in the Thing Description of the target Thing." "td-context","null","The root element of a TD Serialization MUST be a JSON object that includes a member with the name @context and a value of type string or array that equals or respectively contains https://www.w3.org/2022/wot/td/v1.1." "td-context-default-language","null","One Map contained in an @context Array SHOULD contain a name-value pair that defines the default language for the Thing Description, where the name is the Term @language and the value is a well-formed language tag as defined by [BCP47] (e.g., en, de-AT, gsw-CH, zh-Hans, zh-Hant-HK, sl-nedis)." "td-context-default-language-direction-independence","null","However, when interpreting human-readable text, each human-readable string value MUST be processed independently." @@ -188,6 +164,13 @@ "td-op-for-event","null","When a Form instance is within an EventAffordance instance, the value assigned to op MUST be either subscribeevent, unsubscribeevent, or both terms within an Array." "td-op-for-property","null","When a Form instance is within a PropertyAffordance instance, the value assigned to op MUST be one of readproperty, writeproperty, observeproperty, unobserveproperty or an Array containing a combination of these terms." "td-op-for-thing","null","When the forms Array of a Thing instance contains Form instances, it MUST contain op member with the string values assigned to the name op, either directly or within an Array, MUST be one of the following operation types: readallproperties, writeallproperties, readmultipleproperties, writemultipleproperties, observeallproperties, unobserveallproperties, queryallactions, subscribeallevents, or unsubscribeallevents." +"td-privacy-auth-users-only","null","Only authorized users SHOULD be provided access to the Thing Description for a Thing." +"td-privacy-centralized-ids","null","TD identifiers SHOULD NOT be generated using a centralized authority." +"td-privacy-distributed-ids","null","TD identifiers SHOULD be generated using a distributed mechanism such as UUIDs that provides a high probability of uniqueness." +"td-privacy-essential-metadata-only","null","Only the amount of information needed for the level of authorization and the use case SHOULD be provided in a TD." +"td-privacy-id-metadata","null","The value of the id of a TD SHOULD NOT contain metadata describing the Thing or from the TD itself." +"td-privacy-mutable-identifiers","null","All identifiers used in a TD SHOULD be mutable, and in particular there SHOULD be a mechanism to update the id of a Thing when necessary." +"td-privacy-temp-id-metadata","null","Any temporary ID generated to manage TDs, for example an ID for a database or directory service, SHOULD NOT contain metadata describing the Thing or from the TD itself." "td-processor","null","A TD Processor MUST satisfy the Class instantiation constraints on all Classes defined in , , , and ." "td-processor-bidi-isolation","null","TD Processors SHOULD take care to use bidi isolation when presenting strings to users, particularly when embedding in surrounding text (e.g., for Web user interface)" "td-processor-serialization","null","A TD Processor MUST be able to serialize Thing Descriptions into the JSON format [[!RFC8259]] and/or deserialize Thing Descriptions from that format, according to the rules noted in and ." @@ -233,21 +216,38 @@ "td-security-bearer-format-extensions_alg","null","Other algorithms for bearer tokens MAY be specified in vocabulary extensions." "td-security-bearer-format-extensions_format","null","Other formats for bearer tokens MAY be specified in vocabulary extensions." "td-security-binding","null","If a Thing requires a specific access mechanism for an interaction, that mechanism MUST be specified in the security configuration of the Thing Description." +"td-security-body-name-json-pointer","null","When used in the context of a body security information location, the value of name MUST be in the form of a JSON pointer [[!RFC6901]] relative to the root of the input DataSchema for each interaction it is used with." +"td-security-body-name-json-pointer-array","null","The JSON pointer used in the body locator MAY use the ""-"" character to indicate a non-existent array element when it is necessary to insert an element after the last element of an existing array." +"td-security-body-name-json-pointer-creatable","null","When an element of a data schema indicated by a JSON pointer indicated in a body locator does not already exist in the indicated schema, it MUST be possible to insert the indicated element at the location indicated by the pointer." +"td-security-body-name-json-pointer-type","null","The element referenced (or created) by a body security information location MUST be required and of type ""string""." "td-security-combo-deprecation","null","However, the use of an array with multiple elements to combine security schemes in a security element is now deprecated, instead a ComboSecurityScheme SHOULD be used." "td-security-combo-exclusive-oneof-or-allof","null","Exactly one of either oneOf or allOf vocabulary terms MUST be included." "td-security-extension","null","Additional security schemes MUST be Subclasses of the Class SecurityScheme." "td-security-in-query-over-uri","null","The value uri SHOULD be specified for the name in in a security scheme only if query is not applicable." "td-security-in-uri-variable","null","The URIs provided in interactions where a security scheme using uri as the value for in MUST be a URI template including the defined variable." +"td-security-inj-no-intl-markup","null","HTML markup SHOULD NOT be used for internationalization purposes in TD strings." +"td-security-jsonld-expansion","null","Consumers SHOULD set and enforce limits on memory usage to prevent buffer overflow and resource exhaustion during JSON-LD processing." "td-security-mandatory","null","At least one security definition MUST be activated through the security member at the Thing level (i.e., in the TD root object)." +"td-security-mutual-auth-td","null","Thing Descriptions SHOULD be obtained only through mutually authenticated secure channels." +"td-security-no-execution","null","A WoT Thing Description JSON-LD serialization MUST NOT be passed through a code execution mechanism such as JavaScript's eval() function to be parsed." "td-security-no-extras","null","If a Thing does not require a specific access mechanism for an interaction, that mechanism MUST NOT be specified in the security configuration of the Thing Description." "td-security-no-secrets","null","For all security schemes, any keys, passwords, or other sensitive information directly providing access MUST NOT be stored in the TD and should instead be shared and stored out-of-band via other mechanisms." +"td-security-oauth-limits","null","To limit the scope and duration of access to Things, tokens SHOULD be used to manage access." "td-security-oauth2-client-flow","null","For the client flow token vocabulary term MUST be included." "td-security-oauth2-client-flow-no-auth","null","For the client flow authorization vocabulary term MUST NOT be included." "td-security-oauth2-code-flow","null","For the code flow both authorization and token vocabulary terms MUST be included." "td-security-overrides","null","Security definitions MAY also be activated at the level of the form elements by including a security member in form objects, which overrides (i.e., completely replace) all definitions activated at the Thing level." +"td-security-remote-context","null","Constrained implementations SHOULD NOT follow links to remote contexts." "td-security-scheme-name","null","The value assigned to the name scheme MUST be defined within a Vocabulary included in the Thing Description, either in the standard Vocabulary defined in § 5. TD Information Model or in a TD Context Extension." "td-security-schemes","null","All name-value pairs of an instance of one of the Subclasses of SecurityScheme, where the name is a Vocabulary Term included in the Signature of that Subclass or in the Signature of SecurityScheme, MUST be serialized as members of the JSON object that results from serializing the SecurityScheme Subclass's instance, with the Vocabulary Term as name." +"td-security-security-vocab-auto-in-no-name","null","If a value of auto is set for the in field of a SecurityScheme, then the name field SHOULD NOT be set." +"td-security-server-auth-td","null","In cases where the Consumer is associated with a person, e.g. browsers, TDs MAY be obtained through a channel where only the TD provider is authenticated." +"td-security-static-context","null","Constrained implementations SHOULD use vetted versions of their supported context extensions managed statically or as part of a secure update process." "td-security-uri-variables-distinct","null","The names of URI variables declared in a SecurityScheme MUST be distinct from all other URI variables declared in the TD." +"td-security-vuln-auto","null","The auto security scheme MAY be used if vulnerability scanning is a concern." +"td-server-data-schema","null","A WoT Thing Description MUST accurately describe the data returned and accepted by each interaction." +"td-server-data-schema-extras","null","A Thing MAY return additional data from an interaction even when such data is not described in the data schemas given in its WoT Thing Description." +"td-server-uri-template","null","URI Templates, base URIs, and href members in a WoT Thing Description MUST accurately describe the WoT Interface of the Thing." "td-string-type","null","Values that are of type string or anyURI MUST be serialized as JSON strings." "td-text-at-direction","null","Given that the Thing Description format is based on JSON-LD 1.1 [[?json-ld11]], @direction with the string values ""ltr"", ""rtl"" and null value null MAY be used inside the @context to indicate the default text direction for the human readable strings in the entire TD document." "td-text-direction-first-strong","null","When metadata such as @direction is not present, TD Consumers SHOULD use first-strong detection as a fallback." @@ -412,13 +412,6 @@ "td-vocab-version--Thing","null","versionProvides version information.optionalVersionInfo" "td-vocab-writeOnly--DataSchema","null","writeOnlyBoolean value that is a hint to indicate whether a property interaction / value is write only (=true) or not (=false).with defaultboolean" "td-vocabulary-defaults","null","When assignments in a TD are missing, a TD Processor MUST follow the Default Value assignments expressed in the table of Default Value Definitions." -"thing-model-td-generation-processor-extends","null","If used, links element entry with ""rel"":""tm:extends"" MUST be removed from the current Partial TD" -"thing-model-td-generation-processor-forms","null","Missing communication and/or security metadata details MUST be completed in the Thing Description instance based on Section and/or ." -"thing-model-td-generation-processor-imports","null","Copy all definitions from the input Thing Model to the resulting Partial TD instance. If used, the extension and imports feature MUST be resolved and represented in the Partial TD instance according to ." -"thing-model-td-generation-processor-optional","null","All optional interactions (listed in tm:optional) MAY be taken over to the Partial TD instance." -"thing-model-td-generation-processor-placeholder","null","If used, all placeholders (see Section ) in the Thing Model MUST be replaced with a valid corresponding value in the Partial TD." -"thing-model-td-generation-processor-required","null","All required interactions (not listed in tm:optional) MUST be taken over to the Partial TD instance." -"thing-model-td-generation-processor-type","null","The tm:ThingModel value of the top-level @type MUST be removed in the Partial TD instance." "tm-compose-instanceName","null","Optionally an instanceName MAY be provided to associate an individual name to the composed (sub-) Thing Model." "tm-compose-name-collision","null","Thereby the generation process MUST avoid possible name collisions." "tm-compose-submodel","null","If it is desired to provide information that a Thing Model consists of one or more (sub-)Thing Models, the links entries MUST use the ""rel"": ""tm:submodel"" that targets to the (sub-) Thing Models." @@ -437,6 +430,13 @@ "tm-ref-recursive-extensions","null","Recursive extensions leading to an infinite loop MUST NOT be defined." "tm-rel-type-maximum","null","The links array MUST use the entry with ""rel"": ""type"" a maximum of once." "tm-td-generation-inconsistencies","null","A Thing Model MUST be defined in such a way that there are no inconsistencies that would result in a Thing Description not being able to meet the requirements as described in Section and ." +"tm-td-generation-processor-extends","null","If used, links element entry with ""rel"":""tm:extends"" MUST be removed from the current Partial TD" +"tm-td-generation-processor-forms","null","Missing communication and/or security metadata details MUST be completed in the Thing Description instance based on Section and/or ." +"tm-td-generation-processor-imports","null","Copy all definitions from the input Thing Model to the resulting Partial TD instance. If used, the extension and imports feature MUST be resolved and represented in the Partial TD instance according to ." +"tm-td-generation-processor-optional","null","All optional interactions (listed in tm:optional) MAY be taken over to the Partial TD instance." +"tm-td-generation-processor-placeholder","null","If used, all placeholders (see Section ) in the Thing Model MUST be replaced with a valid corresponding value in the Partial TD." +"tm-td-generation-processor-required","null","All required interactions (not listed in tm:optional) MUST be taken over to the Partial TD instance." +"tm-td-generation-processor-type","null","The tm:ThingModel value of the top-level @type MUST be removed in the Partial TD instance." "tm-tmOptional","null","If interaction models are not mandatory to be implemented in a Thing Description instance, Thing Model definitions MUST use the JSON member name tm:optional." "tm-tmOptional-JSONPointer","null","The value of tm:optional MUST provide JSON Pointer [[RFC6901]] references to the required interaction model definitions." "tm-tmOptional-array","null","tm:optional MUST be a JSON array at the top level." @@ -449,4 +449,4 @@ "tm-tmRef2","null","Every time tm:ref is used, the referenced pre-definition and its dependencies (e.g., by context extension) MUST be assumed at the new defined definition." "tm-versioning-1","null","When the Thing Model definitions change over time, this SHOULD be reflected in the version container." "tm-versioning-2","null","Due to the definition of Thing Model the term instance MUST be omitted within the version container." -"well-known-operation-types-only","null","operations types MUST be restricted to the values in the table below." +"well-known-operation-types-only","null","operations types MUST be restricted to the values in the table below." \ No newline at end of file