AW: draft WG charter for review from Pfaff, Oliver on 2015-08-06 (public-wot-ig@w3.org from August 2015)

From: Pfaff, Oliver <oliver.pfaff@siemens.com>
Date: Thu, 6 Aug 2015 06:53:33 +0000
To: "james.lynn@hp.com" <james.lynn@hp.com>, "dsr@w3.org" <dsr@w3.org>, "public-wot-ig@w3.org" <public-wot-ig@w3.org>
Message-ID: <B842481327FC5344B501EC1921E8538E01357DE3@DEFTHW99EL2MSX.ww902.siemens.net>

My understanding is following:

i.                     The IG effort may spawn-off 1..n WGs

ii.                   Each WG needs to have a concrete, narrow specification/standardization objective



We cannot yet suggest such concrete, narrow SP item <SP-X> for a WG to work on (precisely: we could suggest random picks but we cannot yet suggest <SP-X> and claim that spending efforts on <SP-X> is a good idea with probability >0.8). I suppose that good <SP-X> work items do exist but [IG-SP] needs more time to sort things out.



So I’m okay by saying that the currently proposed WG is not chartered to deliver any SP mechanism <SP-X>. However the items <X>(…<Z>) which the WG will elaborate are likely to have certain security and privacy concerns. So there should be “Security consideration” subsections which considers SP matters for the items <X>…<Z> in order to give guidance to implementers/users



Assume <X> to be “things discovery” (random pick, just for illustration) then an emerging “things discovery” standard should – in my opinion – contain a section which for instance says that offering “things discovery” features at public endpoints is critical esp. when these endpoints have wide-area connectivity and authorization of “things discovery” operations should be considered (plus some elaboration on what is to be considered when doing this trick but without elaborating an actual “things discovery authorization” mechanism – that might be a task of another WG effort if that turns out to be a worthwhile work item)



Kind regards,

Oliver



Von: Lynn, James (Fortify on Demand) [mailto:james.lynn@hp.com]
Gesendet: Mittwoch, 5. August 2015 22:28
An: Dave Raggett; Public Web of Things IG
Betreff: RE: draft WG charter for review



Dave,



I do not think we should declare all security (or privacy) issues out of scope for the WG. As you noted in the draft, there is some uncertainty at the W3C level as to what should be done, but I do believe we can at least identify key areas of concern and known risks in deploying WoT solutions. So while we may not be able to specify recommendations for authorization and authentication mechanisms, we could, for example, we could point out that sufficient mechanisms should be in place. In such cases this may only entail a reference to some other W3C WG deliverable. I especially think we should focus on identifying security and privacy issues/concerns that are not typically treated in typical Web solutions.



I assume Oliver will have already formed an opinion on this as well.



Jim Lynn

Hewlett Packard Enterprise



From: Dave Raggett [mailto:dsr@w3.org]
Sent: Wednesday, August 05, 2015 2:33 PM
To: Public Web of Things IG
Subject: draft WG charter for review



Following the discussion in Sunnyvale, I have created a first draft for the charter for the proposed web of things framework working group and invite your comments, either as pull requests or email to this list with the prefix [WG Charter]



  https://github.com/w3c/wot/blob/master/WG/charter.md



In particular, the current draft excludes work on encodings and APIs, but cites a dependency on the EXI WG. I have included an initial list of other relevant W3C groups and groups outside of W3C.



When considering additional work items, please think about whether they would be a good for this working group or better suited to another working group.



—

   Dave Raggett <dsr@w3.org<mailto:dsr@w3.org>>

Received on Thursday, 6 August 2015 06:54:02 UTC