- From: Mccool, Michael <michael.mccool@intel.com>
- Date: Fri, 25 Aug 2017 03:55:19 +0000
- To: Kazuyuki Ashimura <ashimura@w3.org>, Public Web of Things IG <public-wot-ig@w3.org>, "public-wot-wg@w3.org" <public-wot-wg@w3.org>
Everyone,
As of yesterday, I have completed a pull request for an updated security section in the TD. See
https://github.com/w3c/wot-thing-description/pull/32
As requested, this now includes an HTML diff (and also a PDF rendering).
Mostly this was just formatting cleanup of Elena's contributions. I expect Elena to do another pass on the content... and we will probably also move some of the more general content to the Architecture document, necessitating another PR to the wot-architecture repo.
I also added an entry (well, a PR) for "WoT API" to the terminology under wot-architecture since we use it a lot in the Threat Model.
If you want to discuss the content of these please plan to attend the Security TF meeting on Monday, where I hope we can put/plan the final touches on these PRs, then next Wednesday we can discuss if they are mature enough to include in the FPWD.
Michael McCool
-----Original Message-----
From: Kazuyuki Ashimura [mailto:ashimura@w3.org]
Sent: Friday, August 25, 2017 03:17
To: Public Web of Things IG <public-wot-ig@w3.org>; public-wot-wg@w3.org
Subject: [wot-security] minutes - 23 August 2017
available at:
https://www.w3.org/2017/08/23-wot-sec-minutes.html
also as text below.
Thanks a lot for taking these minutes, Elena!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT IG - Security
23 Aug 2017
See also: [2]IRC log
[2] http://www.w3.org/2017/08/23-wot-sec-irc
Attendees
Present
Kaz_Ashimura, Elena_Reshetova, Michael_Koster,
Soumya_Kanti_Datta, Tomoaki_Mizushima, Zoltan_Kis,
Michael_McCool, Barry_Leiba, Katsuyoshi_Naka
Regrets
Chair
McCool
Scribe
elena
Contents
* [3]Topics
1. [4]Logistics
2. [5]Documents status
3. [6]IEEE Workshop
* [7]Summary of Action Items
* [8]Summary of Resolutions
__________________________________________________________
<kaz> scribenick: elena
Logistics
McCool: agenda, change security task force meeting to Monday
3pm finland time?
no objections, meeting time changed
Documents status
McCool: next agenda item, first draft for overall arch. and TD
document security sections
... next wednesday, Aug. 30, is fist deadline
... monday is a final time for changes, after goes to review
... another item overal direction, general things go to
architecture document, td doc only to have specifics
<zkis> elena: yes, PR was made to mccool's repo with the TD
next we are discussing PR that elena did with changes in TD
security section
pr would be accepted to mccool repo, he would cleanup etc
elena: it would be nice to cross reference to threat model
... when writing security sections in different docs
McCool: insert link to threat model in TD security section
elena: use of secure transport should move to general
architecture doc section
<McCool>
[9]https://github.com/mmccool/wot-architecture/tree/security
[9] https://github.com/mmccool/wot-architecture/tree/security
McCool: what pieces from generic practice document should be
moved to the security architecture or TD sections?
... will do a first pass on generic arch. document security
section, elena will take second pass
<kaz>
[10]https://github.com/w3c/wotwg/pull/5#issuecomment-32374263
[10] https://github.com/w3c/wotwg/pull/5#issuecomment-32374263
kaz: what is procedure from url above?
<kaz>
[11]https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fw3c.git
hub.io%2Fwot-scripting-api%2F&doc2=https%3A%2F%2Fraw.githubuser
content.com%2Fdanielpeintner%2Fwot-scripting-api%2Fmaster%2Find
ex.html htmldiff
[11] https://services.w3.org/htmldiff?doc1=https://w3c.github.io/wot-scripting-api/&doc2=https://raw.githubusercontent.com/danielpeintner/wot-scripting-api/master/index.html
we will do html diff according to above
zkis, could McCool merge the PR above from Zoltan?
<kaz> kaz: Zoltan was proposing a procedure (pullrequest 5) and
everybody is encouraged to use htmldiff
<kaz> [12]https://github.com/w3c/wotwg/pull/5
[12] https://github.com/w3c/wotwg/pull/5
RESOLUTION: will be merged
McCool: access token currently for entire TD and not for
individual entries
elena: this is not good and won't scale in general
McCool: we will need to double check this and discuss further
... minimize application functionality should go to general
architecture
<kaz> [13]pullrequest for wot-thing-description on McCool's
repo
[13] https://github.com/mmccool/wot-thing-description/pull/1
McCool: testing should also be moved into general document
... WoT API needs to be added to terminology list for further
discussion
question: what should be extracted from the WoT Current
Practices document security section?
elena: will take a pass on thinking and moving stuff
<kaz> [14]WoT Best Practices document
[14] http://w3c.github.io/wot/current-practices/wot-practices.html
McCool will create first PR, elena will do a next pass
everyone should read it and say their objections if any or
recommendations
McCool: what are the best available practices and reference to
them?
McCool will update the list of references from set that people
recommended over email
IEEE Workshop
McCool: we need to submit proposal for workshop for S&P IEEE
workshop by 20 of september
anyone wants to volunteer?
<kaz> [15]IEEE workshop page
[15] https://www.ieee-security.org/TC/SP2018/cfworkshops.html
McCool will try to do the first pass on it
others need to review
we should discuss it during next meeting
McCool: will ask around who else wants to participate in
workshop/share costs
... workshop probably is one day and asking people to submit
short papers
kaz: we will need to talk about it during next chairs meeting
another option to consider is NDSS workshop in February
but deadline is august 31st, so very soon
next meeting is next monday
Summary of Action Items
Summary of Resolutions
1. [16]will be merged
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [17]scribe.perl version
1.152 ([18]CVS log)
$Date: 2017/08/24 18:13:22 $
[17] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[18] http://dev.w3.org/cvsweb/2002/scribe/
Received on Friday, 25 August 2017 03:55:51 UTC