W3C home > Mailing lists > Public > public-wot-ig@w3.org > October 2017

[wot-security] minutes - 25 September 2017

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 2 Oct 2017 16:52:26 +0900
Message-ID: <CAJ8iq9Vo48dFYkYzsMFnYsy6H-C_=qPpeo6_srDOzFr186w7pw@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
  https://www.w3.org/2017/09/25-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Michael Koster!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

25 Sep 2017

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

   See also: [3]IRC log

      [3] http://www.w3.org/2017/09/25-wot-sec-irc

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Uday_Davuluru, Zoltan_Kis, Michael_Koster,
          Tomoaki_Mizushima, Soumya_Kanti_Datta

   Regrets
   Chair
          McCool

   Scribe
          mjkoster

Contents

     * [4]Topics
         1. [5]WoT Security and Privacy Considerations - document
            status and issue review
         2. [6]workshop proposal for NDSS
     * [7]Summary of Action Items
     * [8]Summary of Resolutions
     __________________________________________________________

   <kaz> scribenick: mjkoster

WoT Security and Privacy Considerations - document status and issue
review

   mccool: document progress update
   ... outstanding PR
   ... created an action for mccool
   ... review the changes in the PR

   <kaz> [9]Issues

  https://github.com/w3c/wot-security/issues

   * [10]Issue on "Current practices alignment"

    https://github.com/w3c/wot-security/issues/13

   * [11]Issue on "Table formatting and definition highlighting"

    https://github.com/w3c/wot-security/issues/16

   * [12]Issue on "Abstract"

    https://github.com/w3c/wot-security/issues/17

   * [13]Issue on "Existing best practices"

     [13] https://github.com/w3c/wot-security/issues/18

   <kaz> [14]Pull Requests

     [14] https://github.com/w3c/wot-security/pulls

   mccool: ( elena's branch)

   elena: recommended practices section
   ... example security configuration section

   mccool: need to add content for specific security practices
   e.g. scripting API

   <kaz> [15]Elena's updates

     [15] https://rawgit.com/ereshetova/wot-security/working/index.html

   <kaz> [16]McCool's Working branch

     [16] https://rawgit.com/w3c/wot-security/working/index.html

   <kaz> mccool: would propose we merge Elena's changes to the
   above Working branch

   mccool: merging elena's PR into the working branch now (no
   objections)

   <kaz> [17]PR 12 has been merged

     [17] https://github.com/w3c/wot-security/pull/12

   <kaz>
   [18]https://rawgit.com/w3c/wot-security/working/index.html is
   updated now

     [18] https://rawgit.com/w3c/wot-security/working/index.html

   elena: will work on examples (section 5) next

   mccool: created issue for tracking additions to the examples
   section

   [19]Issue on "Examples of security configurations"

     [19] https://github.com/w3c/wot-security/issues/19

   mccool: need to add vocabulary definitions
   ... created issue to track additions to the scenarios section
   "business/corporate"

   [20]Issue on "Business/corporate scenarios"

     [20] https://github.com/w3c/wot-security/issues/20

   mccool: added issue to track additions to
   "industrial/commercial" scenarios

   [21]Issue on "Industrial/critical scenarios"

     [21] https://github.com/w3c/wot-security/issues/21

   mccool: added issue to track scripting API additions

   [22]Issue on "Scripting API"

     [22] https://github.com/w3c/wot-security/issues/22

   mccool: issue to track "validation "

   [23]Issue on "Security validation"

     [23] https://github.com/w3c/wot-security/issues/23

   mccool: discuss whether security provisioning is in scope

   [24]Issue on "Provisioning"

     [24] https://github.com/w3c/wot-security/issues/15

   elena: we need to make a defined set of assumptions about what
   is done
   ... but can't specify how it's done

   mccool: OK
   ... please add comments to the issue
   ... review the discussion on exposed vs. discoverable things
   ... are they separate ?

   [25]Issue on "Discovery/Expose"

     [25] https://github.com/w3c/wot-security/issues/14

   <kaz> [26]discussion during the Scripting call (Member-only)

     [26] https://www.w3.org/2017/09/25-wot-minutes.html

   elena: what is the specific difference?

   mccool: different kinds of discovery?

   mjkoster: expose means interaction is available, discoverable
   means TD is available

   elena: when would a thing be exposed but not discoverable?

   mccool: enumerantes types of discovery
   ... 4 ways to find a thing
   ... may already have a TD or know how to make a URL to get the
   TD
   ... or maybe there is a scan function

   mjkoster: consider the difference in security model between TD
   and the Interactions

   elena: how can we define the exact difference between TD and
   interaction?

   mccool: there are different calls in the scripting API

   elena: how does the system get into a state where the
   interactions are exposed but not discoverable?

   mccool: things can't be discoverable but not exposed

   mjkoster: it's about different layers of security for exposure
   vs. discoverability

   elena: OK, that is allowed for in the model
   ... if the proper access control is provided e.g. on actions,
   then what else do we need to do?

   mccool: OK, please continue the discussion in comments and
   issues
   ... we need to align the current practices with security
   mechanisms for the plugfest
   ... suggest we look at protocol binding priorities

   elena: we should build the scenarios and examples based on
   concrete protocols

   mccool: the statement about wot security includes statements
   about target protocols
   ... if we can cover security through a good comprehensive set
   of bindings
   ... created an issue for tracking

workshop proposal for NDSS

   mccool: good response so far
   ... most accepted
   ... update on IEEE S&P progress
   ... AOB?

   elena: on holiday next week
   ... will queue up some material on PR and issues

   mccool: would zkis start discussion on the scripting section?

   zkis: OK

   mccool: adjourn

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [27]scribe.perl version
    1.152 ([28]CVS log)
    $Date: 2017/09/26 04:04:07 $

     [27] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [28] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 2 October 2017 07:53:34 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 October 2017 07:53:35 UTC