[wot-security] minutes - 2 October 2017 from Kazuyuki Ashimura on 2017-10-09 (public-wot-ig@w3.org from October 2017)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 9 Oct 2017 22:57:17 +0900
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
Message-ID: <CAJ8iq9USwwKzvrqOWLo8k-sN=N0XK9oXv4kMfnA34PkqW86n_A@mail.gmail.com>
Sorry for the delay but the minutes from the Security TF call on
October 2 are available at:
  https://www.w3.org/2017/10/02-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

02 Oct 2017

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

   See also: [3]IRC log

      [3] http://www.w3.org/2017/10/02-wot-sec-irc

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Michael_Koster,
          Zoltan_Kis, Barry_Leiba

   Regrets
   Chair
          McCool

   Scribe
          kaz

Contents

     * [4]Topics
         1. [5]Editors group for wot-security github repo
         2. [6]Agenda
         3. [7]PRs
               o [8]PR 26
               o [9]PR 27
               o [10]PR 24 & 33
               o [11]PR 31
               o [12]PR 30
         4. [13]Issues
         5. [14]Workshop update
     * [15]Summary of Action Items
     * [16]Summary of Resolutions
     __________________________________________________________

   <scribe> scribenick: kaz

Editors group for wot-security github repo

   kaz: added Barry to the Editors Team

   mccool: wondering about the permission for github
   ... people from the TF should be able to create issues

Agenda

   <scribe> Agenda:
   [17]https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

     [17] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

   mccool: document status and issues/PRs
   ... workshop update

PRs

   [18]PRs

     [18] https://github.com/w3c/wot-security/pulls

   mccool: get through and try to close them
   ... starting with PR 26

PR 26

   [19]PR 26

     [19] https://github.com/w3c/wot-security/pull/26

   mccool: Clean up abstract - related to issue 17

   [20]Issue 17

     [20] https://github.com/w3c/wot-security/issue/17

   mccool: document here

   [21]working branch

     [21] https://rawgit.com/w3c/wot-security/working/index.html

   mccool: any objections to merge it (=PR 26)?

   (none)

   mccool: will merge PR 26 then

PR 27

   <McCool> [22]https://github.com/w3c/wot-security/pull/27

     [22] https://github.com/w3c/wot-security/pull/27

   mccool: next thing is
   ... threat model
   ... did some CSS hacking for the table
   ... definition of terms
   ... left column is definition
   ... tried to avoid invisible text
   ... solution user data/solution provider data
   ... created new definition
   ... Malicious Developer-1/Malicious Developer-2 as well
   ... put Figure 1
   ... possibly a few things wrong there, though
   ... bunch of Editor's Notes
   ... iterate update and generate concrete text based on the
   Editor's Notes
   ... need clarifications for some of the terms
   ... not just tables but cleaned up bunch of stuff
   ... ok to merge the updates?

   (no objections)

   mccool: will merge PR 27 then
   ... going back to issue 16

   <McCool> resolves issue #16

   <McCool> [23]https://github.com/w3c/wot-security/issues/16

     [23] https://github.com/w3c/wot-security/issues/16

   mccool: this issue itself is just for table formatting
   ... so created another issue 28
   ... Elena is editing, so want to avoid inconsistency
   ... would just close issue 16

   [24]https://github.com/w3c/wot-security/issues/16 closed now

     [24] https://github.com/w3c/wot-security/issues/16

   mccool: and issue 17

   [25]https://github.com/w3c/wot-security/issues/17 now closed

     [25] https://github.com/w3c/wot-security/issues/17

PR 24 & 33

   [26]PR 24

     [26] https://github.com/w3c/wot-security/pull/24

   mccool: there are bunch of MD files
   ... basically removed them and added hyperlinks
   ... house keeping things
   ... OK to merge PR 24?

   (no objections)

   [27]https://github.com/w3c/wot-security/pull/24 now closed

     [27] https://github.com/w3c/wot-security/pull/24

   mccool: will create a new PR

   [28]https://github.com/w3c/wot-security/pull/33 merged

     [28] https://github.com/w3c/wot-security/pull/33

   mccool: now we have a table for the threat model
   ... in the spec draft HTML
   ... there are 2 things from Elena

PR 31

   [29]PR 31

     [29] https://github.com/w3c/wot-security/pull/31

   mccool: stuff under section 5.1

   [30]https://rawgit.com/ereshetova/wot-security/working/index.ht
   ml#basic-interaction-between-wot-thing-and-wot-client

     [30] https://rawgit.com/ereshetova/wot-security/working/index.html#basic-interaction-between-wot-thing-and-wot-client

   mccool: RFC draft should be updated with the latest one

   [31]changes

     [31] https://github.com/w3c/wot-security/pull/31/files/15a5bacf6813ae4db2c7475bc05b6b522d41b5b9

   mccool: will accept this
   ... merge and keep it open

   [32]https://github.com/w3c/wot-security/pull/31 now merged (but
   kept as open)

     [32] https://github.com/w3c/wot-security/pull/31

PR 30

   mccool: next one

   [33]PR 30

     [33] https://github.com/w3c/wot-security/pull/30

   mccool: show it to you briefly
   ... added simple section
   ... list of suitable references
   ... still need some more work
   ... AOB?

   <McCool> suggest people also look at this:
   [34]https://tools.ietf.org/html/draft-irtf-t2trg-iot-seccons-07

     [34] https://tools.ietf.org/html/draft-irtf-t2trg-iot-seccons-07

   mccool: would suggest people look at this

   <McCool> I will likely be citing this for "best practices"

   <McCool> under review right now...

   mccool: would contact the authors
   ... T2TRG

Issues

   mccool: created a few more issues

   [35]Issue 18 still pending

     [35] https://github.com/w3c/wot-security/issues/18

   mccool: we discussed 19, 20, 21 and need more discussion
   ... 25 is done

   [36]https://github.com/w3c/wot-security/issues/25 now closed

     [36] https://github.com/w3c/wot-security/issues/25

   mccool: Issue 32 on Cite WoT Architecture Doc in Intro
   ... will do
   ... most of the issues are house keeping ones
   ... go ahead and create new issues if you are aware of
   substantial problems
   ... my actions for the next week is...

   <McCool> My actions for next week: work on issue #18, #29, #32,
   #28

   <McCool> at least

   [37]https://github.com/w3c/wot-security/issues/18

     [37] https://github.com/w3c/wot-security/issues/18

   [38]https://github.com/w3c/wot-security/issues/29

     [38] https://github.com/w3c/wot-security/issues/29

   [39]https://github.com/w3c/wot-security/issues/32

     [39] https://github.com/w3c/wot-security/issues/32

   [40]https://github.com/w3c/wot-security/issues/28

     [40] https://github.com/w3c/wot-security/issues/28

   mccool: need to fill in blank fields
   ... anything else for today?

   (none)

Workshop update

   mccool: not got response yet for IEEE workshop

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [41]scribe.perl version
    1.152 ([42]CVS log)
    $Date: 2017/10/02 18:02:16 $

     [41] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [42] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 9 October 2017 13:58:26 UTC