W3C home > Mailing lists > Public > public-wot-ig@w3.org > September 2017

[wot-security] minutes - 18 September 2017

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 26 Sep 2017 11:33:46 +0900
Message-ID: <CAJ8iq9VNsf8nuu8EysKwFU4mdQ-Z2WUrwTB8PWa=q31STSKu=A@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
  https://www.w3.org/2017/09/18-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

18 Sep 2017

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

   See also: [3]IRC log

      [3] http://www.w3.org/2017/09/18-wot-sec-irc

Attendees

   Present
          Kaz_Ashimura, Elena_Reshetova, Michael_McCool,
          Zoltan_Kis, Barry_Leiba

   Regrets
   Chair
          McCool

   Scribe
          kaz

Contents

     * [4]Topics
         1. [5]Agenda
         2. [6]Workshop update
         3. [7]PR
         4. [8]Previous minutes
         5. [9]Security draft
     * [10]Summary of Action Items
     * [11]Summary of Resolutions
     __________________________________________________________

   <scribe> scribenick: kaz

   [12]prev minutes

     [12] https://www.w3.org/2017/09/11-wot-sec-minutes.html

   elena: wondering about the workshop thing

   mccool: IEEE S&P
   ... will discuss

Agenda



   WoT Security and Privacy Considerations

   Document status and issue review

   Security sections in other documents

   Document status and issue review

   IoT Conference workshop update

   NDSS proposal accepted

   IEEE S&P deadline: Sept 20

   Other work items

   ]]

   mccool: workshop first

Workshop update

   mccool: NDSS proposal
   ... submitted one and accepted
   ... Decentralized IoT Security and Standards
   ... submitted in parallel
   ... had a meeting
   ... to merge the two proposals
   ... fundamental issue for WoT is interoperability
   ... security for multiple interoperable implementations
   ... added a couple of topics
   ... 3 points
   ... Carsten, co-Chair
   ... similar proposal on TLS
   ... not our primary objective
   ... not optimal but still worth presenting our paper
   ... get discussion there
   ... could get people interested there
   ... networking purposes
   ... question is if we would like to submit a proposal for IEEE
   S&P as well
   ... deadline Sep. 20
   ... can tune it up
   ... but should I?

   barry: think we should
   ... target which help our work

   mccool: right
   ... but some concern
   ... keep it different from NDSS
   ... any other comments?
   ... can submit a proposal asis
   ... more security people anyhow
   ... any suggestions?
   ... will circulate the proposal
   ... need to wrap up the proposal within 48h
   ... you can edit the proposal on Google doc
   ... let me know about your Google account
   ... will send invitation to you

   mccool: so we'll do this

PR

   [13]Elena's PR

     [13] https://github.com/w3c/wot-security/pull/8

   elena: goes through it
   ... had discussion with Matthias the other day
   ... adding pictures

   mccool: rendered version?

   [14]https://rawgit.com/ereshetova/wot-security/working/index.ht
   ml

     [14] https://rawgit.com/ereshetova/wot-security/working/index.html

   kaz: does the above rawgit work fine?

   mccool: fine
   ... contents extracted from the TD draft
   ... will work on the pull request
   ... one document for security
   ... summary within TD, etc.

   elena: when to have more concrete content?

   mccool: Thing Description management
   ... threat model should go here (Recommended Security
   Practices)
   ... publish this as a Note
   ... and put the threat model into it

   elena: no text under 2.3 yet
   ... 2.3 Determining a suitable security architecture

   mccool: we should put the material here inline
   ... need TODOs as Editor's Note

   elena: this is a working branch, not the main branch

   mccool: pull request on the working branch
   ... will add a tag
   ... (adds a tag, "TDmaterial" to the working branch content)
   ... (also a branch, "TDmaterial")
   ... (merges the pull request 8 and add a comment to the pull
   request)
   ... OK, but we probably want to pull back in the TD material,
   so I branched as TDmaterial"
   ... any procedure to add Elena as an Editor?

   zoltan: you can create a pull request for that?

   mccool: ok
   ... will create a pull request then
   ... we can update the link for the threat model

   elena: can we keep the threat model content a separate file?

   mccool: there is a trade-off
   ... also should think about the references
   ... some of the references should go into the draft

   [15]references

     [15] https://github.com/w3c/wot-security/blob/master/wot-security-references.md

   mccool: will create a pull request to put the thread model
   inline
   ... note that I'm working on the master branch and the working
   branch
   ... on the working branch, will put the contents from the MD
   files into the index.html file
   ... let's see an example of the TD repo
   ... or the architecture

   [16]Arechitecture draft on GitHub

     [16] https://w3c.github.io/wot-architecture/

   mccool: we have summary in the main docs
   ... remove the Editor's note and put text that we're working on
   a separate security doc

Previous minutes

   mccool: let's go back to the prev minutes

   [17]prev minutes

     [17] https://www.w3.org/2017/09/11-wot-sec-minutes.html

   mccool: CSS file for a WG Note

   kaz: we can put "WG-NOTE" instead of WD/ED for respec
   ... but we can keep "Editor's Draft" for the index.html on
   GitHub
   ... and I can change the CSS to "WG-NOTE" when we publish the
   draft as a WG Note

   [18]example of WG Note

     [18] https://www.w3.org/TR/EARL10-Schema/

   mccool: will also see that
   ... can we accept the minutes?

   (no objections)

   mccool: ok

Security draft

   mccool: Abstract is missing
   ... Elena, do you want to put a stab?
   ... it's the first thing people will read
   ... we should submit pull requests for the structure and the
   individual sections
   ... each section can have one pull request
   ... will do mechanical edit to include MD file content
   ... and Elena will look into the Abstract
   ... and then section restructure
   ... if there is any conflict, we'll sort that out

   elena: comments welcome for the structure

   mccool: where the best practices come from

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [19]scribe.perl version
    1.152 ([20]CVS log)
    $Date: 2017/09/18 13:20:41 $

     [19] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [20] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 26 September 2017 02:34:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 26 September 2017 02:34:55 UTC