- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 26 Sep 2017 11:33:46 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2017/09/18-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT IG - Security
18 Sep 2017
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
See also: [3]IRC log
[3] http://www.w3.org/2017/09/18-wot-sec-irc
Attendees
Present
Kaz_Ashimura, Elena_Reshetova, Michael_McCool,
Zoltan_Kis, Barry_Leiba
Regrets
Chair
McCool
Scribe
kaz
Contents
* [4]Topics
1. [5]Agenda
2. [6]Workshop update
3. [7]PR
4. [8]Previous minutes
5. [9]Security draft
* [10]Summary of Action Items
* [11]Summary of Resolutions
__________________________________________________________
<scribe> scribenick: kaz
[12]prev minutes
[12] https://www.w3.org/2017/09/11-wot-sec-minutes.html
elena: wondering about the workshop thing
mccool: IEEE S&P
... will discuss
Agenda
WoT Security and Privacy Considerations
Document status and issue review
Security sections in other documents
Document status and issue review
IoT Conference workshop update
NDSS proposal accepted
IEEE S&P deadline: Sept 20
Other work items
]]
mccool: workshop first
Workshop update
mccool: NDSS proposal
... submitted one and accepted
... Decentralized IoT Security and Standards
... submitted in parallel
... had a meeting
... to merge the two proposals
... fundamental issue for WoT is interoperability
... security for multiple interoperable implementations
... added a couple of topics
... 3 points
... Carsten, co-Chair
... similar proposal on TLS
... not our primary objective
... not optimal but still worth presenting our paper
... get discussion there
... could get people interested there
... networking purposes
... question is if we would like to submit a proposal for IEEE
S&P as well
... deadline Sep. 20
... can tune it up
... but should I?
barry: think we should
... target which help our work
mccool: right
... but some concern
... keep it different from NDSS
... any other comments?
... can submit a proposal asis
... more security people anyhow
... any suggestions?
... will circulate the proposal
... need to wrap up the proposal within 48h
... you can edit the proposal on Google doc
... let me know about your Google account
... will send invitation to you
mccool: so we'll do this
PR
[13]Elena's PR
[13] https://github.com/w3c/wot-security/pull/8
elena: goes through it
... had discussion with Matthias the other day
... adding pictures
mccool: rendered version?
[14]https://rawgit.com/ereshetova/wot-security/working/index.ht
ml
[14] https://rawgit.com/ereshetova/wot-security/working/index.html
kaz: does the above rawgit work fine?
mccool: fine
... contents extracted from the TD draft
... will work on the pull request
... one document for security
... summary within TD, etc.
elena: when to have more concrete content?
mccool: Thing Description management
... threat model should go here (Recommended Security
Practices)
... publish this as a Note
... and put the threat model into it
elena: no text under 2.3 yet
... 2.3 Determining a suitable security architecture
mccool: we should put the material here inline
... need TODOs as Editor's Note
elena: this is a working branch, not the main branch
mccool: pull request on the working branch
... will add a tag
... (adds a tag, "TDmaterial" to the working branch content)
... (also a branch, "TDmaterial")
... (merges the pull request 8 and add a comment to the pull
request)
... OK, but we probably want to pull back in the TD material,
so I branched as TDmaterial"
... any procedure to add Elena as an Editor?
zoltan: you can create a pull request for that?
mccool: ok
... will create a pull request then
... we can update the link for the threat model
elena: can we keep the threat model content a separate file?
mccool: there is a trade-off
... also should think about the references
... some of the references should go into the draft
[15]references
[15] https://github.com/w3c/wot-security/blob/master/wot-security-references.md
mccool: will create a pull request to put the thread model
inline
... note that I'm working on the master branch and the working
branch
... on the working branch, will put the contents from the MD
files into the index.html file
... let's see an example of the TD repo
... or the architecture
[16]Arechitecture draft on GitHub
[16] https://w3c.github.io/wot-architecture/
mccool: we have summary in the main docs
... remove the Editor's note and put text that we're working on
a separate security doc
Previous minutes
mccool: let's go back to the prev minutes
[17]prev minutes
[17] https://www.w3.org/2017/09/11-wot-sec-minutes.html
mccool: CSS file for a WG Note
kaz: we can put "WG-NOTE" instead of WD/ED for respec
... but we can keep "Editor's Draft" for the index.html on
GitHub
... and I can change the CSS to "WG-NOTE" when we publish the
draft as a WG Note
[18]example of WG Note
[18] https://www.w3.org/TR/EARL10-Schema/
mccool: will also see that
... can we accept the minutes?
(no objections)
mccool: ok
Security draft
mccool: Abstract is missing
... Elena, do you want to put a stab?
... it's the first thing people will read
... we should submit pull requests for the structure and the
individual sections
... each section can have one pull request
... will do mechanical edit to include MD file content
... and Elena will look into the Abstract
... and then section restructure
... if there is any conflict, we'll sort that out
elena: comments welcome for the structure
mccool: where the best practices come from
[adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [19]scribe.perl version
1.152 ([20]CVS log)
$Date: 2017/09/18 13:20:41 $
[19] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[20] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 26 September 2017 02:34:54 UTC