W3C home > Mailing lists > Public > public-wot-ig@w3.org > December 2018

[wot-security] minutes - 26 November 2018

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Thu, 6 Dec 2018 11:17:24 +0900
Message-ID: <CAJ8iq9VdpV-yOrxKBVjpvtpVe7xfOvyMcqo-DJn+Qcz4YBKABA@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
  https://www.w3.org/2018/11/26-wot-sec-minutes.html

also as text below.

Thanks a lot for helping the scribe role, Michael McCool!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

26 Nov 2018

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima

   Regrets

   Chair
          McCool

   Scribe
          kaz, McCool

Contents

     * [2]Topics
         1. [3]Prev minutes
         2. [4]Publication status
         3. [5]Testing criteria
         4. [6]Security issues
         5. [7]TestFest doodle?
     * [8]Summary of Action Items
     * [9]Summary of Resolutions
     __________________________________________________________

   <inserted> scribenick: kaz

Prev minutes

   <McCool> [10]https://www.w3.org/2018/11/19-wot-sec-minutes.html

     [10] https://www.w3.org/2018/11/19-wot-sec-minutes.html

   McCool: skip it and will review the previous minutes next week

Publication status

   Kaz: will handle it right after the scripting api
   ... hopefully this week

Testing criteria

   <McCool>
   [11]https://github.com/w3c/wot/blob/master/testing/criteria.md

     [11] https://github.com/w3c/wot/blob/master/testing/criteria.md

   <McCool> Note point 4 under "charter requirements"

   <McCool> (Under "Other Deliverables") WoT Test Cases: This
   document is part of the W3C CR process test suite and defines
   test cases corresponding to technical issues addressed by the
   WG. They also help to evaluate the interoperability among the
   test suite implementations as well as external implementations,
   e.g., open source projects.

   McCool: the WG Charter mentions the above

   <McCool> and point 1

   <McCool> In order to enhance the security of WoT systems, we
   will also generate and implement a security testing plan which
   will include both functional and adversarial testing of the
   proposed standards and their implementations. We will only
   recommend an implementation of the proposed standards for use
   in production once it has passed such testing.

   <inserted> scribenick: McCool

   McCool: functional security testing will be included in normal
   testing of other assertions
   ... but we need adversarial testing plan
   ... do we want a separate document for security testing?

   Kaz: separate document for security testing would be better

   [12]https://github.com/w3c/wot-security/issues/122

     [12] https://github.com/w3c/wot-security/issues/122

Security issues

   scribenick: kaz

   <kaz> [13]wot-security issues

     [13] https://github.com/w3c/wot-security/issues

   <kaz> [14]issue 61

     [14] https://github.com/w3c/wot-security/issues/61

   McCool: added a comment to check with Wendy

   <kaz> [15]issue 50

     [15] https://github.com/w3c/wot-security/issues/50

   McCool: closed

   <kaz> [16]issue 23

     [16] https://github.com/w3c/wot-security/issues/23

   McCool: added a comment
   ... could be where we satisfy the need for a security testing
   plan

   scribenick: McCool

   McCool: in particular, perhaps the right place for the
   "security testing plan" (to satisfy the charter) is in a
   validation section of the security and privacy considerations
   document

   scribenick: kaz

   McCool: need to talk with Elena about 21 and 20

TestFest doodle?

   McCool: maybe we could replace all the WoT calls with TestFest

   Kaz: we can include Tuesday again. right?

   McCool: right

   Kaz: shall I create a doodle for that now?

   McCool: maybe we can wait until Wednesday and ask people

   Kaz: ok

   McCool: we could have a specific version of TD as the basis of
   the tests in December
   ... but the final version to be generated by the end of Jan

   [adjourned]

Summary of Action Items

   See [17]the Action wiki.

     [17] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [18]scribe.perl version 1.154 ([19]CVS log)
    $Date: 2018/11/26 22:48:54 $

     [18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [19] http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 6 December 2018 02:18:27 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 6 December 2018 02:18:27 UTC