W3C home > Mailing lists > Public > public-wot-ig@w3.org > December 2018

[wot-security] minutes - 3 December 2018

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 18 Dec 2018 10:48:07 +0900
Message-ID: <CAJ8iq9VqGuTi+hxSsRNdHm_WWegUevtXSaNrUt7Wu0fhMnq3Mg@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
  https://www.w3.org/2018/12/03-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Zoltan!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

03 Dec 2018

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Tomoaki_Mizushima, Zoltan_Kis, Yosuke_Nakamura

   Regrets

   Chair
          McCool

   Scribe
          zolkis, kaz

Contents

     * [3]Topics
         1. [4]Previous minutes
         2. [5]Publication status
         3. [6]Possible new group notes
         4. [7]PR 63 on wot-architecture
         5. [8]PR 63 for the WoT Architecture
         6. [9]AOB
         7. [10]Remaining issues
     * [11]Summary of Action Items
     * [12]Summary of Resolutions
     __________________________________________________________

Previous minutes

   <kaz> [13]https://www.w3.org/2018/11/19-wot-sec-minutes.html

     [13] https://www.w3.org/2018/11/19-wot-sec-minutes.html

   <kaz> [14]https://www.w3.org/2018/11/26-wot-sec-minutes.html

     [14] https://www.w3.org/2018/11/26-wot-sec-minutes.html

   <zolkis> scribenick zolkis

   McCool: reviewing past minutes
   ... discussing testfest from Dec 10.
   ... security testing should be discussed
   ... any comments on the past minutes?

   past minutes approved

   McCool: discussing past minutes from Nov. 19
   ... approved

publication status

   Kaz: still pending; some checker issues still
   ... but will publish today

   McCool: for each publication we need separate repo?

   Kaz: yes (Echidna policy)
   ... separate documents such as Best practices will need a
   separate repo, not only separate directory
   ... different versions of the same document are in separate
   directories

   McCool: short update on TD implementation report
   ... added security section

   <McCool>
   [15]https://github.com/mmccool/wot-thing-description/tree/updat
   ed-test-results/testing

     [15] https://github.com/mmccool/wot-thing-description/tree/updated-test-results/testing

   <McCool>
   [16]https://github.com/w3c/wot-thing-description/pull/314

     [16] https://github.com/w3c/wot-thing-description/pull/314

Possible new group notes

   McCool: new documents are Security Best Practices and Security
   Test Plan
   ... the question is how to publish them as Notes

   Kaz: group Notes would be nice

   McCool: considering to have them as IG Notes, not WG Notes

   Kaz: not big difference between a WG Note and an IG Note. (the
   question is rather that the current WG Charter mentions the
   security testing instead of the current IG Charter.)

   McCool: if WG charter not renewed, the IG would still host it
   ... would like to maintain the documents for a longer term
   ... other opinions?
   ... we will need separate repositories anyway; we can decide
   later

PR 63 on wot-architecture

   [17]https://github.com/w3c/wot-architecture/pull/63

     [17] https://github.com/w3c/wot-architecture/pull/63

   ER: walking through the PR (is part of the Scripting PR)
   ... someone needs to check it against the terms used in WoT
   Architecture doc

   McCool: added reference to Security doc; perhaps update the
   date

   Zoltan: what about removing the date, it's the latest anyway

   McCool: also check the reference in the other docs: TD and
   Scripting
   ... checking references of Security doc in the other specs

   <kaz> scribenick: kaz

   McCool: will check the TD document and fix it

   Elena: will fix the Scripting API document

   McCool: will fix both the references to the wot-security and
   wot-bestpractices from the TD draft

PR 63 for the WoT Architecture

   [18]PR 63 for WoT Architecture

     [18] https://github.com/w3c/wot-architecture/pull/63

   McCool: will poke Matthias during the Chairs call

   Zoltan: also made some comments

   [19]Zoltan's comments

     [19] https://github.com/w3c/wot-architecture/pull/63#issuecomment-443631676

   McCool: will poke Matthias and Matsukura-san
   ... and Kajimoto-san

   Kaz: Matsukura-san and Kawaguchi-san had started to work on
   this
   ... so they also should add their names to the Editors list

AOB

   Elena: wondering what to do for the next week given there will
   be the TestFest

   McCool: people will have implementations to be tested
   ... testfest for arbitrary testing
   ... we'll gain experience for our actual testfest in January

   Elena: VPN setting would take long...

   McCool: trying to back up my previous setting
   ... can give you access to my repo
   ... would like to improve the setup so that you can use it
   easier
   ... another option might be "node-wot"
   ... you can go to eclipse/thingweb.node-wot/examples/scripts
   ... it's open source and you can copy them
   ... would suggest you use a Linux systm with Python, etc.
   ... we can discuss the setting on Wednesday

   Elena: I have a Linux machine :)

Remaining issues

   McCool: we still have 26 remaining issues...

   [20]WoT Security issues

     [20] https://github.com/w3c/wot-security/issues

   [21]issue 102

     [21] https://github.com/w3c/wot-security/issues/102

   McCool: adds comments
   ... on the idea of publishing the Security Best Practices
   document as a group Note

   [22]issue 121

     [22] https://github.com/w3c/wot-security/issues/121

   McCool: helpful to have some use cases when we need to modify
   the default CORS behavor.
   ... updates the "Actions" section on the WoT wiki
   ... 1. update references to WoT Security and Privacy
   Considerations (McCool for TD; Elena for Architecture; Zoltan
   for Scripting)
   ... 2. decide whether or not to publish the best practices and
   security testing as Notes (McCool to ask group and Chairs)

   [adjourned]

Summary of Action Items

   See [23]the Action wiki.

     [23] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [24]scribe.perl version 1.154 ([25]CVS log)
    $Date: 2018/12/18 01:45:12 $

     [24] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [25] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 18 December 2018 01:49:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 18 December 2018 01:49:14 UTC