- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 18 Dec 2018 10:48:07 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2018/12/03-wot-sec-minutes.html
also as text below.
Thanks a lot for taking these minutes, Zoltan!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
03 Dec 2018
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Tomoaki_Mizushima, Zoltan_Kis, Yosuke_Nakamura
Regrets
Chair
McCool
Scribe
zolkis, kaz
Contents
* [3]Topics
1. [4]Previous minutes
2. [5]Publication status
3. [6]Possible new group notes
4. [7]PR 63 on wot-architecture
5. [8]PR 63 for the WoT Architecture
6. [9]AOB
7. [10]Remaining issues
* [11]Summary of Action Items
* [12]Summary of Resolutions
__________________________________________________________
Previous minutes
<kaz> [13]https://www.w3.org/2018/11/19-wot-sec-minutes.html
[13] https://www.w3.org/2018/11/19-wot-sec-minutes.html
<kaz> [14]https://www.w3.org/2018/11/26-wot-sec-minutes.html
[14] https://www.w3.org/2018/11/26-wot-sec-minutes.html
<zolkis> scribenick zolkis
McCool: reviewing past minutes
... discussing testfest from Dec 10.
... security testing should be discussed
... any comments on the past minutes?
past minutes approved
McCool: discussing past minutes from Nov. 19
... approved
publication status
Kaz: still pending; some checker issues still
... but will publish today
McCool: for each publication we need separate repo?
Kaz: yes (Echidna policy)
... separate documents such as Best practices will need a
separate repo, not only separate directory
... different versions of the same document are in separate
directories
McCool: short update on TD implementation report
... added security section
<McCool>
[15]https://github.com/mmccool/wot-thing-description/tree/updat
ed-test-results/testing
[15] https://github.com/mmccool/wot-thing-description/tree/updated-test-results/testing
<McCool>
[16]https://github.com/w3c/wot-thing-description/pull/314
[16] https://github.com/w3c/wot-thing-description/pull/314
Possible new group notes
McCool: new documents are Security Best Practices and Security
Test Plan
... the question is how to publish them as Notes
Kaz: group Notes would be nice
McCool: considering to have them as IG Notes, not WG Notes
Kaz: not big difference between a WG Note and an IG Note. (the
question is rather that the current WG Charter mentions the
security testing instead of the current IG Charter.)
McCool: if WG charter not renewed, the IG would still host it
... would like to maintain the documents for a longer term
... other opinions?
... we will need separate repositories anyway; we can decide
later
PR 63 on wot-architecture
[17]https://github.com/w3c/wot-architecture/pull/63
[17] https://github.com/w3c/wot-architecture/pull/63
ER: walking through the PR (is part of the Scripting PR)
... someone needs to check it against the terms used in WoT
Architecture doc
McCool: added reference to Security doc; perhaps update the
date
Zoltan: what about removing the date, it's the latest anyway
McCool: also check the reference in the other docs: TD and
Scripting
... checking references of Security doc in the other specs
<kaz> scribenick: kaz
McCool: will check the TD document and fix it
Elena: will fix the Scripting API document
McCool: will fix both the references to the wot-security and
wot-bestpractices from the TD draft
PR 63 for the WoT Architecture
[18]PR 63 for WoT Architecture
[18] https://github.com/w3c/wot-architecture/pull/63
McCool: will poke Matthias during the Chairs call
Zoltan: also made some comments
[19]Zoltan's comments
[19] https://github.com/w3c/wot-architecture/pull/63#issuecomment-443631676
McCool: will poke Matthias and Matsukura-san
... and Kajimoto-san
Kaz: Matsukura-san and Kawaguchi-san had started to work on
this
... so they also should add their names to the Editors list
AOB
Elena: wondering what to do for the next week given there will
be the TestFest
McCool: people will have implementations to be tested
... testfest for arbitrary testing
... we'll gain experience for our actual testfest in January
Elena: VPN setting would take long...
McCool: trying to back up my previous setting
... can give you access to my repo
... would like to improve the setup so that you can use it
easier
... another option might be "node-wot"
... you can go to eclipse/thingweb.node-wot/examples/scripts
... it's open source and you can copy them
... would suggest you use a Linux systm with Python, etc.
... we can discuss the setting on Wednesday
Elena: I have a Linux machine :)
Remaining issues
McCool: we still have 26 remaining issues...
[20]WoT Security issues
[20] https://github.com/w3c/wot-security/issues
[21]issue 102
[21] https://github.com/w3c/wot-security/issues/102
McCool: adds comments
... on the idea of publishing the Security Best Practices
document as a group Note
[22]issue 121
[22] https://github.com/w3c/wot-security/issues/121
McCool: helpful to have some use cases when we need to modify
the default CORS behavor.
... updates the "Actions" section on the WoT wiki
... 1. update references to WoT Security and Privacy
Considerations (McCool for TD; Elena for Architecture; Zoltan
for Scripting)
... 2. decide whether or not to publish the best practices and
security testing as Notes (McCool to ask group and Chairs)
[adjourned]
Summary of Action Items
See [23]the Action wiki.
[23] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [24]scribe.perl version 1.154 ([25]CVS log)
$Date: 2018/12/18 01:45:12 $
[24] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[25] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 18 December 2018 01:49:13 UTC