W3C home > Mailing lists > Public > public-wot-ig@w3.org > February 2018

[wot-security] minutes - 5 February 2018

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 12 Feb 2018 23:59:13 +0900
Message-ID: <CAJ8iq9VTdjj6UKJAZRUJzweRJypJLiqr8q94XvBi-LLnTxcvdg@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
  https://www.w3.org/2018/02/05-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Michael Lagally!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

05 Feb 2018

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Michael_Lagally, Tomoaki_Mizushima

   Regrets

   Chair
          McCool

   Scribe
          mlagally, mlagally__

Contents

     * [3]Topics
         1. [4]Agenda
         2. [5]Previous minutes
         3. [6]Security review
         4. [7]Lifecycle
         5. [8]Planning
         6. [9]Review of F2F topics and agenda
         7. [10]GitHub issues
     * [11]Summary of Action Items
     * [12]Summary of Resolutions
     __________________________________________________________

   <kaz> scribenick: mlagally__

Agenda

   mccool: please review agenda and add missing things
   ... we have 2 more calls to prepare for the plugfest

Previous minutes

   <kaz> [13]prev minutes

     [13] https://www.w3.org/2018/01/29-wot-sec-minutes.html

   kaz: we should update "Agenda" to "Plugfest template" in last
   call's minutes

   elena: "security bootstrapping" should be called just
   "bootstrapping"

   mccool: IETF draft for draft-garcia-core-security-06 not
   finalized
   ... alignment of terminology would be desirable
   ... having same state diagram will be better

   minutes are accepted with above change

   mccool: terminology should be clarified further, aligned with
   ietf, if possible

Security review

   mccool: we missed deadline for 2nd draft, should target
   plugfest
   ... security review of other TF documents should be reviewed
   from security POV, presented at plugfest
   ... for next call I will work on template
   ... not too much feedback on template presentation to plugfest
   group
   ... merge of Michael Koster's template and our template should
   happen, Michael Koster has the AI
   ... if you have time to review security template, please work
   on that

   elena: I take an AI to check Michael Kosters template to check
   what we're missing in the current template

   mccool: Security checklist is under "checklists" under plugfest
   directory

   <McCool> Need to convert to markdown, merge with Michael
   Koster's template

   <kaz> [14]Koster's slides

     [14] https://github.com/mjkoster/wot-protocol-binding/blob/master/plugfest-prague.pdf

Lifecycle

   elena: picture was updated terminology cleaned up
   ... "security bootstrapping" will be renamed after the call

   <kaz> [15]pullrequest 63 - initial text for lifecycle

     [15] https://github.com/w3c/wot-security/pull/63/files

   mccool+elena: discussing details of the diagram
   ... reprovisioning of same device to a different context is
   possible. What happens for decommissioning?

   mccool: we could use labels to show decommissioning

   mccool+elena: discussion on diagram aspects for
   "decommissioning" continues
   ... we could have 2 parallel chains of operation states, I can
   draft a diagram
   ... I'll accept Elena's pr into the working draft, if all are
   ok

   accepted with no objections

Planning

   mccool: need concrete discussion around OAuth and Tokens, need
   to update thing description
   ... we don't have much time before the plugfest
   ... we could just do a minor document update for the plugfest,
   after that we can do concrete work based on the results of the
   plugfest
   ... around March 10th target a document update
   ... target content: finalize editorial comments, validation

   elena: I should do part of section 4, forward proxy scenario in
   section 5

   mccool: industrial use cases are missing, we're weak on that
   ... need to work on those too in the next month
   ... 1 month after plugfest we'll have another update including
   the practical results of the plugfest
   ... discussion planning details for Feb 12th call
   ... we should review doc from the other TF groups
   ... they are not final yet
   ... let's assume documents are final by this Friday (Feb 9th)

   elena: I volunteer for scripting API

   mccool: I'll look at TD
   ... just high level review of the doc - we only have 5 mins to
   discuss - what needs to be done has to be documented
   ... I'm unavailable for Feb 19th - reschedule or cancel ? -
   will do doodle poll

Review of F2F topics and agenda

   mccool: need to flesh out use case section, I'm working on
   payment, validation needs to be added too to the document

   <updating Prague F2F Wiki page>

   mccool: will review F2F topics again next week

GitHub issues

   elena: we should review github issues that we need to bring
   into the F2F discussion

   <kaz> [16]issue 61

     [16] https://github.com/w3c/wot-security/issues/61

   elena: we can put labels on issues
   ... to mark affected group/document

   <kaz> (McCool adds labels to some of the issues)

   elena: I'll do that offline

   meeting adjourned

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [17]scribe.perl version
    1.152 ([18]CVS log)
    $Date: 2018/02/06 05:26:58 $

     [17] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [18] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 12 February 2018 15:00:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 12 February 2018 15:00:24 UTC