W3C home > Mailing lists > Public > public-wot-ig@w3.org > November 2018

[wot-security] minutes - 15 October 2018

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Wed, 7 Nov 2018 21:49:47 +0900
Message-ID: <CAJ8iq9XpYN3jORPXgHyvY-3CqTjjKp6mpejqwFuPMkxnVEm=1w@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
  https://www.w3.org/2018/10/15-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Zoltan!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

15 Oct 2018

Attendees

   Present
          Michael_McCool, Elena_Reshetova, Michael_Lagally,
          Ryo_Kajiwara, Tomoaki_Mizushima, Kaz_Ashimura,
          Zoltan_Kis

   Regrets

   Chair
          McCool

   Scribe
          zolkis

Contents

     * [2]Topics
         1. [3]Review of minutes from last meeting
         2. [4]Status of W3C Note publication
         3. [5]TPAC and PlugFest planning
         4. [6]Best Practices document
     * [7]Summary of Action Items
     * [8]Summary of Resolutions
     __________________________________________________________

   <scribe> scribenick: zolkis

Review of minutes from last meeting

   <McCool> minutes from Oct 8 have been approved

   <McCool> [9]https://www.w3.org/2018/10/08-wot-sec-minutes.html

      [9] https://www.w3.org/2018/10/08-wot-sec-minutes.html

Status of W3C Note publication

   McCool: any updates on the Notes?

   Kaz: not yet

   McCool: people see a very old version, so it would be nice to
   publish

TPAC and PlugFest planning

   McCool: TPAC Monday, DAS meeting the whole day - figuring out
   which topics are interesting there
   ... on Tuesday there are less relevant topics
   ... anyway Monday morning is the best to have the Security
   meeting
   ... the place needs to be figured out
   ... by default the lobby of Marriott
   ... discussing other conflict on Thursday afternoon
   ... discussing Friday agenda on Security: 45 mins to present
   the output of the Monday meeting
   ... should discuss the TD and Scripting API Security sections
   ... should get decision about accepting them

   Elena: for Scripting it is already merged

   McCool: discussing Testing topics

   Zoltan: can we make reproduceable examples for correct Security
   setups

   McCool: yes it is in the works, started with the proxy work -
   will be discussed under Testing

   Elena: what is the Developer Meetup on Monday evening?

   McCool: it is a networking event organized by the Univ. of
   Lyon, pretty informal
   ... discussing Friday agenda for Best Practices

   MMC has updated the F2F wiki

Best Practices document

   Elena: one week left, for Best Practices and Testing; what are
   the priorities

   McCool: the former has priority
   ... security for Thing Directory should be discussed

   Elena: how do we want to describe secure transport

   McCool: we should only describe how to use the protocols, not
   focusing about their vulnerabilities
   ... (referring to HTTPS, CoAPS, MQTTS)

   Elena: so no examples required at the moment, just summaries

   McCool: the purpose is to limit testing to certain known
   combinations
   ... we test best practices mainly
   ... we care not about the authentication servers, but the
   bearer tokens
   ... we test network interfaces, not really scripts

   Elena: status of object security for CoAP?
   ... expired this year?

   McCool: need to figure out; end to end security is most
   interesting in regards to CoAP/HTTP setups
   ... we should focus on CoAP
   ... test plan should focus on known sets
   ... we should focus on the essentials, perhaps one security
   setup for each protocol

   Elena: will use the week to figure this out

   McCool: use the Test Plan document as well
   ... meeting adjourned

Summary of Action Items

   See [10]the Action wiki.

     [10] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [11]scribe.perl version
    1.152 ([12]CVS log)
    $Date: 2018/10/16 18:08:20 $

     [11] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [12] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 7 November 2018 12:50:53 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 November 2018 12:50:53 UTC