- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 17 Apr 2018 21:53:18 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2018/04/09-wot-sec-minutes.html
also as text below.
Thanks a lot for taking these minutes, Soumya!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
09 Apr 2018
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Michael_Koster, Soumya_Kanti_Datta, Kazuaki_Nimura,
Tomoaki_Mizushima, Barry_Leiba, Zoltan_Kis
Regrets
Chair
McCool
Scribe
Soumya
Contents
* [3]Topics
1. [4]Previous minutes
2. [5]NDSS paper
3. [6]Pullrequests
4. [7]Planning
5. [8]issues
* [9]Summary of Action Items
* [10]Summary of Resolutions
__________________________________________________________
<kaz> scribenick: Soumya
Previous minutes
<McCool> [11]https://www.w3.org/2018/03/19-wot-sec-minutes.html
[11] https://www.w3.org/2018/03/19-wot-sec-minutes.html
mccool: talks about prev minutes
... shows the agenda
... accepts the minutes, no objections heard, minutes accepted.
NDSS paper
mccool: note - tomorrow is the final deadline for NDSS paper
... already uploaded, 24 hour for any last min changes
<McCool>
[12]https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-di
ss-008.pdf
[12] https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-diss-008.pdf
mccool: overview of changes
... identify for things, brought up the issue in the paper,
potential issues for privacy
... asks the participants to review
... discusses new additions to the wot-sec paper in NDSS
workshops
... discussion on tokens for RBAC
<Zakim> kaz, you wanted to wonder about the URLs for WoT drafts
<kaz> ACTION: kaz to provide updated/correct URLs for the WoT
drafts
Pullrequests
mccool: next topic is two PRs
... we have choice in order of acceptance
... quickly review the changes in security metadata
... merge as it
elena: main doc will have lifecycle drawing from Matthias
mccool: someone may have committed directly in master branch on
lifecycle
<kaz> [13]pullrequest 88
[13] https://github.com/w3c/wot-security/pull/88
mccool: need a common master, changes can be done later
... simple changes related to JSON LD 1.1
... discussing PR 88
koster, mccool: discussion on authentication and authorization
koster: kerboros and openAPI follow diff things, have to be
careful
... authorization is the correct term, when authentication
comes - things might get complicated
mccool: shows the changes in TD example regarding security
metadata
<McCool>
[14]https://github.com/mmccool/wot-security/blob/f007a7309a6ac3
aeb14f1200fc21a9b33c386038/wot-security-metadata.md
[14] https://github.com/mmccool/wot-security/blob/f007a7309a6ac3aeb14f1200fc21a9b33c386038/wot-security-metadata.md
mccool: token - highlight bearer or pop
... added that in metadata
... thinking about profile for admin, security configuration
... diff config for diff protocols
... not sure how to deal with that and scopes in case of oauth
... could give scope and lookup scope from a listing
... might be complicated
elena: still can implement this, might not need it yet, not do
anything about it yet
mccool: syntax change to be addressed first
... then consider roles (if we need)
elena: not sure how to define roles
... what types of roles make sense
mccool: current example not ready for merging
... should be inline with new TD, need some cleaning
... would like to merge the other PR
... showing PR 87
... any objection from anyone?
none heard
mccool: merges it
... other PR is going on working branch
<kaz> [15]pullrequest 87
[15] https://github.com/w3c/wot-security/pull/87
Planning
mccool: asks about any additional topic for 'what next?'
barry gives IETF WG names TEEP, SUIT
mccool: going into lifecycle
... matthias is creating a general version of lifecycle?
elena: yes, adapt to that
... it was agreed in last f2f
mccool: discuss more on next IG/WG call
... testing and validation
... created some notes on this
... asks barry to walk us through the ietf wgs
... request a security review from w3c sec group
kaz points out that it is an IG
mccool: need external security review but not yet there
... need a version ready to review
... need to start planning for next plugfest
... asks barry about IETF WGs
barry: can write and post in the MLs
... teep is aimed at the idea that execution env in a device is
divided into trusted and untrusted env. driven by ARM and Intel
... SUIT - keep software updated for IoT
... relationship b/w is - proposed in the same time and have
some overlaps
mccool: capture some writeup in a md file
barry: agrees
mccool: goes to testing and validation
... shows a github page for this
... penetration testing ...
... pick a suite that makes sense there
... sec review to be included
elena: wot certified test suite?
mccool: markup (must, should, may) and test suites
... go through normative specs, mark (must, should, may)
... testing ontologies (out of scope)
<McCool> [16]initial testing content
[16] https://github.com/w3c/wot/pull/439
mccool: asks for review
... discuss more on wednesday
issues
mccool: initial content for industrial infrastructure
... shows an issue
<kaz> [17]issue 21
[17] https://github.com/w3c/wot-security/issues/21
mccool: try to capture requirements in an industrial use case
mccool, elena discusses if industrial a strict superset of
enterprise
koster asks the definition of industrial or enterprise
mccool: looks at issue tracker
elena: complete some pending tasks
mccool: suggests creating a PR
... next time - retire some issues
<kaz> [18]e.g., issue 65
[18] https://github.com/w3c/wot-security/issues/65
mccool: AOB?
meeting adjourned ...
Summary of Action Items
[NEW] ACTION: kaz to provide updated/correct URLs for the WoT
drafts
[NEW] ACTION: barry to provide information on 2 new IETF groups
(TEEP, SUIT)
[NEW] ACTION: mccool to talk with security guys about
testing/validation timeline
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [19]scribe.perl version
1.152 ([20]CVS log)
$Date: 2018/04/17 12:48:38 $
[19] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[20] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 17 April 2018 12:54:28 UTC