- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Thu, 6 Dec 2018 11:17:24 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2018/11/26-wot-sec-minutes.html
also as text below.
Thanks a lot for helping the scribe role, Michael McCool!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
26 Nov 2018
Attendees
Present
Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
kaz, McCool
Contents
* [2]Topics
1. [3]Prev minutes
2. [4]Publication status
3. [5]Testing criteria
4. [6]Security issues
5. [7]TestFest doodle?
* [8]Summary of Action Items
* [9]Summary of Resolutions
__________________________________________________________
<inserted> scribenick: kaz
Prev minutes
<McCool> [10]https://www.w3.org/2018/11/19-wot-sec-minutes.html
[10] https://www.w3.org/2018/11/19-wot-sec-minutes.html
McCool: skip it and will review the previous minutes next week
Publication status
Kaz: will handle it right after the scripting api
... hopefully this week
Testing criteria
<McCool>
[11]https://github.com/w3c/wot/blob/master/testing/criteria.md
[11] https://github.com/w3c/wot/blob/master/testing/criteria.md
<McCool> Note point 4 under "charter requirements"
<McCool> (Under "Other Deliverables") WoT Test Cases: This
document is part of the W3C CR process test suite and defines
test cases corresponding to technical issues addressed by the
WG. They also help to evaluate the interoperability among the
test suite implementations as well as external implementations,
e.g., open source projects.
McCool: the WG Charter mentions the above
<McCool> and point 1
<McCool> In order to enhance the security of WoT systems, we
will also generate and implement a security testing plan which
will include both functional and adversarial testing of the
proposed standards and their implementations. We will only
recommend an implementation of the proposed standards for use
in production once it has passed such testing.
<inserted> scribenick: McCool
McCool: functional security testing will be included in normal
testing of other assertions
... but we need adversarial testing plan
... do we want a separate document for security testing?
Kaz: separate document for security testing would be better
[12]https://github.com/w3c/wot-security/issues/122
[12] https://github.com/w3c/wot-security/issues/122
Security issues
scribenick: kaz
<kaz> [13]wot-security issues
[13] https://github.com/w3c/wot-security/issues
<kaz> [14]issue 61
[14] https://github.com/w3c/wot-security/issues/61
McCool: added a comment to check with Wendy
<kaz> [15]issue 50
[15] https://github.com/w3c/wot-security/issues/50
McCool: closed
<kaz> [16]issue 23
[16] https://github.com/w3c/wot-security/issues/23
McCool: added a comment
... could be where we satisfy the need for a security testing
plan
scribenick: McCool
McCool: in particular, perhaps the right place for the
"security testing plan" (to satisfy the charter) is in a
validation section of the security and privacy considerations
document
scribenick: kaz
McCool: need to talk with Elena about 21 and 20
TestFest doodle?
McCool: maybe we could replace all the WoT calls with TestFest
Kaz: we can include Tuesday again. right?
McCool: right
Kaz: shall I create a doodle for that now?
McCool: maybe we can wait until Wednesday and ask people
Kaz: ok
McCool: we could have a specific version of TD as the basis of
the tests in December
... but the final version to be generated by the end of Jan
[adjourned]
Summary of Action Items
See [17]the Action wiki.
[17] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [18]scribe.perl version 1.154 ([19]CVS log)
$Date: 2018/11/26 22:48:54 $
[18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[19] http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 6 December 2018 02:18:26 UTC