[wot-security] minutes - 5 November 2019 from Kazuyuki Ashimura on 2019-11-18 (public-wot-wg@w3.org from November 2019)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 19 Nov 2019 02:51:44 +0900
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
Message-ID: <CAJ8iq9XowWgCyHVGW_viXUqbu2ercykNzs5B=irDQXnB8aDwaQ@mail.gmail.com>
available at:
  https://www.w3.org/2019/11/05-wot-sec-minutes.html

also as text below.

Thanks a lot for taking the minutes, Elena!

Kazuyuki

---
   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

05 Nov 2019

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Nov_5_2019

Attendees

   Present
          Kaz_Ashimura, Elena_Reshetova, Michael_McCool,
          Oliver_Pfaff, Taki_Kamiya, Tomoaki_Mizushima

   Regrets

   Chair
          McCool

   Scribe
          elena_

Contents

     * [3]Topics
         1. [4]Quick updates
         2. [5]Previous minutes
         3. [6]Time slot for the Security call
         4. [7]Publication status
         5. [8]Privacy risks
         6. [9]Issues and PRs
     * [10]Summary of Action Items
     * [11]Summary of Resolutions
     __________________________________________________________

   <kaz> scribenick: elena_

Quick updates

   McCool: any quick updates?

   noone raised any

Previous minutes

   McCool: any meeting minutes from last time to review?

   <kaz> [12]https://www.w3.org/2019/10/14-wot-sec-minutes.html

     [12] https://www.w3.org/2019/10/14-wot-sec-minutes.html

   <kaz> [13]https://www.w3.org/2019/10/21-wot-sec-minutes.html

     [13] https://www.w3.org/2019/10/21-wot-sec-minutes.html

   <McCool> [14]https://www.w3.org/2019/09/09-wot-sec-minutes.html

     [14] https://www.w3.org/2019/09/09-wot-sec-minutes.html

   minutes from september 9th are already approved

   McCool: 14th of October minutes looking through, no changes
   from my side
   ... any objections to accept minutes?

   no objections

   14th of October is accepted

   McCool: 20th of october: any objections to accepting the
   minutes?

   no objections

   both meeting minutes are accepted

Time slot for the Security call

   McCool: time choice discussion
   ... current slot is not optimal for everyone is it is 3am time
   for Canada, which does not work for me
   ... so we discussing to go back to our previous time on Monday
   ... elena will resolve the problem and we can go back to slot
   9pm on Japan time
   ... does anyone has objections to the 9pm slot on Monday for
   security call?

   no objections raised

   McCool: starting next week we have a call on Mondays at 10pm
   Japan time

   <kaz> ACTION: kaz to allocate a new webex for wot-security on
   Monday at 8an EST (10pm JST)

Publication status

   McCool: next publication status.

   Kaz: there are still several minor errors
   ... PR from Michael is merged

   <kaz> [15]Master branch Editor's draft

     [15] https://w3c.github.io/wot-security/

   <kaz> [16]updated Note3 version generated from the Master
   branch Editor's draft

     [16] https://w3c.github.io/wot-security/releases/note3/Overview.html

   <kaz> [17]Pubrules checker results

     [17]
https://www.w3.org/pubrules/?url=https://w3c.github.io/wot-security/releases/note3/Overview.html&profile=WG-NOTE-Echidna&validation=simple-validation&noRecTrack=true&informativeOnly=true&echidnaReady=true&patentPolicy=pp2004

   McCool: let's look at the current state

   Kaz: current master version has several errors with the
   Pubruels Checker, needs fixing

   McCool: changes that I did recently - deleted summary and added
   change log
   ... in changelog I talk about name change and made summary for
   all the diffs, including from second and first version
   ... also made few minor tweaks
   ... changed to use references for WoT Architecture and WoT TD
   from hyperlinks

   Kaz: need to fix errors including these references
   ... we should check the pubrules checker results

   looking at errors

   3 errors displayed

   <kaz> [18]Pubrules results again

     [18]
https://www.w3.org/pubrules/?url=https://w3c.github.io/wot-security/releases/note3/Overview.html&profile=WG-NOTE-Echidna&validation=simple-validation&noRecTrack=true&informativeOnly=true&echidnaReady=true&patentPolicy=pp2004

   also looking at the warnings

   McCool: let's fix the errors

   Kaz: given that both WoT Architecture and WoT TD refer to WoT
   Security and Privacy Guidelines, the latter one should be
   either published first or on the same day

   McCool: let's do the mandatory fixes now
   ... they should be easy fixes

   McCool is actually doing fixes

   McCool: is best practice document published?

   Kaz: no, and it is ok to refer to it by URL

   McCool fixing duplicate id referral

   McCool commits the changes to master branch

   McCool: kaz should get it finalized and published now
   ... we need to clean up Editors notes in the doc also

   <kaz> [the draft on the master branch has been updated :) ]

Privacy risks

   McCool: looking at the EN on Links
   ... associated with the dereferencing risk
   ... section on privacy needs improvements and updates, also
   associated with identifiers

   with unique cryptographic identifiers

   McCool: let's create an issue for updating this section

   <McCool> [19]https://github.com/w3c/wot-security/issues/140

     [19] https://github.com/w3c/wot-security/issues/140

Issues and PRs

   McCool: let's look at issues and PRs
   ... we should also cleanup our references

   <inserted> [20]PR 137

     [20] https://github.com/w3c/wot-security/pull/137

   looking at PR 137

   <inserted> [21]Issue 123

     [21] https://github.com/w3c/wot-security/issues/123

   McCool: this relates to issue 123
   ... about mixing gateway and proxy terminology
   ... we have other places where we use proxy, so we should not
   make the change for just this one place, because it adds
   inconsistency
   ... we should just explain that proxy is one of the special
   cases of the intermediary

   Taki: makes sense

   McCool: should we add a sentence now before the final
   publication is done or do it after?

   Kaz: first priority is to publish as soon as possible

   McCool: so let's close this PR for now, but in the future
   (after publication is done) to add a sentence explaining proxy
   terminology
   ... let's add an issue to record this action

   <kaz> [22]new Issue 141 for that

     [22] https://github.com/w3c/wot-security/issues/141

   issue 141 created

   McCool: we should go and close some old issues

   <kaz> [23]Issue 134

     [23] https://github.com/w3c/wot-security/issues/134

   looking at issue 134

   McCool: any objections to close this issue?

   McCool closing it

   McCool: we should close the issues next time
   ... if new participants, including Oliver could try to go
   review the document

   Oliver: what is the preferred way of reporting issues?

   McCool: if it is typo, just create PR, if it is a bigger issue,
   create an issue
   ... we are out of time, any other business?
   ... we are proceeding with the publication now

   meeting finished

   <kaz> [adjourned]

Summary of Action Items

   [NEW] ACTION: kaz to allocate a new webex for wot-security on
   Monday at 8an EST (10pm JST)

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [24]scribe.perl version 1.154 ([25]CVS log)
    $Date: 2019/11/18 17:50:28 $

     [24] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [25] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 18 November 2019 17:52:29 UTC