RE: draft WG charter for review from Lynn, James (Fortify on Demand) on 2015-08-06 (public-wot-ig@w3.org from August 2015)

From: Lynn, James (Fortify on Demand) <james.lynn@hp.com>
Date: Thu, 6 Aug 2015 11:21:05 +0000
To: Dave Raggett <dsr@w3.org>
CC: Public Web of Things IG <public-wot-ig@w3.org>
Message-ID: <B87EBCE245953F46842BEF54DE7B858E6973ED05@G4W3204.americas.hpqcorp.net>

Dave,

Quite honestly I don’t yet know how it should be covered, but I do believe it should be. Therefore I don’t think it should be in the Out of Scope list. Figuring out how it is covered should be one of the deliverables for the SP task force.

And barring any further unforeseen crises I do plan to be in Sapporo.

J

From: Dave Raggett [mailto:dsr@w3.org]
Sent: Thursday, August 06, 2015 5:28 AM
To: Lynn, James (Fortify on Demand)
Cc: Public Web of Things IG
Subject: Re: draft WG charter for review

Hi James,

How do you suggest this be covered in the charter?   We could have a Working Group Note that provides guidance on security and privacy issues/concerns.  We could have short informative sections in each of the Recommendation track deliverables.

p.s. we missed you in Sunnyvale last week!

Best regards,
   Dave


On 5 Aug 2015, at 21:28, Lynn, James (Fortify on Demand) <james.lynn@hp.com<mailto:james.lynn@hp.com>> wrote:

Dave,

I do not think we should declare all security (or privacy) issues out of scope for the WG. As you noted in the draft, there is some uncertainty at the W3C level as to what should be done, but I do believe we can at least identify key areas of concern and known risks in deploying WoT solutions. So while we may not be able to specify recommendations for authorization and authentication mechanisms, we could, for example, we could point out that sufficient mechanisms should be in place. In such cases this may only entail a reference to some other W3C WG deliverable. I especially think we should focus on identifying security and privacy issues/concerns that are not typically treated in typical Web solutions.

I assume Oliver will have already formed an opinion on this as well.

Jim Lynn
Hewlett Packard Enterprise

From: Dave Raggett [mailto:dsr@w3.org]
Sent: Wednesday, August 05, 2015 2:33 PM
To: Public Web of Things IG
Subject: draft WG charter for review

Following the discussion in Sunnyvale, I have created a first draft for the charter for the proposed web of things framework working group and invite your comments, either as pull requests or email to this list with the prefix [WG Charter]

  https://github.com/w3c/wot/blob/master/WG/charter.md


In particular, the current draft excludes work on encodings and APIs, but cites a dependency on the EXI WG. I have included an initial list of other relevant W3C groups and groups outside of W3C.

When considering additional work items, please think about whether they would be a good for this working group or better suited to another working group.

—
   Dave Raggett <dsr@w3.org<mailto:dsr@w3.org>>




—
   Dave Raggett <dsr@w3.org<mailto:dsr@w3.org>>

Received on Thursday, 6 August 2015 11:22:33 UTC