W3C home > Mailing lists > Public > public-wot-ig@w3.org > March 2016

[TF-SP] minutes - 10 March 2016

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Thu, 10 Mar 2016 22:01:59 +0900
Message-ID: <CAJ8iq9Vh3yNS=H7dEBGfohtfppq9vU1q=zn0CAZO5mc1DCuNOg@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>
available at:
  https://www.w3.org/2016/03/10-wot-sp-minutes.html

also as text below.

The next TF-SP call will be held on April 7th.

Thanks,

Kazuyuki

---
   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                          Security task force

10 Mar 2016

   [2]Agenda

      [2]
https://lists.w3.org/Archives/Public/public-wot-ig/2016Mar/0013.html

   See also: [3]IRC log

      [3] http://www.w3.org/2016/03/10-wot-sp-irc

Attendees

   Present
          Kaz, Dave, Oliver, Sebastian, Yingying,
          Sebastian_Kaebisch

   Regrets
   Chair
          Oliver

   Scribe
          kaz

Contents

     * [4]Topics
         1. [5]how to re-energize the security/privacy work
         2. [6]Landscape document
         3. [7]Current practice document
         4. [8]F2F, Plugfest in Montreal
         5. [9]Charter items
     * [10]Summary of Action Items
     * [11]Summary of Resolutions
     __________________________________________________________

how to re-energize the security/privacy work

   (brain storming)

   kaz: TV Control API CG has started their phase 2 work
   ... and interested in security/privacy
   ... so far they're thinking about collaboration with the
   Automotive group
   ... but collaboration with this WoT-SP would also make sense

   oliver: ok. let me know about their opinions, etc.
   ... we should be able to respond to them
   ... there is already public information
   ... so we can show it to them

Landscape document

   -> [12]http://w3c.github.io/wot/landscape.html Landscape
   document on GitHub

     [12] http://w3c.github.io/wot/landscape.html

   oliver: sharing the document on the webex
   ... not updating for awhile

Current practice document

   ->
   [13]http://w3c.github.io/wot/current-practices/wot-practices.ht
   ml#security-considerations-1 Security consideration for AP from
   the Current Practice document

     [13]
http://w3c.github.io/wot/current-practices/wot-practices.html#security-considerations-1

   oliver: question to Sebastian

   sebastian: updating the TD section
   ... what kind of security portion should be considered?
   ... to get access for resources
   ... what kind of security token for server?
   ... discussion using email
   ... first idea
   ... will talk during the TD call next week as well
   ... one part is how would the security information be provided?
   ... how to interact with services?
   ... how we can protect TD itself?
   ... interesting issues to consider

   oliver: the second one is more important
   ... it's design work
   ... protect TD
   ... my recommendation is accessing things should be the
   priority
   ... wrapper for things
   ... would suggest prioritize that
   ... and could think about other topics later
   ... skimming the document
   ... explaining the problems
   ... not yet have information from the email exchanges
   ... showing "Protecting TD Objects" section
   ... the second part is more important
   ... "Describing prerequistes for accessing things"
   ... would be the fundamental work

   sebastian: ok. will do.

   oliver: 3.2.3 Security Considerations
   ... not giving the answer yet
   ... need more coverage
   ... maybe need to talk with Johannes

   sebastian: will do that too.

F2F, Plugfest in Montreal

   oliver: we've been taking care of security as well for our
   plugfest
   ... e.g., in Nice
   ... would have same features in Montreal as well
   ... plan to offer an extension
   ... probably could provide something in June

   sebastian: in Nice we already had security scenario
   ... but security description was not used within the Thing
   Description
   ... we need security description within TD
   ... the point is small change in TD
   ... additional features
   ... how about that?

   oliver: could be done
   ... 2 issues
   ... we have server-side component
   ... don't require to change that part
   ... how to document?
   ... timing issue
   ... the other thing is
   ... error response from the server
   ... natural approach would be rewrite the description
   ... client should understand the security token
   ... the second step is putting that into TD
   ... but not enough time to do really fundamental things
   ... but would be welcome if you try
   ... for Montreal, could display security
   ... not as abstract but concrete Thing Description

   sebastian: not involved in the security plugfest so far
   ... panasonic made much effort
   ... security and communication
   ... maybe I should check that beforehand

   oliver: light-weight way for prototype in non-normative way
   ... prototype object as a part
   ... next discussion would be how to create automatic sessions
   ... would make a display object
   ... logic by a state management engine
   ... can be done by the Montreal meeting
   ... BTW, I can't make my travel for the Montreal meeting...
   ... I could prepare for those topics including the state engine
   ... and could offer information to TD and AP

   sebastian: sounds like a good idea

   oliver: we should try to define
   ... that's all from my side for the Montreal meeting

Charter items

   ->
   [14]https://github.com/w3c/wot/blob/master/WG/wot-wg-items.md
   Charter items

     [14] https://github.com/w3c/wot/blob/master/WG/wot-wg-items.md

   <dsr> draft charter (viewable in browser)
   [15]https://w3c.github.io/charter-drafts/wot-wg-2016.html

     [15] https://w3c.github.io/charter-drafts/wot-wg-2016.html

   kaz: Dave has created an HTML version above

   oliver: two sections for security
   ... 1.1 Thing Descriptions
   ... the second bullet is on security
   ... and 1.2 Scripting APIs
   ... the second bullet again is on security
   ... where to add security portion?

   dsr: we have to define deliverables
   ... and put more details
   ... mentioned during the AP call yesterday as well
   ... need information on prototype implementations
   ... also proof-of-concepts
   ... to justify the need for this work
   ... and convince corporate managers
   ... we have architecture document and current practice document

   oliver: it would make more sense to extend the best practice
   document?
   ... what should be the starting point?
   ... also would be difficult to work for the following weeks due
   to vacation...

   dsr: explains the importance of additional information

   oliver: was in contact with vendors
   ... solid foundation than having paper only
   ... would go into the best practice document
   ... there are technologies there
   ... would suggest we update the best practice document
   ... elaborate the text

   dsr: we have focus on some specific technology
   ... not sure in terms of text for the charter
   ... we have references
   ... on the GitHub site
   ... could add links to the architecture/current practice
   documents

   oliver: alright

   dsr: there is a bullet point mentioning privacy poicies, access
   control, etc.
   ... linked data vocabulary might be too ambitious for
   short-term
   ... we need to clarify
   ... we have to explain that

   oliver: alright
   ... don't think "trust assertions" are too far away
   ... but we need to have components for security
   ... we have had some of them during plugfest demos
   ... would suggest we continue discussion using emails

   dsr: ok

   oliver: action item on trust assertions
   ... that's all for today from my viewpoint
   ... anything else to talk today?

   (none)

   oliver: a couple of follow-ups to do
   ... next call will be April 7th
   ... meaning no call on March 24th

   [ adjourned ]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [16]scribe.perl version
    1.144 ([17]CVS log)
    $Date: 2016/03/10 12:58:30 $

     [16] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [17] http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 10 March 2016 13:03:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:26:56 UTC