[wot-security] minutes - 23 August 2017 from Kazuyuki Ashimura on 2017-08-24 (public-wot-ig@w3.org from August 2017)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Fri, 25 Aug 2017 03:16:36 +0900
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
Message-ID: <CAJ8iq9VtT=jLU5sefpUNMpQmT9kcKyWHu6nARz=pKorn7b7Tag@mail.gmail.com>
available at:
  https://www.w3.org/2017/08/23-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Elena!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

23 Aug 2017

   See also: [2]IRC log

      [2] http://www.w3.org/2017/08/23-wot-sec-irc

Attendees

   Present
          Kaz_Ashimura, Elena_Reshetova, Michael_Koster,
          Soumya_Kanti_Datta, Tomoaki_Mizushima, Zoltan_Kis,
          Michael_McCool, Barry_Leiba, Katsuyoshi_Naka

   Regrets
   Chair
          McCool

   Scribe
          elena

Contents

     * [3]Topics
         1. [4]Logistics
         2. [5]Documents status
         3. [6]IEEE Workshop
     * [7]Summary of Action Items
     * [8]Summary of Resolutions
     __________________________________________________________

   <kaz> scribenick: elena

Logistics

   McCool: agenda, change security task force meeting to Monday
   3pm finland time?

   no objections, meeting time changed

Documents status

   McCool: next agenda item, first draft for overall arch. and TD
   document security sections
   ... next wednesday, Aug. 30, is fist deadline
   ... monday is a final time for changes, after goes to review
   ... another item overal direction, general things go to
   architecture document, td doc only to have specifics

   <zkis> elena: yes, PR was made to mccool's repo with the TD

   next we are discussing PR that elena did with changes in TD
   security section

   pr would be accepted to mccool repo, he would cleanup etc

   elena: it would be nice to cross reference to threat model
   ... when writing security sections in different docs

   McCool: insert link to threat model in TD security section

   elena: use of secure transport should move to general
   architecture doc section

   <McCool>
   [9]https://github.com/mmccool/wot-architecture/tree/security

      [9] https://github.com/mmccool/wot-architecture/tree/security

   McCool: what pieces from generic practice document should be
   moved to the security architecture or TD sections?
   ... will do a first pass on generic arch. document security
   section, elena will take second pass

   <kaz>
   [10]https://github.com/w3c/wotwg/pull/5#issuecomment-32374263

     [10] https://github.com/w3c/wotwg/pull/5#issuecomment-32374263

   kaz: what is procedure from url above?

   <kaz>
   [11]https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fw3c.git
   hub.io%2Fwot-scripting-api%2F&doc2=https%3A%2F%2Fraw.githubuser
   content.com%2Fdanielpeintner%2Fwot-scripting-api%2Fmaster%2Find
   ex.html htmldiff

     [11] https://services.w3.org/htmldiff?doc1=https://w3c.github.io/wot-scripting-api/&doc2=https://raw.githubusercontent.com/danielpeintner/wot-scripting-api/master/index.html

   we will do html diff according to above

   zkis, could McCool merge the PR above from Zoltan?

   <kaz> kaz: Zoltan was proposing a procedure (pullrequest 5) and
   everybody is encouraged to use htmldiff

   <kaz> [12]https://github.com/w3c/wotwg/pull/5

     [12] https://github.com/w3c/wotwg/pull/5

   RESOLUTION: will be merged

   McCool: access token currently for entire TD and not for
   individual entries

   elena: this is not good and won't scale in general

   McCool: we will need to double check this and discuss further
   ... minimize application functionality should go to general
   architecture

   <kaz> [13]pullrequest for wot-thing-description on McCool's
   repo

     [13] https://github.com/mmccool/wot-thing-description/pull/1

   McCool: testing should also be moved into general document
   ... WoT API needs to be added to terminology list for further
   discussion

   question: what should be extracted from the WoT Current
   Practices document security section?

   elena: will take a pass on thinking and moving stuff

   <kaz> [14]WoT Best Practices document

     [14] http://w3c.github.io/wot/current-practices/wot-practices.html

   McCool will create first PR, elena will do a next pass

   everyone should read it and say their objections if any or
   recommendations

   McCool: what are the best available practices and reference to
   them?

   McCool will update the list of references from set that people
   recommended over email

IEEE Workshop

   McCool: we need to submit proposal for workshop for S&P IEEE
   workshop by 20 of september

   anyone wants to volunteer?

   <kaz> [15]IEEE workshop page

     [15] https://www.ieee-security.org/TC/SP2018/cfworkshops.html

   McCool will try to do the first pass on it

   others need to review

   we should discuss it during next meeting

   McCool: will ask around who else wants to participate in
   workshop/share costs
   ... workshop probably is one day and asking people to submit
   short papers

   kaz: we will need to talk about it during next chairs meeting

   another option to consider is NDSS workshop in February

   but deadline is august 31st, so very soon

   next meeting is next monday

Summary of Action Items

Summary of Resolutions

    1. [16]will be merged

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [17]scribe.perl version
    1.152 ([18]CVS log)
    $Date: 2017/08/24 18:13:22 $

     [17] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [18] http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 24 August 2017 18:17:48 UTC