[wot-security] minutes - 28 August 2017

available at:
  https://www.w3.org/2017/08/28-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Uday!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

28 Aug 2017

   See also: [2]IRC log

      [2] http://www.w3.org/2017/08/28-wot-sec-irc

Attendees

   Present
          Kaz_Ashimura, Elena_Reshetova, Michael_Koster,
          Michael_McCool, Uday_Davuluru, Zoltan_Kis,
          Reshetova_Elena

   Regrets
   Chair
          McCool

   Scribe
          uday

Contents

     * [3]Topics
         1. [4]Architecture FPWD
         2. [5]TD FPWD
         3. [6]Architecture FPWD - revisited
         4. [7]IEEE Workshop Proposal
     * [8]Summary of Action Items
     * [9]Summary of Resolutions
     __________________________________________________________

   <kaz> scribenick: uday

Architecture FPWD

   McCool: Discusses issue 32
   ... WoT Interface definition clarification

   <kaz> [10]architecture issue 32

     [10] https://github.com/w3c/wot-architecture/issues/32

   Elena: in threat model, interfaces are directly exposed

   <kaz> [11]terminlogy

     [11] https://github.com/w3c/wot-architecture/blob/master/terminology.md

   McCool: no separate WoT interface

TD FPWD

   <kaz> [12]Thing Description issue 32

     [12] https://github.com/w3c/wot-thing-description/pull/32

   McCool: change WoT API to WoT interface

   <McCool>
   [13]https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fraw.git
   hubusercontent.com%2Fw3c%2Fwot-thing-description%2Fmaster%2Find
   ex.html&doc2=https%3A%2F%2Fraw.githubusercontent.com%2Fmmccool%
   2Fwot-thing-description%2Fsecurity%2Findex.html

     [13] https://services.w3.org/htmldiff?doc1=https://raw.githubusercontent.com/w3c/wot-thing-description/master/index.html&doc2=https://raw.githubusercontent.com/mmccool/wot-thing-description/security/index.html

   <kaz> HTML diff above

   <McCool> WoT API -> WoT Interface

   <McCool> API -> WoT Interface

   <McCool> WoT Protocol -> WoT Communication

   Elena: to update changes in Threat model document

   McCool: to clean content in TD document

Architecture FPWD - revisited

   <kaz> [14]Architecture issue 32

     [14] https://github.com/w3c/wot-architecture/issues/32

   McCool: restructuring architecture document
   ... working on proposal of IEEE workshop

   scribenick: kaz

   kaz: question about restructuring

   scribenick: uday

   McCool: open issue about security consideration is deferred
   until first draft is out
   ... focus on current pull request on TD

   kaz: should issue 32 be open? or once close it and create
   another issue for the second version after fpwd?

   scribenick: kaz

   McCool: 2 sections for "Security and Privacy" (3.3 and 4.6)

   McCool: architecture- security and privacy discussion

   kaz: so should we wait for first draft to close issue 32?

   McCool: yes
   ... goes through changes in document
   ... will start to working on PR of architecture document once
   Matthias's PRs are merged (e.g., Thu/Fri)

   scribenick: kaz

   McCool: as Matthias mentioned, we need some more content for
   security consideration

   scribenick: uday

   Elena: to come up with outline of topics needed for security
   considerations in Architecture doc

   scribenick: kaz

   McCool: we can talk about that next week but we can't include
   it into the FPWD

IEEE Workshop Proposal

   McCool: next week, would like to talk about the IEEE workshop
   as well

   <McCool> Sven Schrecker from IIC Security Framework... seems
   willing to help with IEEE S&P "IoT Security" proposal

   McCool: program committee should include people from academia

   <McCool> Topics: Threat, risk models, and use cases (for IoT)
   Lightweight security mechanisms Challenges due to intermittent
   connectivity Enabling secure interoperability across ecosystems
   Privacy, identity, and metadata management Interplay between
   safety and security Integrating systems with different levels
   of security and trust Distributed trust systems (for example,
   blockchain) Security in information-centric networks

   <kaz>
   [15]https://www.ieee-security.org/TC/SP2018/cfworkshops.html

     [15] https://www.ieee-security.org/TC/SP2018/cfworkshops.html

   kaz: you'll bring this proposal to the Chairs call on 30th.
   right?

   McCool: yes
   ... any other topic?

   kaz: a possible IE guy from the DAS group?

   McCool: need more connection between web security and WoT
   security

   kaz: let's have some more chat during the Chairs call

   McCool: to update the PR and update the TD for FPWD
   ... discuss IEEE S&P on Wednesday 30.08
   ... will update the references with corresponding items

   [ adjourned ]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [16]scribe.perl version
    1.152 ([17]CVS log)
    $Date: 2017/08/28 14:30:18 $

     [16] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [17] http://dev.w3.org/cvsweb/2002/scribe/

Received on Monday, 28 August 2017 14:39:56 UTC