- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Wed, 1 Nov 2017 09:14:19 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2017/10/23-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT IG - Security
23 Oct 2017
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
See also: [3]IRC log
[3] http://www.w3.org/2017/10/23-wot-sec-irc
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Zoltan_Kis, Uday_Davuluru, Barry_Leiba,
Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
kaz
Contents
* [4]Topics
1. [5]Previous mintues
2. [6]Review schedule
3. [7]PRs
4. [8]ISSUE 46
5. [9]ISSUE 44
6. [10]ISSUE 41
7. [11]ISSUE 40
8. [12]ISSUE 32
9. [13]NDSS DISS workshop
10. [14]AOB
* [15]Summary of Action Items
* [16]Summary of Resolutions
__________________________________________________________
<scribe> scribenick: kaz
[17]prev minutes
[17] https://www.w3.org/2017/10/16-wot-sec-minutes.html
Previous mintues
mccool: goes through the prev minutes
kaz: Soumya is already included in the wot-security-tf team
mccool: the minutes are fine by me
... any objections?
(none)
minutes approved
Review schedule
[18]proposed schedule
[18] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Schedule
kaz: can send a publication request on 27th
mccool: ok
... schedule looks good
PRs
[19]PRs
[19] https://github.com/w3c/wot-security/pulls
[20]pr 47 - remove redundant security objectives content
[20] https://github.com/w3c/wot-security/pull/47
mccool: will clean this up
... objections to merge this?
... straight forward
(no objections)
mccool: merges pr 47
... working branch is merged now
[21]https://services.w3.org/htmldiff
[21] https://services.w3.org/htmldiff
<McCool>
[22]https://services.w3.org/htmldiff?doc1=https%3A%2F%2Frawgit.
com%2Fw3c%2Fwot-security%2Fmaster%2Findex.html&doc2=https%3A%2F
%2Frawgit.com%2Fw3c%2Fwot-security%2Fworking%2Findex.html
[22] https://services.w3.org/htmldiff?doc1=https://rawgit.com/w3c/wot-security/master/index.html&doc2=https://rawgit.com/w3c/wot-security/working/index.html
mccool: terminology changes
... solution including the entire hardware as well?
... (goes through the changes)
... acronym "Mgm" means "Management"
... Management API or management interface?
zoltan: not API
mccool: "interface" for network API
zoltan: no management API for Scripting API (so far)
mccool: scripting api will talk with network interface. right?
zoltan: API has a bit easier connotation
... service carried out by network interface would require
security
mccool: any other interesting points?
... (security objectives)
... TBD here and there (right above "2.3.2 Scenario 2 -
Business/Corporate environment")
... added section "3. Existing Security Best Practices in
related fields"
... here most about TD
... "4.1 Secure Practices for designing a Thing Description"
... section 8
... no summary yet
... lot of work to do
... fine with going with this as a FP Note?
... Elena, could you create a PR on management?
... let's ask the group for review on Wednesday, Oct. 25
... please state issues by Wednesday
... I'm OK with this published as a first Note
... ready or not?
barry: let's start the review
uday: would leave the majority
... fine as the first draft
mccool: Zoltan?
zoltan: think mature as a first draft
mccool: ok
... let's move forward
... if there are too many issues on Wednesday, let's have
discussion at TPAC
elena: Matthias's comment?
mccool: you can ask him to review the latest draft
<McCool>
[23]https://rawgit.com/w3c/wot-security/working/index.html#exam
ples-of-wot-security-configurations
[23] https://rawgit.com/w3c/wot-security/working/index.html#examples-of-wot-security-configurations
mccool: let's see if there is anything to be merged before the
publication
<inserted> kaz: we should merge all the changes to the master
branch before asking the whole group for publication approval
<McCool> McCool: I will merge changes to master branch, then
send email to group pointing at result as RC
<McCool> ... after Elena changes Mgm API -> Management
Interface
ISSUE 46
[24]issue 46 on "Reference Fetch standard in addition to CORS"
[24] https://github.com/w3c/wot-security/issues/46
mccool: stay open
ISSUE 44
[25]issue 44 on "Make links to the WoT Terminology from the WoT
Architecture document"
[25] https://github.com/w3c/wot-security/issues/44
mccool: how to refer definitions from external files?
... using ReSpec
zoltan: you can do that in ReSpec
... attach tags
... link to external documents
... you can remove definitions inside the draft later
ISSUE 41
[26]issue 41 on "Clean up Security Objectives section"
[26] https://github.com/w3c/wot-security/issues/41
mccool: can close it?
elena: ok
mccool: closed issue 41
ISSUE 40
[27]issue 40 on "Align Threat model with IETF IoT RFC"
[27] https://github.com/w3c/wot-security/issues/40
mccool: assign to Elena
ISSUE 32
[28]issue 32 on " Cite WoT Architecture Doc in Intro"
[28] https://github.com/w3c/wot-security/issues/32
mccool: done
... closes the issue 32
NDSS DISS workshop
mccool: CFP done
... working on logistics for white paper
AOB
mccool: working on POC
... a few things to discuss on security
... after TPAC, concrete discussion on security
... the goal is using TLS, etc., for the interface
... CoAPS, HTTPS, etc.
... anything else?
elena: nothing from me
mccool: ok
... the next meeting should be the last one before TPAC
... (creating a new issue)
[29]issue 48 on "Review Security Learnings from TPAC2017"
[29] https://github.com/w3c/wot-security/issues/48
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [30]scribe.perl version
1.152 ([31]CVS log)
$Date: 2017/11/01 00:12:59 $
[30] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[31] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 1 November 2017 00:15:27 UTC