[wot-security] minutes - 13 November 2017 from Kazuyuki Ashimura on 2017-11-21 (public-wot-ig@w3.org from November 2017)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 21 Nov 2017 11:58:30 +0900
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
Message-ID: <CAJ8iq9WORjtyHBwoThntu=z7dzTzxD+GcoS3=Ef8bryiw-Mq2Q@mail.gmail.com>
available at:
  https://www.w3.org/2017/11/13-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

13 Nov 2017

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Tomoaki_Mizushima

   Regrets

   Chair
          McCool

   Scribe
          kaz

Contents

     * [2]Topics
         1. [3]TPAC discussion
         2. [4]NDSS paper
         3. [5]previous minutes
         4. [6]paper again
     * [7]Summary of Action Items
     * [8]Summary of Resolutions
     __________________________________________________________

TPAC discussion

   <McCool> TPAC post-mortem - Action Elena to create issue for
   feedback points

NDSS paper

   mccool: during TPAC joined HTTPS local breakout, IoT security
   breakout and joint session with Web payment IG

   <scribe> agenda:
   [9]https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
   agenda

      [9] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

   mccool: generating a paper for NDSS workshop
   ... introduction section doesn't include WoT introduction,
   there is a separate section for that
   ... made up some themes

   -> [10]https://github.com/mmccool/ndss-wot-sec McCool's
   write-up

     [10] https://github.com/mmccool/ndss-wot-sec

   mccool: targetting the "decentralized security" focus



   Vulnerability scanning using metadata: There is both risk and
   opportunity.

   End-to-end secure adaptation: translate payloads in secure
   endpoints, not at bridges.

   Secure semantic searches: How do we ensure only authorized
   Things are searched when using federated semantic searches?

   Metadata for distributed security and payment mechanisms:
   Blockchain, Interledger, etc.

   ]]

   mccool: how to know the rights to access the DB for TD?
   ... we need to have some kind of extension to semantic search
   ... and how exactly to do that?
   ... also interested in distributed security and payments
   ... interledger-based payments
   ... payment for IoT systems
   ... various other mechanism to handle tokens
   ... look into the PDF of the paper

   ->
   [11]https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-wo
   t-sec.pdf PDF of the paper

     [11] https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-wot-sec.pdf

   elena: what specific for WoT?

   mccool: we can look for some authentication mechanism
   ... people may not use HTTPS
   ... e.g., we don't put actual version information for the
   hardware
   ... distributed mechanism

   elena: there are many views for distributed security
   ... potentially different security models

   mccool: goes through the TeX file
   ... metadata for security mechanisms
   ... add subsection structure
   ... what kind of authentication mechanism?
   ... (updates the PDF)

   elena: wondering about the title

   (some discussion)

   mccool: changes the title to "Distributed Security Risks and
   Opportunities in the W3C Web of Things"

   elena: what is the selling point of the paper

   mccool: within a few days, I can fill in the Introduction
   section
   ... add comments to the "Related Work" section
   ... best practices in IoT that are "common" to WOT
   ... and that we will not focus on

   elena: better to have "Related Work" after explaining the
   background of WoT
   ... make sure you include some of the diagrams
   ... note there are some notes on the LaTex template
   ... also please break up the content instead one big file
   ... background section should be helpful for people to
   understand our work
   ... Matthias may have ideas on use case scenarios
   ... will contact him
   ... so far the content is in my repo
   ... have not considered security for scripting because
   scripting is mainly related within the servient
   ... the topics for scripting is common IoT security (so far)

previous minutes

   [12]prev minutes

     [12] https://www.w3.org/2017/10/30-wot-sec-minutes.html

   <McCool> please publish prev minutes

   kaz: btw, the prev minutes ok?

   mccool: yes

paper again

   mccool: mccool for section I. Introduction
   ... elena for section II. Web of Things
   ... maybe we can check the progress on Friday, Nov. 17th?
   ... can provide Intel bridge for that purpose

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [13]scribe.perl version
    1.147 ([14]CVS log)
    $Date: 2017/11/21 02:55:32 $

     [13] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [14] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 21 November 2017 03:00:39 UTC