W3C home > Mailing lists > Public > public-wot-ig@w3.org > October 2017

[wot-security] minutes - 25 September 2017

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 2 Oct 2017 16:52:26 +0900
Message-ID: <CAJ8iq9Vo48dFYkYzsMFnYsy6H-C_=qPpeo6_srDOzFr186w7pw@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:

also as text below.

Thanks a lot for taking these minutes, Michael Koster!




      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

25 Sep 2017


      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

   See also: [3]IRC log

      [3] http://www.w3.org/2017/09/25-wot-sec-irc


          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Uday_Davuluru, Zoltan_Kis, Michael_Koster,
          Tomoaki_Mizushima, Soumya_Kanti_Datta




     * [4]Topics
         1. [5]WoT Security and Privacy Considerations - document
            status and issue review
         2. [6]workshop proposal for NDSS
     * [7]Summary of Action Items
     * [8]Summary of Resolutions

   <kaz> scribenick: mjkoster

WoT Security and Privacy Considerations - document status and issue

   mccool: document progress update
   ... outstanding PR
   ... created an action for mccool
   ... review the changes in the PR

   <kaz> [9]Issues


   * [10]Issue on "Current practices alignment"


   * [11]Issue on "Table formatting and definition highlighting"


   * [12]Issue on "Abstract"


   * [13]Issue on "Existing best practices"

     [13] https://github.com/w3c/wot-security/issues/18

   <kaz> [14]Pull Requests

     [14] https://github.com/w3c/wot-security/pulls

   mccool: ( elena's branch)

   elena: recommended practices section
   ... example security configuration section

   mccool: need to add content for specific security practices
   e.g. scripting API

   <kaz> [15]Elena's updates

     [15] https://rawgit.com/ereshetova/wot-security/working/index.html

   <kaz> [16]McCool's Working branch

     [16] https://rawgit.com/w3c/wot-security/working/index.html

   <kaz> mccool: would propose we merge Elena's changes to the
   above Working branch

   mccool: merging elena's PR into the working branch now (no

   <kaz> [17]PR 12 has been merged

     [17] https://github.com/w3c/wot-security/pull/12

   [18]https://rawgit.com/w3c/wot-security/working/index.html is
   updated now

     [18] https://rawgit.com/w3c/wot-security/working/index.html

   elena: will work on examples (section 5) next

   mccool: created issue for tracking additions to the examples

   [19]Issue on "Examples of security configurations"

     [19] https://github.com/w3c/wot-security/issues/19

   mccool: need to add vocabulary definitions
   ... created issue to track additions to the scenarios section

   [20]Issue on "Business/corporate scenarios"

     [20] https://github.com/w3c/wot-security/issues/20

   mccool: added issue to track additions to
   "industrial/commercial" scenarios

   [21]Issue on "Industrial/critical scenarios"

     [21] https://github.com/w3c/wot-security/issues/21

   mccool: added issue to track scripting API additions

   [22]Issue on "Scripting API"

     [22] https://github.com/w3c/wot-security/issues/22

   mccool: issue to track "validation "

   [23]Issue on "Security validation"

     [23] https://github.com/w3c/wot-security/issues/23

   mccool: discuss whether security provisioning is in scope

   [24]Issue on "Provisioning"

     [24] https://github.com/w3c/wot-security/issues/15

   elena: we need to make a defined set of assumptions about what
   is done
   ... but can't specify how it's done

   mccool: OK
   ... please add comments to the issue
   ... review the discussion on exposed vs. discoverable things
   ... are they separate ?

   [25]Issue on "Discovery/Expose"

     [25] https://github.com/w3c/wot-security/issues/14

   <kaz> [26]discussion during the Scripting call (Member-only)

     [26] https://www.w3.org/2017/09/25-wot-minutes.html

   elena: what is the specific difference?

   mccool: different kinds of discovery?

   mjkoster: expose means interaction is available, discoverable
   means TD is available

   elena: when would a thing be exposed but not discoverable?

   mccool: enumerantes types of discovery
   ... 4 ways to find a thing
   ... may already have a TD or know how to make a URL to get the
   ... or maybe there is a scan function

   mjkoster: consider the difference in security model between TD
   and the Interactions

   elena: how can we define the exact difference between TD and

   mccool: there are different calls in the scripting API

   elena: how does the system get into a state where the
   interactions are exposed but not discoverable?

   mccool: things can't be discoverable but not exposed

   mjkoster: it's about different layers of security for exposure
   vs. discoverability

   elena: OK, that is allowed for in the model
   ... if the proper access control is provided e.g. on actions,
   then what else do we need to do?

   mccool: OK, please continue the discussion in comments and
   ... we need to align the current practices with security
   mechanisms for the plugfest
   ... suggest we look at protocol binding priorities

   elena: we should build the scenarios and examples based on
   concrete protocols

   mccool: the statement about wot security includes statements
   about target protocols
   ... if we can cover security through a good comprehensive set
   of bindings
   ... created an issue for tracking

workshop proposal for NDSS

   mccool: good response so far
   ... most accepted
   ... update on IEEE S&P progress
   ... AOB?

   elena: on holiday next week
   ... will queue up some material on PR and issues

   mccool: would zkis start discussion on the scripting section?

   zkis: OK

   mccool: adjourn

Summary of Action Items

Summary of Resolutions

   [End of minutes]

    Minutes formatted by David Booth's [27]scribe.perl version
    1.152 ([28]CVS log)
    $Date: 2017/09/26 04:04:07 $

     [27] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [28] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 2 October 2017 07:53:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:19 UTC