- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 17 Oct 2017 01:18:16 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2017/10/09-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT IG - Security
09 Oct 2017
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
See also: [3]IRC log
[3] http://www.w3.org/2017/10/09-wot-sec-irc
Attendees
Present
Kaz_Ashimura, Michael_McCool, Dave_Raggett,
Elena_Reshetova, Zoltan_Kis, Soumya_Kanti_Datta,
Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
kaz
Contents
* [4]Topics
1. [5]Release Timeline (as a W3C Note)
2. [6]Pull request
3. [7]Issues
4. [8]issue 34
5. [9]Issue on privacy
* [10]Summary of Action Items
* [11]Summary of Resolutions
__________________________________________________________
Release Timeline (as a W3C Note)
mccool: publication schedule
... this is a Note
... distinction on the state of the doc
... working version and release version
kaz: add some clarification
... Sebastian clarified TD schedule at:
[12]https://www.w3.org/WoT/IG/wiki/WG_WoT_Thing_Description_Web
Conf#Agenda
... but "Security&Privacy Considerations" is expected as a
group Note
... so we should think about "1. First Public Note" and "2.
updatd Note(s)"
[12] https://www.w3.org/WoT/IG/wiki/WG_WoT_Thing_Description_WebConf#Agenda
mccool: would like to publish a first one before TPAC
elena: when is TPAC?
kaz: the week of Nov. 6
mccool: would like to prepare the release candidate within 2
weeks
... first draft for the FP Note in 2 weeks from now
... Oct. 24
... working -> master
... and W3C Note: Oct 31 roughly - ready for TPAC Nov 6
... (mm checks Elena's availability)
... 2nd draft: end of Dec
... Dec 19 (Tue)
... tentatively
<inserted> kaz: note on the automatic publication system
mccool: after that: roughly every 2 months
... FYI, NDSS deadline Nov 14
... and the NDSS workshop Feb 18
... IEEE proposal was rejected
... I'll be making presentation and need your input for NDSS
workshop
... (going back to the publication schedule)
... 3rd draft: early Feb
elena: might be problematic to me
mccool: 3rd draft: early Feb (e.g., Feb 15 for NDSS; Elena may
not be available)
... (records the above in the wiki)
<McCool> Release Timeline (W3C Note) First Draft - 2wks from
now, Oct 24 (working -> master) W3C Note: FP Note (Oct 31
roughly) - ready for TPAC Nov 6 Second draft: Dec 19 (Tues)
Third draft: early Feb (eg Feb 15 for NDSS; Elena may not be
available) After that: roughly every two months update
Pull request
[13]https://github.com/w3c/wot-security/pull/30
[13] https://github.com/w3c/wot-security/pull/30
Issues
[14]https://github.com/w3c/wot-security/issues
[14] https://github.com/w3c/wot-security/issues
elena: submitted proposal for section 5
... agreement?
... seems there is some difference
... need to change the basic assumption?
[15]Section 5
[15] https://rawgit.com/w3c/wot-security/working/index.html#examples-of-wot-security-configurations
elena: ok with this approach?
mccool: as long as you're clear with the example, should be ok
elena: referring to a couple of RFCs
... don't want to repeat the descriptions already done by
others
... e.g., OCF
mccool: architecture documents include similar things
... bunch of use cases
... maybe you could add links referring to the architecture
document
elena: might be a bit different set
mccool: another point you mentioned is OCF
... WoT client can talk with an OCF device
... is there a case in which the device doesn't handle WoT TD?
... one possibility is a Thing itself provides TD
... or another Thing could provide the TD for the Thing
elena: can add some description
mccool: OK with this Editor's Note (Fill in the protocols)
elena: any configuration different is important and to be
described from security viewpoint
... would people to submit ideas
mccool: we should proceed with some obvious scenarios
... not too much stuff
... in this scenario (Fig 3)
... what if we have a gateway
... there might be some additional security issue with, e.g.,
caching
... need to expand the example to include other possible
scenarios
elena: btw, the cloud is cut off in Fig 5
... will work with section 5 tomorrow
mccool: we should fix the figure references
... once you add links to the threats, take a look at the
definition
kaz: will we add links to the architecture doc from section 5?
mccool: we should do so
... 1-to-1 link
kaz: do you want to add an Editor's note on that?
mccool: as appropriate
... (looks at the draft)
... starting with the section "1. Introduction"
... will add a link to the WoT Architecture document
... terminology section also should refer to the Architecture
document
... still missing content for several sections
elena: e.g., 4.2
mccool: ok with those sections at the moment
... should add several abstract sentences, though
... OK for the first public Note
... might be going to fix up the formatting for the table
... to make it consistent
... let's go back to the issues
[16]Issues
[16] https://github.com/w3c/wot-security/issues
mccool: Elena has done some edits
[17]https://github.com/w3c/wot-security/issues/29
[17] https://github.com/w3c/wot-security/issues/29
mccool: we have bunch of things with the scenarios
... we've done the abstract
[18]https://github.com/w3c/wot-security/issues/17
[18] https://github.com/w3c/wot-security/issues/17
[19]abstract
[19] https://rawgit.com/w3c/wot-security/working/index.html#abstract
mccool: the abstract is clean enough
kaz: you'll add a link to the Architecture document. right?
mccool: yes
... closes issue 17
... and create another issue "Align with Architecture document"
[20]https://github.com/w3c/wot-security/issues/35
[20] https://github.com/w3c/wot-security/issues/35
mccool: would like to clean up the document for the first
publication within 2 weeks
issue 34
[21]issue 34
[21] https://github.com/w3c/wot-security/issues/34
dsr: using WebSocket for Eventing
mccool: do you agree with Elena?
Elena's question: Should we have a case for this explained in
the "Examples of WoT security configurations" section of the
security doc? Seems like a good logical place to describe this
case and also talk about the measures
dsr: yes
elena: need to clarify concrete mechanism
... please add description and pictures if possible
... actual security mitigation, etc.
dsr: wanted to stimulate the discussion
mccool: willing to provide concrete Pullrequest?
dsr: yes
elena: possible new section 5.5
mccool: what kind of figure? SVG?
elena: please follow the examples from Matthias
(wot-security/images)
mccool: good to follow align with existing practices in this
space
Issue on privacy
mccool: would like to add another issue on privacy
elena: we can add a separate section
... but still need to update the threat model section
... should add links to the points we need to consider
kaz: possibly a guy from DAS WG who attended TPAC in Lisbon?
soumya: can hep as well
mccool: (can't find Soumya on the list)
... who is the guy from DAS?
kaz: will check and get back to you later
mccool: updates the issue
[22]Issue 36
[22] https://github.com/w3c/wot-security/issues/36
soumya: question on NDSS paper
... can join the effort as well
mccool: tx
soumya: we should have some template
mccool: let's have discussion next week
... (adds a topic on that for the next meeting)
[adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [23]scribe.perl version
1.152 ([24]CVS log)
$Date: 2017/10/12 18:23:51 $
[23] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[24] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 16 October 2017 16:19:26 UTC