- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 28 Aug 2018 12:03:16 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2018/08/20-wot-sec-minutes.html
Thanks a lot for taking these minutes, Nimura-san!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
20 Aug 2018
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Xiaoru_Li, Kazuaki_Nimura, Tomoaki_Mizushima,
Ryo_Kajiwara
Regrets
Chair
McCool
Scribe
nimura
Contents
* [2]Topics
1. [3]Invited guest from Baidu
2. [4]Review previous minutes
3. [5]New DTLS schemes: cert, public
4. [6]MQTT Security (wrt DTLS security schemes)
5. [7]Permissions workshop
6. [8]Remaining issues
7. [9]AOB
* [10]Summary of Action Items
* [11]Summary of Resolutions
__________________________________________________________
Invited guest from Baidu
scribenick: kaz
Kaz: is it OK by you to invite Xiaoru to the meeting today?
... note the invited guest also should be aware of the W3C
Patent Policy below
... but this is an IG call, so we have less problem
<kaz> [12]https://www.w3.org/Consortium/Patent-Policy-20170801/
[12] https://www.w3.org/Consortium/Patent-Policy-20170801/
<kaz> [13]https://www.w3.org/2003/12/22-pp-faq.html
[13] https://www.w3.org/2003/12/22-pp-faq.html
McCool: OK to invite her
Review previous minutes
scribenick: nimura
<McCool> [14]https://www.w3.org/2018/08/13-wot-sec-minutes.html
[14] https://www.w3.org/2018/08/13-wot-sec-minutes.html
reviewing last minutes.
<kaz> mm: regarding the actions, the second last one on CoAP
DTLS is retired. other actions to be carried over for today
<kaz> (minutes accepted)
guest from Baidu, Xiaoru Li
McCool: during TPAC, would have extra meeting in early week,
say Monday
New DTLS schemes: cert, public
<kaz> [15]TD pullrequest 198 - Add CoAP/DTLS "cert" and
"public" security schemes
[15] https://github.com/w3c/wot-thing-description/pull/198
created PR that current TD is checked
<kaz> [16]TD draft - 5.4.1 SecurityScheme
[16] https://w3c.github.io/wot-thing-description/#securityscheme
added two new scheme and merged.
CoAP: private, shared, : pre destributed keys
<kaz> [17]TD draft - 5.4.6 PSKSecurityScheme
[17] https://w3c.github.io/wot-thing-description/#psksecurityscheme
cert and public key: give identity of system
TD spec does not updated properly yet.
no section for those for public and cert somehow
<kaz> McCool: will check why
MQTT Security (wrt DTLS security schemes)
<kaz> McCool: need Koster's input
Permissions workshop
kajiwara san submitted W3C permission for the application
Remaining issues
Issue #109
<inserted> [18]issue 109
[18] https://github.com/w3c/wot-security/issues/109
mostly done, but rendering issue.
<McCool> [19]https://tools.ietf.org/html/rfc7252#section-9.1
[19] https://tools.ietf.org/html/rfc7252#section-9.1
<inserted> The Constrained Application Protocol (CoAP)
Section 9.1: defines three schemes
there are some algorithm choices.
this PR is not clitical for current TD
Issue #105
<inserted> [20]issue 105
[20] https://github.com/w3c/wot-security/issues/105
difficult to prioritize security scheme.
assume implementers work one by one.
security TF does not feel additional feature for prioritize
security is necessary.
Issue #102
<kaz> [21]issue 102
[21] https://github.com/w3c/wot-security/issues/102
Testing TF need to have sets of security recommendation
prioritize CoAP over UDP, but not prioritize others
we will focus on HTTPS-TLS CoAPS-DTLS and MQTT-TLS
but leave out others.
In terms of the recommendation, is there any particular reason
to recommend CoAPS-TLS over CoAPS-DTLS?
from the security point of view.
create another md document for collecting those recommendation.
describing wot security best practice.
recommendation for pretty good security and easy to implement
In the current main document, recommendation is high level and
good structure.
<McCool>
[22]https://github.com/w3c/wot-security/blob/master/wot-securit
y-best-practices.md
[22] https://github.com/w3c/wot-security/blob/master/wot-security-best-practices.md
will include recommended best practice.
Issue #100
<inserted> [23]issue 100
[23] https://github.com/w3c/wot-security/issues/100
TD Change and Deletion notification
this relates to immutable identifiers.
Issue #98
<kaz> [24]issue 98
[24] https://github.com/w3c/wot-security/issues/98
URI template are coming.
Issue #77
<kaz> [25]issue 77
[25] https://github.com/w3c/wot-security/issues/77
can close this.
AOB
kajiwara-san: notification of workshop will be received by this
Friday or so.
<kaz> [adjourned]
Summary of Action Items
[ONGOING] ACTION: mccool to talk with IIC Security TF and W3C
Web Security IG about testing/validation timeline (first item
tbd; second item done)
[ONGOING] ACTION: mccool to work on issue 70 (Require Not
Exposing Immutable Hardware Identifiers?)
[ONGOING] ACTION: mjkoster/elena to review examples in the
security spec
[ONGOING] ACTION: mccool to look into URI templates (RFC6570)
for issue 98
[ONGOING] ACTION: mcCool to write PR on TD spec for security
definition
[ONGOING] ACTION: Barry to suggest DTLS testing plan applicable
for CoAP/MQTT
[ONGOING] ACTION: everyone to generate set of best practices
for draft by next week
[ONGOING] ACTION: McCool to clean up Security and Privacy
Considerations documents for final update to master by next
week
[ONGOING] ACTION: create a PR to clarify the immutability of
the "id" property in Thing Description
[ONGOING] ACTION: mccool to edit the W3C permissions document
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [26]scribe.perl version
1.152 ([27]CVS log)
$Date: 2018/08/28 02:56:08 $
[26] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[27] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 28 August 2018 03:04:28 UTC