W3C home > Mailing lists > Public > public-wot-ig@w3.org > February 2018

[wot-security] minutes - 5 February 2018

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 12 Feb 2018 23:59:13 +0900
Message-ID: <CAJ8iq9VTdjj6UKJAZRUJzweRJypJLiqr8q94XvBi-LLnTxcvdg@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:

also as text below.

Thanks a lot for taking these minutes, Michael Lagally!




      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

05 Feb 2018


      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda


          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Michael_Lagally, Tomoaki_Mizushima



          mlagally, mlagally__


     * [3]Topics
         1. [4]Agenda
         2. [5]Previous minutes
         3. [6]Security review
         4. [7]Lifecycle
         5. [8]Planning
         6. [9]Review of F2F topics and agenda
         7. [10]GitHub issues
     * [11]Summary of Action Items
     * [12]Summary of Resolutions

   <kaz> scribenick: mlagally__


   mccool: please review agenda and add missing things
   ... we have 2 more calls to prepare for the plugfest

Previous minutes

   <kaz> [13]prev minutes

     [13] https://www.w3.org/2018/01/29-wot-sec-minutes.html

   kaz: we should update "Agenda" to "Plugfest template" in last
   call's minutes

   elena: "security bootstrapping" should be called just

   mccool: IETF draft for draft-garcia-core-security-06 not
   ... alignment of terminology would be desirable
   ... having same state diagram will be better

   minutes are accepted with above change

   mccool: terminology should be clarified further, aligned with
   ietf, if possible

Security review

   mccool: we missed deadline for 2nd draft, should target
   ... security review of other TF documents should be reviewed
   from security POV, presented at plugfest
   ... for next call I will work on template
   ... not too much feedback on template presentation to plugfest
   ... merge of Michael Koster's template and our template should
   happen, Michael Koster has the AI
   ... if you have time to review security template, please work
   on that

   elena: I take an AI to check Michael Kosters template to check
   what we're missing in the current template

   mccool: Security checklist is under "checklists" under plugfest

   <McCool> Need to convert to markdown, merge with Michael
   Koster's template

   <kaz> [14]Koster's slides

     [14] https://github.com/mjkoster/wot-protocol-binding/blob/master/plugfest-prague.pdf


   elena: picture was updated terminology cleaned up
   ... "security bootstrapping" will be renamed after the call

   <kaz> [15]pullrequest 63 - initial text for lifecycle

     [15] https://github.com/w3c/wot-security/pull/63/files

   mccool+elena: discussing details of the diagram
   ... reprovisioning of same device to a different context is
   possible. What happens for decommissioning?

   mccool: we could use labels to show decommissioning

   mccool+elena: discussion on diagram aspects for
   "decommissioning" continues
   ... we could have 2 parallel chains of operation states, I can
   draft a diagram
   ... I'll accept Elena's pr into the working draft, if all are

   accepted with no objections


   mccool: need concrete discussion around OAuth and Tokens, need
   to update thing description
   ... we don't have much time before the plugfest
   ... we could just do a minor document update for the plugfest,
   after that we can do concrete work based on the results of the
   ... around March 10th target a document update
   ... target content: finalize editorial comments, validation

   elena: I should do part of section 4, forward proxy scenario in
   section 5

   mccool: industrial use cases are missing, we're weak on that
   ... need to work on those too in the next month
   ... 1 month after plugfest we'll have another update including
   the practical results of the plugfest
   ... discussion planning details for Feb 12th call
   ... we should review doc from the other TF groups
   ... they are not final yet
   ... let's assume documents are final by this Friday (Feb 9th)

   elena: I volunteer for scripting API

   mccool: I'll look at TD
   ... just high level review of the doc - we only have 5 mins to
   discuss - what needs to be done has to be documented
   ... I'm unavailable for Feb 19th - reschedule or cancel ? -
   will do doodle poll

Review of F2F topics and agenda

   mccool: need to flesh out use case section, I'm working on
   payment, validation needs to be added too to the document

   <updating Prague F2F Wiki page>

   mccool: will review F2F topics again next week

GitHub issues

   elena: we should review github issues that we need to bring
   into the F2F discussion

   <kaz> [16]issue 61

     [16] https://github.com/w3c/wot-security/issues/61

   elena: we can put labels on issues
   ... to mark affected group/document

   <kaz> (McCool adds labels to some of the issues)

   elena: I'll do that offline

   meeting adjourned

Summary of Action Items

Summary of Resolutions

   [End of minutes]

    Minutes formatted by David Booth's [17]scribe.perl version
    1.152 ([18]CVS log)
    $Date: 2018/02/06 05:26:58 $

     [17] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [18] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 12 February 2018 15:00:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:22 UTC