[wot-security] 18 December 2017 from Kazuyuki Ashimura on 2018-01-08 (public-wot-ig@w3.org from January 2018)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 9 Jan 2018 00:08:45 +0900
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
Message-ID: <CAJ8iq9V40Ny-MWo82=8wsmLBAeeNQYKVp6PnF00FOU-JgVUtXA@mail.gmail.com>

available at:
  https://www.w3.org/2017/12/18-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

18 Dec 2017

Attendees

   Present
          Michael_McCool, Kaz_Ashimura, Tomoaki_Mizushima

   Regrets
   Chair
          McCool

   Scribe
          kaz

Contents

     * [2]Topics
         1. [3]prev minutes
     * [4]Summary of Action Items
     * [5]Summary of Resolutions
     __________________________________________________________

prev minutes

   [6]prev minutes

      [6] https://www.w3.org/2017/12/11-wot-sec-minutes.html

   kaz: if possible, we should update the URL for the security
   Note in the NDSS paper with:
   [7]https://www.w3.org/TR/2017/NOTE-wot-security-20171214/

      [7] https://www.w3.org/TR/2017/NOTE-wot-security-20171214/

   mccool: looking through the prev minutes
   ... one fix, number 20 should be 12
   ... CoI should be spelled out as "conflict of interest"
   ... minutes look good
   ... we published the Note on Sep. 24
   ... also NDSS paper has been submitted

   <McCool>
   [8]https://github.com/mmccool/ndss-wot-sec/blob/submission-5/nd
   ss-wot-sec.pdf

      [8] https://github.com/mmccool/ndss-wot-sec/blob/submission-5/ndss-wot-sec.pdf

   <McCool> as submitted

   <McCool> [9]https://github.com/w3c/wot-security/issues/59

      [9] https://github.com/w3c/wot-security/issues/59

   mccool: we talked about issue 59 about scripting api

   <McCool>
   [10]https://github.com/w3c/wot-scripting-api/issues/82#issuecom
   ment-350662317

     [10] https://github.com/w3c/wot-scripting-api/issues/82#issuecomment-350662317

   mccool: related to scripting issue 82
   ... resolution from the scripting call


   RESOLUTION: As discussed in the meeting on Dec 18, security
   data, like protocol bindings, need to be provided when the
   Thing is provisioned, eg when the Thing runtime is set up. The
   scripting API only deals with actions taken from "inside" a
   Thing, and so this setup is out of scope. However, for
   practical reasons, we do need to have an implementation that
   allows this information to be specified. Therefore, the
   node-wot API should be extended to support the definition of
   security metadata during setup, and this part of the API should
   be documented, but it should be made clear that this part of
   the node-wot API is non-normative.
   ]]

   <McCool> consider this issue resolved now, but won't close it
   until we meet next time and can review with a larger set of
   people

   <McCool> next meeting: Jan 8

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [11]scribe.perl version
    1.152 ([12]CVS log)
    $Date: 2018/01/08 15:04:04 $

     [11] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [12] http://dev.w3.org/cvsweb/2002/scribe/

Received on Monday, 8 January 2018 15:09:55 UTC