[wot-security] minutes - 15 January 2018

• From: Kazuyuki Ashimura <ashimura@w3.org>
• Date: Tue, 30 Jan 2018 15:22:22 +0900
• To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
• Message-ID: <CAJ8iq9VdbNCmiGnxTSuZ0C9w=hfooaS+sA+3bLx+37zpHasgOQ@mail.gmail.com>

available at:
  https://www.w3.org/2018/01/15-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

15 Jan 2018

Attendees

   Present
          Kaz_Ashimura, Elena_Reshetova, Michael_McCool,
          Tomoaki_Mizushima, Michael_Koster

   Regrets

   Chair
          McCool

   Scribe
          kaz

Contents

     * [2]Topics
         1. [3]Pull request 63 on lifecycle
         2. [4]PlugFest
         3. [5]previous minutes
     * [6]Summary of Action Items
     * [7]Summary of Resolutions
     __________________________________________________________

Pull request 63 on lifecycle

   elena: wondering about the possible changes for the
   Architecture

   mccool: there is a repo for wot-architecture
   ... we can create an issue about this pull request

   elena: lifecycle should be described in the Architecture

   <McCool> [8]https://github.com/w3c/wot-security/issues/65

      [8] https://github.com/w3c/wot-security/issues/65

   mccool: have just created the above issue
   ... pictures would be helpful
   ... issue 65 on "Consider moving Thing lifecycle discussion to
   Architecture"

   [9]Pull Request 63 initial text for lifecycle

      [9] https://github.com/w3c/wot-security/pull/63

   mccool: having a picture would be good

   [10]Elena's proposed initial text

     [10] https://github.com/w3c/wot-security/pull/63/commits/053303a13ab35592042e7e3d5602f2ff71132b35

   mccool: IIC document has lifecycle definition
   ... normally you need provisioning

   elena: depends on what your security provisioning model is like
   ... might be going back from re-provisioning to operational
   state
   ... not sure we need to re-invent lifecycle definition, though
   ... we should add some stronger statement for the Editor's note
   here
   ... we have to make some assumption

   mccool: let's state our assumption
   ... devices in secure/compromise state
   ... just keep it under control
   ... we don't really worry about updates
   ... devices may go down and come back
   ... or new devices come back

   elena: what is available on WoT layer?
   ... and what is out of scope?

   mccool: let's update the Editor's note

   elena: will update it

   mccool: ok
   ... btw, can you make the next call?

   elena: planning to join it

   mccool: will accept it once you're ok

   <Zakim> kaz, you wanted to ask if we need some mechanism to
   identify some specific device from the others

   kaz: what kind of picture for this?

   mccool: SVG-based one?

   kaz: the content is some kind of state transition. right?

   mccool: yes

   elena: can draw a state transition diagram

PlugFest

   mccool: we'll have a PlugFest during the Prague f2f

   [11]f2f wiki

     [11] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_24-29_March_2018,_Prague,_Czech_Republic#Input

   mccool: (shows the above f2f wiki)
   ... adds topics to the agenda input section
   ... payments moderated by McCool
   ... and more general discussion
   ... Elena for PlugFest security postmortem
   ... McCool for Validation

   elena: how is the functional testing?
   ... issue on compatibility?
   ... which way to go, validation and/or testing

   mccool: (adds comments to "Validation")
   ... what do we mean by "Validation"
   ... and how to do it?

   elena: useful to try hackathon

   mccool: (adds comments to "Validation" again)
   ... "white-hat hackathon" and penetration testing
   ... how long do we need for each topic?
   ... (adds proposed time to each topic)
   ... PlugFest Security Postmortem - 30m
   ... Use Cases - 40m
   ... Payments - 20m
   ... Validation - 40m

   elena: who is most connected with the industrial scenario?

   mccool: maybe Siemens and Lemonbeat?

   elena: I'll do lifecycle update first

   mccool: McCool for lifecycle under Architecture

   elena: will try to join the meeting (remotely) but maybe will
   have difficulty

   mccool: ok
   ... (putting some more topic)
   ... "Liaisons and other connections" as a new topic
   ... McCool for OpenFog and OCF

   [12]updated agenda proposal

     [12] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_24-29_March_2018,_Prague,_Czech_Republic#Input

   mccool: (mentions his status about travel planning)
   ... maybe will miss the IETF hackathon
   ... probably will attend the data modeling part and the
   security part of the OCF meeting
   ... can we invite somebody from OCF?

   koster: good idea

   mccool: we have the PlugFest calls once a week on Wednesday
   ... will generate some slides and ping you (Elena)

   koster: let's discuss that on Wednesday

   mccool: reasonable security use case
   ... could go back to the previous PlugFest and see which part
   could be modified
   ... making the old stuff secure would be a good starting point

   elena: is our security goal same as the main goal of the
   PlugFest?
   ... can we add security portion to the main goal?

   mccool: how to secure semantic discovery, etc.

previous minutes

   [13]prev minutes

     [13] https://www.w3.org/2018/01/08-wot-sec-minutes.html

   mccool: (goes through the prev minutes)
   ... accept the minutes?

   (ok)

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [14]scribe.perl version
    1.152 ([15]CVS log)
    $Date: 2018/01/15 14:37:57 $

     [14] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [15] http://dev.w3.org/cvsweb/2002/scribe/

Received on Tuesday, 30 January 2018 06:23:35 UTC