[wot-security] minutes - 7 May 2018

available at:
  https://www.w3.org/2018/05/07-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Elena!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

07 May 2018

Attendees

   Present
          Michael_McCool, Michael_Koster, Elena_Reshetova,
          Soumya_Datta, Nimura_Kazuaki, Barry_Leiba,
          Tomoaki_Mizushima

   Regrets
          Kaz

   Chair
          McCool

   Scribe
          elena

Contents

     * [2]Topics
     * [3]Summary of Action Items
     * [4]Summary of Resolutions
     __________________________________________________________

   <McCool> scribenick: elena

   Michael: won't review the minutes from last meeting, will do
   them next time

   McCool: let's review the issues and open PRs
   ... we accepted two PRs last week: 90 and 91

   [5]https://github.com/w3c/wot-security/pull/90

      [5] https://github.com/w3c/wot-security/pull/90

   [6]https://github.com/w3c/wot-security/pull/91

      [6] https://github.com/w3c/wot-security/pull/91

   McCool: let's discuss open issues for PR 90 and decide if they
   can be closed

   looking at the changes in PR 90

   McCool: changes are ok, but we need to create issues for each
   new editor note we got added

   Elena: will do the changes

   <Mizushima> [7]https://github.com/w3c/wot-security/issues/71

      [7] https://github.com/w3c/wot-security/issues/71

   Mizushima: issue 71 is not ready to be closed, we need to have
   security recommendations created first

   sorry wrong nick poped up

   McCool: issue 71 is not ready to be closed, we need to have
   security
   ... issue 69 can be closed since Network adversary now covers
   passive network attacker
   ... issue 68 also can be closed since configuration data is now
   clarified in the document
   ... pr 92 wasn't updated yet
   ... next let's look at the issues
   ... new issue 114 by Zoltan

   about the end of life signaling and potential security
   interactions

   Elena: denial of service might be the only security implication

   The actual issue is 93

   [8]https://github.com/w3c/wot-security/issues/93

      [8] https://github.com/w3c/wot-security/issues/93

   zkis: the conclusion from scripting side is to do this via best
   effort TD change notifications

   McCool: how do TD changes notifications events protected over
   network?

   zkis: any observe messages can be spoofed

   McCool: the actual security protection depends on actual
   protocol binding being used
   ... concrete implementations will have to make sure that such
   events are always authenticated
   ... I am still working on issues with regards to metadata
   ... issue 73 looks more like information giving than an issue

   we need to cross reference this issue from security metadata PR

   actually the issue is already mentioned in the examples

   can leave open for now

   McCool: issue 72 about identifiers and fingerprinting

   we need to write a privacy sections

   McCool: need to create a short privacy section with highlights
   on privacy threats and security recommendations

   AR to elena to start on this section

   McCool: issue 72 is also about privacy risks, should go to the
   same section on privacy
   ... same as issue 70

Summary of Action Items

   [ONGOING] ACTION: elena to work on issue 68 (Thing Provider
   Data Specification) and issue 69 (Passive Observers Risk)
   [ONGOING] ACTION: elena/koster to work on terminology
   [ONGOING] ACTION: mccool to work on issue 70 (Require Not
   Exposing Immutable Hardware Identifiers?)
   [ONGOING] ACTION: mccool to talk with security guys about
   testing/validation timeline
   [ONGOING] ACTION: mccool to work on tunneling/shadow for the
   security metadata proposal
   [ONGOING] ACTION: mccool to work on PR 90
   [ONGOING] ACTION: zkis to create scripting issue for TD life
   cycle in scripting api
   [ONGOING] ACTION: mjkoster/elena to review examples in the
   security spec

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [9]scribe.perl version
    1.147 ([10]CVS log)
    $Date: 2018/05/21 23:11:44 $

      [9] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [10] http://dev.w3.org/cvsweb/2002/scribe/

Received on Monday, 21 May 2018 23:14:01 UTC