- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 22 May 2018 08:12:52 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2018/05/07-wot-sec-minutes.html
also as text below.
Thanks a lot for taking these minutes, Elena!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
07 May 2018
Attendees
Present
Michael_McCool, Michael_Koster, Elena_Reshetova,
Soumya_Datta, Nimura_Kazuaki, Barry_Leiba,
Tomoaki_Mizushima
Regrets
Kaz
Chair
McCool
Scribe
elena
Contents
* [2]Topics
* [3]Summary of Action Items
* [4]Summary of Resolutions
__________________________________________________________
<McCool> scribenick: elena
Michael: won't review the minutes from last meeting, will do
them next time
McCool: let's review the issues and open PRs
... we accepted two PRs last week: 90 and 91
[5]https://github.com/w3c/wot-security/pull/90
[5] https://github.com/w3c/wot-security/pull/90
[6]https://github.com/w3c/wot-security/pull/91
[6] https://github.com/w3c/wot-security/pull/91
McCool: let's discuss open issues for PR 90 and decide if they
can be closed
looking at the changes in PR 90
McCool: changes are ok, but we need to create issues for each
new editor note we got added
Elena: will do the changes
<Mizushima> [7]https://github.com/w3c/wot-security/issues/71
[7] https://github.com/w3c/wot-security/issues/71
Mizushima: issue 71 is not ready to be closed, we need to have
security recommendations created first
sorry wrong nick poped up
McCool: issue 71 is not ready to be closed, we need to have
security
... issue 69 can be closed since Network adversary now covers
passive network attacker
... issue 68 also can be closed since configuration data is now
clarified in the document
... pr 92 wasn't updated yet
... next let's look at the issues
... new issue 114 by Zoltan
about the end of life signaling and potential security
interactions
Elena: denial of service might be the only security implication
The actual issue is 93
[8]https://github.com/w3c/wot-security/issues/93
[8] https://github.com/w3c/wot-security/issues/93
zkis: the conclusion from scripting side is to do this via best
effort TD change notifications
McCool: how do TD changes notifications events protected over
network?
zkis: any observe messages can be spoofed
McCool: the actual security protection depends on actual
protocol binding being used
... concrete implementations will have to make sure that such
events are always authenticated
... I am still working on issues with regards to metadata
... issue 73 looks more like information giving than an issue
we need to cross reference this issue from security metadata PR
actually the issue is already mentioned in the examples
can leave open for now
McCool: issue 72 about identifiers and fingerprinting
we need to write a privacy sections
McCool: need to create a short privacy section with highlights
on privacy threats and security recommendations
AR to elena to start on this section
McCool: issue 72 is also about privacy risks, should go to the
same section on privacy
... same as issue 70
Summary of Action Items
[ONGOING] ACTION: elena to work on issue 68 (Thing Provider
Data Specification) and issue 69 (Passive Observers Risk)
[ONGOING] ACTION: elena/koster to work on terminology
[ONGOING] ACTION: mccool to work on issue 70 (Require Not
Exposing Immutable Hardware Identifiers?)
[ONGOING] ACTION: mccool to talk with security guys about
testing/validation timeline
[ONGOING] ACTION: mccool to work on tunneling/shadow for the
security metadata proposal
[ONGOING] ACTION: mccool to work on PR 90
[ONGOING] ACTION: zkis to create scripting issue for TD life
cycle in scripting api
[ONGOING] ACTION: mjkoster/elena to review examples in the
security spec
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [9]scribe.perl version
1.147 ([10]CVS log)
$Date: 2018/05/21 23:11:44 $
[9] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[10] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 21 May 2018 23:14:01 UTC