- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 22 May 2018 08:12:52 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at: https://www.w3.org/2018/05/07-wot-sec-minutes.html also as text below. Thanks a lot for taking these minutes, Elena! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 07 May 2018 Attendees Present Michael_McCool, Michael_Koster, Elena_Reshetova, Soumya_Datta, Nimura_Kazuaki, Barry_Leiba, Tomoaki_Mizushima Regrets Kaz Chair McCool Scribe elena Contents * [2]Topics * [3]Summary of Action Items * [4]Summary of Resolutions __________________________________________________________ <McCool> scribenick: elena Michael: won't review the minutes from last meeting, will do them next time McCool: let's review the issues and open PRs ... we accepted two PRs last week: 90 and 91 [5]https://github.com/w3c/wot-security/pull/90 [5] https://github.com/w3c/wot-security/pull/90 [6]https://github.com/w3c/wot-security/pull/91 [6] https://github.com/w3c/wot-security/pull/91 McCool: let's discuss open issues for PR 90 and decide if they can be closed looking at the changes in PR 90 McCool: changes are ok, but we need to create issues for each new editor note we got added Elena: will do the changes <Mizushima> [7]https://github.com/w3c/wot-security/issues/71 [7] https://github.com/w3c/wot-security/issues/71 Mizushima: issue 71 is not ready to be closed, we need to have security recommendations created first sorry wrong nick poped up McCool: issue 71 is not ready to be closed, we need to have security ... issue 69 can be closed since Network adversary now covers passive network attacker ... issue 68 also can be closed since configuration data is now clarified in the document ... pr 92 wasn't updated yet ... next let's look at the issues ... new issue 114 by Zoltan about the end of life signaling and potential security interactions Elena: denial of service might be the only security implication The actual issue is 93 [8]https://github.com/w3c/wot-security/issues/93 [8] https://github.com/w3c/wot-security/issues/93 zkis: the conclusion from scripting side is to do this via best effort TD change notifications McCool: how do TD changes notifications events protected over network? zkis: any observe messages can be spoofed McCool: the actual security protection depends on actual protocol binding being used ... concrete implementations will have to make sure that such events are always authenticated ... I am still working on issues with regards to metadata ... issue 73 looks more like information giving than an issue we need to cross reference this issue from security metadata PR actually the issue is already mentioned in the examples can leave open for now McCool: issue 72 about identifiers and fingerprinting we need to write a privacy sections McCool: need to create a short privacy section with highlights on privacy threats and security recommendations AR to elena to start on this section McCool: issue 72 is also about privacy risks, should go to the same section on privacy ... same as issue 70 Summary of Action Items [ONGOING] ACTION: elena to work on issue 68 (Thing Provider Data Specification) and issue 69 (Passive Observers Risk) [ONGOING] ACTION: elena/koster to work on terminology [ONGOING] ACTION: mccool to work on issue 70 (Require Not Exposing Immutable Hardware Identifiers?) [ONGOING] ACTION: mccool to talk with security guys about testing/validation timeline [ONGOING] ACTION: mccool to work on tunneling/shadow for the security metadata proposal [ONGOING] ACTION: mccool to work on PR 90 [ONGOING] ACTION: zkis to create scripting issue for TD life cycle in scripting api [ONGOING] ACTION: mjkoster/elena to review examples in the security spec Summary of Resolutions [End of minutes] __________________________________________________________ Minutes formatted by David Booth's [9]scribe.perl version 1.147 ([10]CVS log) $Date: 2018/05/21 23:11:44 $ [9] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [10] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 21 May 2018 23:14:01 UTC