- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Wed, 7 Nov 2018 21:49:47 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at: https://www.w3.org/2018/10/15-wot-sec-minutes.html also as text below. Thanks a lot for taking these minutes, Zoltan! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 15 Oct 2018 Attendees Present Michael_McCool, Elena_Reshetova, Michael_Lagally, Ryo_Kajiwara, Tomoaki_Mizushima, Kaz_Ashimura, Zoltan_Kis Regrets Chair McCool Scribe zolkis Contents * [2]Topics 1. [3]Review of minutes from last meeting 2. [4]Status of W3C Note publication 3. [5]TPAC and PlugFest planning 4. [6]Best Practices document * [7]Summary of Action Items * [8]Summary of Resolutions __________________________________________________________ <scribe> scribenick: zolkis Review of minutes from last meeting <McCool> minutes from Oct 8 have been approved <McCool> [9]https://www.w3.org/2018/10/08-wot-sec-minutes.html [9] https://www.w3.org/2018/10/08-wot-sec-minutes.html Status of W3C Note publication McCool: any updates on the Notes? Kaz: not yet McCool: people see a very old version, so it would be nice to publish TPAC and PlugFest planning McCool: TPAC Monday, DAS meeting the whole day - figuring out which topics are interesting there ... on Tuesday there are less relevant topics ... anyway Monday morning is the best to have the Security meeting ... the place needs to be figured out ... by default the lobby of Marriott ... discussing other conflict on Thursday afternoon ... discussing Friday agenda on Security: 45 mins to present the output of the Monday meeting ... should discuss the TD and Scripting API Security sections ... should get decision about accepting them Elena: for Scripting it is already merged McCool: discussing Testing topics Zoltan: can we make reproduceable examples for correct Security setups McCool: yes it is in the works, started with the proxy work - will be discussed under Testing Elena: what is the Developer Meetup on Monday evening? McCool: it is a networking event organized by the Univ. of Lyon, pretty informal ... discussing Friday agenda for Best Practices MMC has updated the F2F wiki Best Practices document Elena: one week left, for Best Practices and Testing; what are the priorities McCool: the former has priority ... security for Thing Directory should be discussed Elena: how do we want to describe secure transport McCool: we should only describe how to use the protocols, not focusing about their vulnerabilities ... (referring to HTTPS, CoAPS, MQTTS) Elena: so no examples required at the moment, just summaries McCool: the purpose is to limit testing to certain known combinations ... we test best practices mainly ... we care not about the authentication servers, but the bearer tokens ... we test network interfaces, not really scripts Elena: status of object security for CoAP? ... expired this year? McCool: need to figure out; end to end security is most interesting in regards to CoAP/HTTP setups ... we should focus on CoAP ... test plan should focus on known sets ... we should focus on the essentials, perhaps one security setup for each protocol Elena: will use the week to figure this out McCool: use the Test Plan document as well ... meeting adjourned Summary of Action Items See [10]the Action wiki. [10] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions Summary of Resolutions [End of minutes] __________________________________________________________ Minutes formatted by David Booth's [11]scribe.perl version 1.152 ([12]CVS log) $Date: 2018/10/16 18:08:20 $ [11] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [12] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 7 November 2018 12:50:53 UTC