- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Wed, 7 Nov 2018 21:49:47 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2018/10/15-wot-sec-minutes.html
also as text below.
Thanks a lot for taking these minutes, Zoltan!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
15 Oct 2018
Attendees
Present
Michael_McCool, Elena_Reshetova, Michael_Lagally,
Ryo_Kajiwara, Tomoaki_Mizushima, Kaz_Ashimura,
Zoltan_Kis
Regrets
Chair
McCool
Scribe
zolkis
Contents
* [2]Topics
1. [3]Review of minutes from last meeting
2. [4]Status of W3C Note publication
3. [5]TPAC and PlugFest planning
4. [6]Best Practices document
* [7]Summary of Action Items
* [8]Summary of Resolutions
__________________________________________________________
<scribe> scribenick: zolkis
Review of minutes from last meeting
<McCool> minutes from Oct 8 have been approved
<McCool> [9]https://www.w3.org/2018/10/08-wot-sec-minutes.html
[9] https://www.w3.org/2018/10/08-wot-sec-minutes.html
Status of W3C Note publication
McCool: any updates on the Notes?
Kaz: not yet
McCool: people see a very old version, so it would be nice to
publish
TPAC and PlugFest planning
McCool: TPAC Monday, DAS meeting the whole day - figuring out
which topics are interesting there
... on Tuesday there are less relevant topics
... anyway Monday morning is the best to have the Security
meeting
... the place needs to be figured out
... by default the lobby of Marriott
... discussing other conflict on Thursday afternoon
... discussing Friday agenda on Security: 45 mins to present
the output of the Monday meeting
... should discuss the TD and Scripting API Security sections
... should get decision about accepting them
Elena: for Scripting it is already merged
McCool: discussing Testing topics
Zoltan: can we make reproduceable examples for correct Security
setups
McCool: yes it is in the works, started with the proxy work -
will be discussed under Testing
Elena: what is the Developer Meetup on Monday evening?
McCool: it is a networking event organized by the Univ. of
Lyon, pretty informal
... discussing Friday agenda for Best Practices
MMC has updated the F2F wiki
Best Practices document
Elena: one week left, for Best Practices and Testing; what are
the priorities
McCool: the former has priority
... security for Thing Directory should be discussed
Elena: how do we want to describe secure transport
McCool: we should only describe how to use the protocols, not
focusing about their vulnerabilities
... (referring to HTTPS, CoAPS, MQTTS)
Elena: so no examples required at the moment, just summaries
McCool: the purpose is to limit testing to certain known
combinations
... we test best practices mainly
... we care not about the authentication servers, but the
bearer tokens
... we test network interfaces, not really scripts
Elena: status of object security for CoAP?
... expired this year?
McCool: need to figure out; end to end security is most
interesting in regards to CoAP/HTTP setups
... we should focus on CoAP
... test plan should focus on known sets
... we should focus on the essentials, perhaps one security
setup for each protocol
Elena: will use the week to figure this out
McCool: use the Test Plan document as well
... meeting adjourned
Summary of Action Items
See [10]the Action wiki.
[10] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [11]scribe.perl version
1.152 ([12]CVS log)
$Date: 2018/10/16 18:08:20 $
[11] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[12] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 7 November 2018 12:50:53 UTC