- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 30 Apr 2019 02:34:36 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2019/04/15-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
15 Apr 2019
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#April_15.2C_2019
Attendees
Present
Michael_McCool, Elena_Reshetova, Kaz_Ashimura,
Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
kaz
Contents
* [3]Topics
1. [4]Agenda
2. [5]New Security Quesionnaire
3. [6]Review progress
4. [7]Previous minutes review
5. [8]Penetration test
6. [9]Actions and Schedule
7. [10]Issues and PRs
* [11]Summary of Action Items
* [12]Summary of Resolutions
__________________________________________________________
<scribe> scribenick: kaz
Agenda
McCool: minutes review later
New Security Quesionnaire
[13]Security questionnaire
[13] https://w3ctag.github.io/security-questionnaire/
McCool: the security self-review questionnaire has been updated
... threat model, etc.
... not looked into the details. can discuss it next time
Review progress
McCool: currently aiming the CR transition on Friday this week
... will get back to reviewers inside Intel
... regarding non-normative sections, we have some more time
... would ask IIC for review as well
... more or less the TAG is reviewing security portions
... this updated security questionnaire look more complete than
the old one
Previous minutes review
[14]https://www.w3.org/2019/01/14-wot-sec-minutes.html
[14] https://www.w3.org/2019/01/14-wot-sec-minutes.html
[15]https://www.w3.org/2019/02/11-wot-sec-minutes.html
[15] https://www.w3.org/2019/02/11-wot-sec-minutes.html
[16]https://www.w3.org/2019/02/18-wot-sec-minutes.html
[16] https://www.w3.org/2019/02/18-wot-sec-minutes.html
[17]https://www.w3.org/2019/02/25-wot-sec-minutes.html
[17] https://www.w3.org/2019/02/25-wot-sec-minutes.html
[18]https://www.w3.org/2019/03/04-wot-sec-minutes.html
[18] https://www.w3.org/2019/03/04-wot-sec-minutes.html
[19]https://www.w3.org/2019/03/18-wot-sec-minutes.html
[19] https://www.w3.org/2019/03/18-wot-sec-minutes.html
[20]https://www.w3.org/2019/03/25-wot-sec-minutes.html
[20] https://www.w3.org/2019/03/25-wot-sec-minutes.html
[21]https://www.w3.org/2019/04/01-wot-sec-minutes.html
[21] https://www.w3.org/2019/04/01-wot-sec-minutes.html
McCool: starting with Jan 14
... (going through the minutes)
... penetration security plan, etc.
... a typo there
... ah, privilege preferred but priviledge is ok
Kaz: can fix it
McCool: other than that, we accept the minutes
... next Feb. 11
... (going through the minutes)
... don't see any problems and would accept this
... any objections?
(none)
McCool: accepted
... next Feb. 18
Kaz: chairs name is missing, will add it
<McCool> victoria fenwick
McCool: Victoria's correct name above
Kaz: will fix it
McCool: move to accept it?
(no objections)
McCool: accepted
... next, Feb. 25
... Chair's name?
Kaz: will fix it
<McCool> Ben Schecker should be Sven Schrecker
Kaz: also Victoria's name again
McCool: and Blanca's name?
Elena: should be ok
McCool: and another person
... let me check
<McCool> also Pulido, Rodrigo
McCool: and accepted
... next, Mar. 4
... this is correct
... Blanca and Rodrigo are doing test
... another person working on review?
<McCool> change her contacts, say "Terri Oda"
Kaz: will do
McCool: other than that, we accept the minutes
(no objections)
McCool next, Mar. 18
<McCool> change "BPs" to "Best Practices"
McCool: happy with this other than that
... no objections, so accept this
... next, Mar. 25
... don't see anything to change
... move to accept
... next, Apr. 1
... chair should be myself
Kaz: will fix it
McCool: other than that would move and accept
Penetration test
McCool: need a document
... will run the system again
... the earliest would be next week
... reasonable to do penetration test next month?
Elena: want to ping them
McCool: ok, let me set up the system first
... need to do security description as well
... update various things for TD again
... let me do my part
... and then look it back next Monday
Elena: after that I can talk with my team guys again
... note that I'll be travelling mid May
McCool: we can start to ask people before that and see the
result after you're available?
... let me do my homework first
Actions and Schedule
McCool: checks the actions
... wide review?
Kaz: we're already asking the TAG for review
... will send a concrete review request to a11y and i18n
McCool: what about Web Application Security WG?
... can send a message to the Chairs
Kaz: you can mention that we're already getting the TAG review
Issues and PRs
<McCool> closed [22]https://github.com/w3c/wot-security/pull/37
[22] https://github.com/w3c/wot-security/pull/37
comment added to
[23]https://github.com/w3c/wot-security/issues/123
[23] https://github.com/w3c/wot-security/issues/123
deferred [24]https://github.com/w3c/wot-security/issues/122
[24] https://github.com/w3c/wot-security/issues/122
support for CORS
[25]https://github.com/w3c/wot-security/issues/121
[25] https://github.com/w3c/wot-security/issues/121
McCool: related to one the questions from the security
questionnaire
... in general, IoT devices should be allowed to get connected
with cross-origin services
... let me think about some note
... what i'm wondering about is whether this is something that
should be in the protocol binding for HTTP
... should IoT devices always allow connections to devices from
other origins?
... what are the exact use cases?
... see:
[26]https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
[26] https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
[adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [27]scribe.perl version 1.154 ([28]CVS log)
$Date: 2019/04/16 19:42:20 $
[27] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[28] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 29 April 2019 17:35:38 UTC