- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 17 Jun 2019 22:15:53 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at: https://www.w3.org/2019/05/20-wot-sec-minutes.html also as text below. Thanks, Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 20 May 2019 [2]Agenda [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda Attendees Present Kaz_Ashimura, Elena_Reshetova, Tomoaki_Mizushima, Michael_McCool Regrets Chair McCool Scribe kaz Contents * [3]Topics 1. [4]Review of Minutes from earlier meetings 2. [5]Agenda 3. [6]Review of Minutes from earlier meetings 4. [7]Quick update 5. [8]Name change 6. [9]Issues and PRs 7. [10]Next call * [11]Summary of Action Items * [12]Summary of Resolutions __________________________________________________________ <McCool> agenda: [13]https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#May_20.2 C_2019 [13] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#May_20.2C_2019 Review of Minutes from earlier meetings [14]previous minutes [14] https://www.w3.org/2019/05/06-wot-sec-minutes.html <scribe> scribenick: kaz Agenda Kaz: during the Architecture call, Matthias suggested we rename the "Security and Privacy Considerations" WG Note to "Security and Privacy Guideline" McCool: good point, let's talk about that as well Review of Minutes from earlier meetings [15]previous minutes [15] https://www.w3.org/2019/05/06-wot-sec-minutes.html McCool: reviewed the minutes ... didn't see anything problematic ... other than a minor typo "nothig" (should be "nothing") ... propose we accept the minutes (no objections) McCool: let's accept the minutes then Quick update McCool: I'm at IIC now ... making a presentation ... the schedule is pretty tight for the security review ... during the 3 upcoming weeks Elena: will send a reminder to my assigned reviewers ... when is the deadline? <McCool> [16]https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf [16] https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf McCool: we'll have an online plugfest ... so think the last moment for PR transition will be June 19 ... we have to make our resolution for PR transition ... also workshop on June 3-5, and f2f on June 6-7 ... should have some presentation there ... so we should add extra security considerations by June 10 or so ... we can do that as part of this round ... considerations as part of the TD spec as well ... June 12 would be the absolute deadline ... let's copy the timeline from the PlugFest wiki to the Security wiki, and add some edit ... (adds edit on "Key Dates") ... June 6-7 - F2F: initial security review results, proposed update to TD and Arch docs ... June 12 - target for security revidw results ... June 13 - pullrequests to update Arch ... June 14 - pullrequests to update TD ... June 19 - PR transition resolution ... June 20 - PR transition request ... TAG review still outstanding Kaz: we can send a reminder to Daniel McCool: right Name change McCool: "Security and Privacy Considerations" to "Security and Privacy Guidelines" ... personally don't care ... ok with the change Kaz: if we really want, I can talk with the Webmaster about the change ... we should be able to change it McCool: fortunately, we don't need to change the URL ... any objections to change the text title? Elena: should be careful about cross-references McCool: ok ... the conclusion of the security tf itself is OK with changing the title Elena: think "Guideline" implies something more like our best practices document including what to do ... I personally think "Considerations" would fit the current document McCool: I'm OK with "Guidelines" ... we've listed issues already (some more discussion) <McCool> proposal: the security TF will not oppose a name change to "Security and Privacy Guidelines". <McCool> here say "not oppose" rather than "support" <McCool> but I will talk to the chairs at the main call <McCool> we can dicuss then and make the final decision there RESOLUTION: the security TF will not oppose a name change to "Security and Privacy Guidelines". Issues and PRs [17]Issue 34 [17] https://github.com/w3c/wot-security/issues/34 McCool: all about websockets ... deferred [18]Issue 35 [18] https://github.com/w3c/wot-security/issues/35 McCool: align with architecture doc [19]CR version of the WoT Architecture doc [19] https://www.w3.org/TR/2019/CR-wot-architecture-20190516/ [20]Section 10. Security and Privacy Considerations [20] https://www.w3.org/TR/2019/CR-wot-architecture-20190516/#sec-security-considerations McCool: now should be "align with security and privacy considerations section of architecture CR" ... how about putting this as an agenda item for the next week? Elena: next week I won't be able to join ... is the architecture document finalized now? McCool: yes, it's in the Candidate Recommendation stage now ... so we should see if it's aligned with the latest "Security and Privacy Guidelines" document Elena: can take a first pass then McCool: ok, so would assign this issue (35) to you ... (also changes the title to "Align with Architecture CR") ... (also creates another issue 125: Align with Thing Description CR) ... (and assign it as well to Elena) ... we should make sure the documents are consistent ... (adds a note to Issue 125) ... please look for inconsistencies. the Security Privacy Considerations section of the TD spec dowsn not have to list everything in the wot-security doc, just the most important points. ... another point is if the wot-security doc is consistent with the terminology defined by the wot-architecture doc ... related to issue 123 [21]Issue 123 [21] https://github.com/w3c/wot-security/issues/123 Elena: related to the issue 35 which is already assigned to me, isn't it? McCool: a bit different ... (adds clarification to the title of issue 35) ... "Align Security and Privacy Considerations section of Architecture CR with wot-security" [22]Issue 35 [22] https://github.com/w3c/wot-security/issues/35 scribe: (also adds clarification to the issue 125 as well) ... "Align Security and Privacy Considerations section of Architecture CR with wot-security" [23]Issue 125 [23] https://github.com/w3c/wot-security/issues/125 [24]Issue 45 [24] https://github.com/w3c/wot-security/issues/45 McCool: (adds some notes) ... as part of our review of terminology alignment with the architecture CR (issue 126), we should make a list of terms and put them in a terminology section. ... as a separate step we can worry about tracking an external reference (e.g., ITU, NIST). [25]Issue 126 [25] https://github.com/w3c/wot-security/issues/126 Next call Elena: not available next week McCool: we can cancel the call next week ... I'll be also very busy for the demo preparation ... so let's cancel the call next week, May 27 [adjourned] Summary of Action Items Summary of Resolutions 1. [26]the security TF will not oppose a name change to "Security and Privacy Guidelines". [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [27]scribe.perl version 1.154 ([28]CVS log) $Date: 2019/05/21 14:28:31 $ [27] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [28] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 17 June 2019 13:16:57 UTC