[wot-security] minutes - 6 May 2019 from Kazuyuki Ashimura on 2019-05-21 (public-wot-ig@w3.org from May 2019)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 21 May 2019 23:31:00 +0900
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
Message-ID: <CAJ8iq9UVvpSqoBs+QCEymBRi+heTnvsX3b4qsyw-rnonpSk-XA@mail.gmail.com>
available at:
  https://www.w3.org/2019/05/06-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

06 May 2019

Attendees

   Present
          Kaz_Ashimura, Elena_Reshetova, Michael_McCool,
          Tomoaki_Mizushima

   Regrets

   Chair
          McCool

   Scribe
          kaz

Contents

     * [2]Topics
         1. [3]Agenda
         2. [4]Review of minutes
         3. [5]Quick updates
         4. [6]Review progress
         5. [7]Updates to TD/Arch
         6. [8]Issues/PRs
         7. [9]Next call
     * [10]Summary of Action Items
     * [11]Summary of Resolutions
     __________________________________________________________

Agenda

   McCool: short agenda: prev minutes, updates to TD/Arch,
   Issues/PRs

   <inserted> mm: adds CTA/NIST for workshop to quick updates

Review of minutes

   [12]https://www.w3.org/2019/04/29-wot-sec-minutes.html

     [12] https://www.w3.org/2019/04/29-wot-sec-minutes.html

   McCool: (goes through the minutes)
   ... publication schedule change, still ongoing
   ... also need to work on demos
   ... any issues?

   (no objections)

   McCool: accepting the minutes

Quick updates

   McCool: talked with Mike Bergman from CTA to invite them to the
   WoT workshop
   ... but unfortunately he can't come

Review progress

   McCool: joined the IIC security call
   ... but just myself and the Chair there
   ... have not heard back from the others either
   ... so far we have got no feedback from TAG either

Updates to TD/Arch

   McCool: one of the issues
   ... best practices document and testing document don't have
   proper style yet
   ... so for the moment, we should remove the refs to them from
   the spec docs
   ... when we get to PR, we can add links back again

   Kaz: those references are non-normative. right?

   McCool: right

Issues/PRs

   [13]Issues

     [13] https://github.com/w3c/wot-security/issues

   Elena: maybe better to start with the oldest one?

   McCool: yeah, but maybe we can look at issue 122 first

   [14]Issue 122

     [14] https://github.com/w3c/wot-security/issues/122

   McCool: (reopens the related TD issue 300)

   [15]TD issue 300

     [15] https://github.com/w3c/wot-thing-description/issues/300

   McCool: now we can refer to the above TD issue 300
   ... and security issue 122 itself can be closed
   ... (closes issue 122)

   [16]Issue 84

     [16] https://github.com/w3c/wot-security/issues/84

   McCool: add a comment
   ... need to review before the Cork IIC meeting in May 2019.

   Elena: after that, we should check the old issues

   McCool: ok

   [17]Issue 13

     [17] https://github.com/w3c/wot-security/issues/13

   McCool: current practices document has gone away and turned
   into the Architecture document
   ... so would propose we close this issue itself (13) and create
   a smaller issues related to particular things in the
   Architecture document.
   ... (also adds some more comment to the TD issue 300)

   [18]McCool's updated comment on TD issue 300

     [18] https://github.com/w3c/wot-thing-description/issues/300#issuecomment-489601427

   McCool: (goes back to the security issue 13)
   ... change the title to "Align with Architecture document"
   ... and keep it

   [19]Issue 14

     [19] https://github.com/w3c/wot-security/issues/14

   McCool: discovery and expose
   ... since we don't consider discovery any more
   ... also discovery is out of scope from our current Charter
   ... if there was a service supporting discovery, and that
   service was described with a TD, that TD could specify the
   access rights and requirements for discovery
   ... TDs alone specify the interaction rights but say nothing
   about discovery, and this is fine, since that is the scope of
   the TD
   ... we already state the security properties that any TD
   discovery mechanism should have, e.g., provide TDs only to
   "authorized users". However, we are vague as to how that is
   accomplished we state the goal, not the mechanism, which is
   intentionally undefined
   ... my reading of what Zoltan was saying above is that is not
   really an issue for the Scripting API. Or rather, access rights
   are handled outside of the Scripting API.
   ... (and close it; issue 14)

   [20]Issue 21

     [20] https://github.com/w3c/wot-security/issues/21

   McCool: done
   ... and closed

   [21]Issue 13

     [21] https://github.com/w3c/wot-security/issues/13

   McCool: (goes back to issue 13, and close it as well)
   ... because we already have an issue with the updated title

Next call

   McCool: would cancel the call next week

   Kaz: so the next call will occur on Monday, May 20?

   McCool: will be traveling for the IIC meeting on that day as
   well
   ... but still may be able to join

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [22]scribe.perl version 1.154 ([23]CVS log)
    $Date: 2019/05/21 14:26:59 $

     [22] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [23] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 21 May 2019 14:32:11 UTC