- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 07 Apr 2020 19:07:02 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2020/03/30-wot-sec-minutes.html
also as text below.
Thanks a lot for taking the minutes, Oliver!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
30 Mar 2020
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Oliver_Pfaff, Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
Oliver
Contents
* [2]Topics
1. [3]Previous minutes
2. [4]Lifecycle - Anima mapping
3. [5]PRs
* [6]Summary of Action Items
* [7]Summary of Resolutions
__________________________________________________________
<kaz> scribenick: Oliver
Previous minutes
<McCool> [8]https://www.w3.org/2020/03/23-wot-sec-minutes.html
[8] https://www.w3.org/2020/03/23-wot-sec-minutes.html
Minutes from 2020-03-23 were reviewed and accepted as okay
(modulo some typos)
<kaz> [typos fixed]
Lifecycle - Anima mapping
[9]Elena's updated lifecycle diagram
[9] https://github.com/w3c/wot-architecture/blob/master/proposals/WoT lifecycle diagram-WoT new lifecycle.svg
Elena presented proposal for Thing lifecycle with a focus on
lifecycle stages
Original proposal allows a good mapping to IETF Anima
Having a dedicated block "Bootstrapping/Onboarding" rather than
an arrow-onyl seems a good improvement
Mappings against IETF Anima should also consider
[10]https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-
keyinfra-38#section-2.1
[10] https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-38#section-2.1
Lifecycle as illustrated in slides "Bootstrapping IoT Security
- The IETF Anima and OPC-UA Recipes" have their backing in work
from IRTF T2TRG (was also mapped with some Operational
Technology)
Manufacturer keys/credentials shall be distinguished from site
keys/credentials
The former are regarded optional. The latter may incarnate
multiply (per application domain)
3 families of keys/credentials can play a role: manufacturer
key/credential (0..1 per Thing), site key/credential (0..1 per
Thing), application keys/credentials (0/1..n per Thing)
Manufacturer keys/credentials are supplied (if supplied) in the
manufacturing phase
Site key/credentals are supplied (if supplied) in the
bootstrapping/onboarding phase
Application keys/credentials are supplied in the
bootstrapping/onboarding and/or maintenance phases (depending
on the maintenance mode)
Manufacturer keys/credentials can contain what the manufacturer
knows (production date/location...); issuance under
manufacturer control
Site keys/credentials can also contain what the user/operator
knows about the Thing (independent from an application domain);
issuance under site-control
Application keys/credentials can also contain what an
appliaction domain expects to find (e.g. DNS name in
SubjectAltName); issuance under site-control
PRs
<kaz> [11]PR 164
[11] https://github.com/w3c/wot-security/pull/164
PR 164 needs an editorial update. Can not be done in the GitHub
Web UI. Needs to be followed-up...
Progress made in lifecycle discussion esp. regarding its states
and to-be-distinguished keys/credentials
<kaz> [adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [12]scribe.perl version 1.154 ([13]CVS log)
$Date: 2020/04/06 12:09:42 $
[12] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[13] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 7 April 2020 10:07:05 UTC