[wot-security] minutes - 27 January 2020

available at:
  https://www.w3.org/2020/01/27-wot-sec-minutes.html

also as text below.

Thanks for taking the notes, Oliver!

Kazuyuki

---
   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

27 Jan 2020

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#27_Jan_2020

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Oliver_Pfaff,
          Tomoaki_Mizushima

   Regrets

   Chair
          McCool

   Scribe
          Oliver, kaz

Contents

     * [3]Topics
     * [4]Summary of Action Items
     * [5]Summary of Resolutions
     __________________________________________________________

   <kaz> scribenick: Oliver

   Michael: Issue#152 assigned to Elena, Issue#153 to Michael

   <kaz> [6]Issue 152

      [6] https://github.com/w3c/wot-security/issues/152

   Michael: Issue#151 assigned to Elena - continues

   <kaz> [7]Issue 153

      [7] https://github.com/w3c/wot-security/issues/153

   <kaz> [8]Issue 151

      [8] https://github.com/w3c/wot-security/issues/151

   <inserted> scribenick: kaz

   Michael: add labels of "PR Available" and "WIP" to Issue#149

   [9]Issue 149

      [9] https://github.com/w3c/wot-security/issues/149

   Michael: adds comments for Zoltan for Issue#151

   [10]Issue 151

     [10] https://github.com/w3c/wot-security/issues/151

   [11]Issue 148

     [11] https://github.com/w3c/wot-security/issues/148

   Oliver: question on which actor to be addressed
   ... maybe discussion for Architecture
   ... mapping is unclear

   McCool: need a clear description in definition?
   ... in the security document?
   ... if so, someone should provide a pullrequest
   ... should elaborate in the security document
   ... (adds comment to Issue 148)
   ... it's not clear who the actors are for authentication
   ... it needs a clearer definition and discussion

   Oliver: yes
   ... but not only related to security guidelines
   ... but also TD and Architecture

   McCool: (adds comments)
   ... this is true in the TD and Architecture docs as well as in
   the security guidelines.
   ... a lot of the definitions in Architecture are based on other
   standards, which however may be based on client-server
   arcihtecture./server-based
   ... propose a clearer definition in the Architecture document
   for "authentication" that references existing standards but
   builds upon them as necessary
   ... will create an issue in Architecture repo

   Oliver: sounds like a good plan

   McCool: (creates an issue for wot-architecture)
   ... issue title should be [[More clearly define "Thing
   Authentication"]]

   [12]new wot-architecture issue 429 corresponding wot-security
   issue 148

     [12] https://github.com/w3c/wot-architecture/issues/429

   [13]Issue 147

     [13] https://github.com/w3c/wot-security/issues/147

   McCool: Missing reference for IETFAnima
   ... (adds labels of "PR Available" and "WIP")

   [14]Issue 146

     [14] https://github.com/w3c/wot-security/issues/146

   McCool: need to create a pullrequest
   ... Oliver, do you have a branch for that purpose?
   ... can you show us the branch?

   [15]Issue 145

     [15] https://github.com/w3c/wot-security/issues/145

   McCool: client/server vs publish/subscribe patterns
   ... we'll be looking at protocols that support
   publish/subscribe patterns, e.g., MQTT, HTTP with
   event/subscribe interactions, OPC-UA
   ... so we do need to look at this
   ... any resources to refer?
   ... for MQTT, OPC-UA, HTTP
   ... would like to assign this issue 145 to Oliver
   ... not for a pullrequest at this point, but only to come up
   with a more concrete plan

   Oliver: fine by me
   ... will look into that
   ... but will take vacation till Feb 24

   McCool: not critical to do by next week

   Oliver: can work on it but discussion to be done on Feb 24

   McCool: ok. we need to collect references first

   [16]Issue 144

     [16] https://github.com/w3c/wot-security/issues/144

   McCool: next, end-to-end security
   ... summary is we need a clearer definition
   ... can apply to multiple levels of the network stack
   ... seems more security-specific topic

   Oliver: we need some description about different levels of
   security

   McCool: end-to-end security is related to protocols
   ... so related to protocol binding
   ... basic definition to be included in the Architecture
   document
   ... and elaborated within the Security Guidelines document
   ... actions:
   ... 1. create a pullrequest for basic definition in
   Architecture
   ... 2. create a pullrequest for discussion in Security
   Guidelines
   ... let me create another issue for Architecture

   [17]new Architecture issue 430

     [17] https://github.com/w3c/wot-architecture/issues/430

   McCool: any other input for the next call?
   ... (updates the agenda wiki for Jan-27 call)
   ... AOB?

   (none)

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [18]scribe.perl version 1.154 ([19]CVS log)
    $Date: 2020/02/04 03:41:02 $

     [18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [19] http://dev.w3.org/cvsweb/2002/scribe/

Received on Wednesday, 5 February 2020 05:49:45 UTC