- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Wed, 15 Jan 2020 20:47:01 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2019/12/16-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
16 Dec 2019
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Oliver_Pfaff
Regrets
Chair
McCool
Scribe
kaz
Contents
* [2]Topics
1. [3]Agenda
2. [4]Minutes review
3. [5]Review of Lifecycle/Onboarding in Architecture
4. [6]Future topics
5. [7]Cleaning up the agenda wiki
6. [8]Issue 151
7. [9]Issue 143
* [10]Summary of Action Items
* [11]Summary of Resolutions
__________________________________________________________
Agenda
McCool: last week we canceled the call
... to finalize the Proposed REC transition
... for today
... planning to have the main call this week as well
... what about the Security calls?
... maybe we can have a call on Jan 6, and cancel the meeting
on Jan 13?
Elena: will do my best to join the call on Jan 6
McCool: ok, let's have the next meeting on Jan. 6 then
... possible cancellation on Jan 13
... no meetings on Dec 23 or Dec 30
Oliver: will be not available on Jan 6...
McCool: ok
... in that case...
... no meetings: Dec 23, Dec 30
... tentative Jan 6, Jan 13
Minutes review
[12]Nov-18 minutes
[12] https://www.w3.org/2019/11/18-wot-sec-minutes.html
McCool: charter finalization
... not an actual security meeting
... we still need to discuss IETF Anima
... would accept the minutes
... objections?
(none)
McCool: accept the minutes then
Review of Lifecycle/Onboarding in Architecture
Elena: discussed the lifecycle
... first discussed Oracle's model
... Lagally presented Oracle's documentation
... it's a lifecycle of IoT devices from cloud viewpoint
... then OneM2M model and OCF model
... need to read the OCF spec more in detail
[13]Dec-12 Architecture minutes
[13] https://www.w3.org/2019/12/12-wot-arch-minutes.html
McCool: Oracle is taking cloud management approach
... specific to automatic onboarding
... we should look into generic onboarding as well
... including establishment of trust
... Oracle is interested in how to manage devices for large
scale
... we need to work on use cases
Elena: there was discussion we would need to work on use cases
during the Architecture call
McCool: each company has some specific use case in mind
... according to the schedule, we have use cases as the first
priority
Elena: Architecture call could happen on 19th this week
McCool: ok
... we should have use case discussion as well
... OCF, oneM2M and LwM2M as the primary contenders
... oneM2M is based on LwM2M?
... the lifecycle is included in the Architecture now?
Elena: not really sure if it's good to move the content now
McCool: we can wait for a while so that the Architecture
content can be cleaned up
... probably should keep the content on the Security/Privacy
guideline now
... PRs and Issues to cleaning up before yearend
[14]PR 150
[14] https://github.com/w3c/wot-security/pull/150
[15]Changes
[15] https://github.com/w3c/wot-security/pull/150/files
Elena: the goal is described here
McCool: 3 things here
... establishing the trust
... key materials
... provisioning access
... may involve installing other devices
... generate tokens, etc.
Elena: we need to understand how to deal with that
McCool: would capture the point here (within the comment for PR
150)
... need to specify goals before datailed proceses
... need to establish trust, need to provision secretes, need
to configure authorizations
... setup/onboarding/provisioning may invoke more than the
device itself
... apparently the last point is also being discussed in
architecture
[16]McCool's comment
[16] https://github.com/w3c/wot-security/pull/150#issuecomment-566064846
Oliver: wonder whether trust is symmetric or asymmetric
McCool: probably depends on use cases
Elena: don't think we can prescribe it
McCool: some use cases may require mutual trust and some don't
Kaz: we might want to look into verifiable credentials as well
McCool: ok
Future topics
McCool: (adds a section for "Future topics" on the Security
agenda wiki)
... Lifecycle and Onboarding
... Look at Verifiable Claims; VCWG is closed but people are in
DID-WG now
... Trust establishment: use case analysis
Oliver: maybe bootstrapping for establishing trust?
McCool: terminology varies
... we need to research related ecosystems
... OCF bootstrapping: correspondence with lifecycle,
provisioning, etc.
... and Discovery: privacy preservation
... what a privacy-sensitive situation would be?
... those would be topics for the future
Cleaning up the agenda wiki
McCool: then would clean up the agenda wiki
... "Key Dates" section is out-dated
... also should update the "External Review" section
... possible reviewers: Terri Oda, Valerie Fenwick, Sven
Shrecker, Mike West/Daniel Vedtz, DISS participants
... (remove obsolete "Key Dates" section, and mention "See new
WG charter")
Issue 151
[17]Issue 151
[17] https://github.com/w3c/wot-security/issues/151
McCool: (adds a comment to Issue 151)
... Terminology use for various stakeholders need to be made
consistent between the Arch and Security Document. Use cases
also need to define stakeholders, and use cases should be in
architecture... so maybe all stakeholder defns should move to
architecture?
[18]McCool's comment
[18] https://github.com/w3c/wot-security/issues/151#issuecomment-566071869
Issue 143
[19]Issue 143
[19] https://github.com/w3c/wot-security/issues/143
McCool: currently we use ISO definition for Privacy
... but think it's a bit weak, since it refers to "private
information" which seems circular
... maybe there is a deeper ISO definition, e.g., of "private,
that we can refer to
... we should investigate further
[adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [20]scribe.perl version 1.154 ([21]CVS log)
$Date: 2020/01/15 11:41:35 $
[20] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[21] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 15 January 2020 11:47:11 UTC