- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Thu, 28 May 2020 22:42:44 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2020/05/04-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
04 May 2020
Attendees
Present
Kaz_Ashimura, Clerley_Silveira, David_Ezell,
Michael_McCool, Oliver_Pfaff, Tomoaki_Mizushima,
Elena_Reshetova, Zoltan_Kis
Regrets
Chair
McCool
Scribe
David
Contents
* [2]Topics
1. [3]Review of minutes
2. [4]Lifecycle review and input
3. [5]Requirements review and Use Case Templates
4. [6]Other issues
* [7]Summary of Action Items
* [8]Summary of Resolutions
__________________________________________________________
<inserted> scribenick: dezell
Review of minutes
McCool: suggest we continue with lifecycle review
... also requirements.
RESOLUTION: publish Apr-27 minutes
Lifecycle review and input
Elena: haven't seen much traffic, except the diagram that
Zoltan sent.
... (shows the diagram)
McCool: Zoltan proposed this latest version with the layered
states.
... I think we should examine where the keys are instantiated
and managed.
... provider should only update service keys.
... application level updates application keys.
... Should our state diagram include service keys, and
potentially rotation (management) for those keys.
Zoltan: I think I got those changes.
McCool: need a dotted line around operational and maintenance
states.
... double arrows between operation and maintenance implies a
return to the original state, whereas the change should be to
the latest state.
... when you go back to operational state, you don't go back to
a state with no keys yet.
... in other words, a shift along the arrows doesn't lose the
existing state.
Elena: returning to operational from maintenance but retaining
keys is a departure from what's intended.
McCool: remove "operational keys - none" from the diagram and
it should be good.
... recommend detailed follow up in the architecture call.
Requirements review and Use Case Templates
<inserted> [9]wot-architecture issue 488
[9] https://github.com/w3c/wot-architecture/pull/488
McCool: issue #488
... (adjusts topic levels)
... now that we've updated the template, there are a bunch of
use cases missing the (now) higher-level sections.
... E.g., look at Smart Cities
... I think we should assign use cases to people and come back
together.
... Michael has said it would be good to have one good use
case.
... (ruminating) we have privacy issues, images, health status.
(see wot-architecture / USE_CASES /
smartcity-health-monitoring)
<inserted> [10]Public Health Monitoring use case
[10] https://github.com/w3c/wot-architecture/blob/master/USE-CASES/smartcity-health-monitoring.md
McCool: this is a use case of combining pictures with
temperatures to allow personnel to find sick people in a crowd.
... major concern is mistaken identity.
... Use #488 as an example for how to fill out other use cases.
... we'll put use cases in sets, and then assign sets to
people.
<McCool> [11]https://github.com/w3c/wot-architecture/issues/492
[11] https://github.com/w3c/wot-architecture/issues/492
<McCool>
[12]https://github.com/w3c/wot-architecture/tree/master/USE-CAS
ES
[12] https://github.com/w3c/wot-architecture/tree/master/USE-CASES
Oliver: I'll volunteer for "X-Protocol Internetworking"
McCool: will people go through the issues and volunteer?
... I've worked on "mni" but others should take a look.
<kaz> [13]wot-architecture issue 493
[13] https://github.com/w3c/wot-architecture/issues/493
McCool: anybody familiar with nhk?
... David, can we assign you to retail.
... Yes.
... The issues are going to be in architecture.
Clerley: I would like to volunteer
McCool: members should take a look at how they can contribute.
<kaz> ACTION: kaz to check the editor's teams for wot-security
and wot-architecture
McCool: Clerley/David volunteered for retail.
... I suggest we merge the security and architecture groups.
Other issues
Oliver: I have tried to issue a PR but have had problems
McCool: it looks like the PR is to your own master, not the
remote one (W3C).
Oliver: I'll take a look.
<McCool> [14]https://github.com/w3c/wot-security/issues/144
[14] https://github.com/w3c/wot-security/issues/144
McCool: we need to take at this issue #144 while we work out
the technical issue.
<scribe> (Kaz has just added the "w3c-group-95969-members"
Team, which includes all the WoT WG participants, to the
"wot-architecture" repository so that Oliver can be assigned to
the related issues.)
<McCool> [15]https://github.com/w3c/wot-architecture/issues/493
[15] https://github.com/w3c/wot-architecture/issues/493
<McCool> [16]https://github.com/w3c/wot-architecture/issues/494
[16] https://github.com/w3c/wot-architecture/issues/494
McCool: you need to go to the issue and post a comment, then
you can take the assignment. comment first, take assignment
second.
... retail use case is #494
... next week we'll try to clear as many issues as possible.
... go and volunteer yourselves for the use cases.
adjourned.
Summary of Action Items
[NEW] ACTION: kaz to check the editor's teams for wot-security
and wot-architecture - [DONE]
Summary of Resolutions
1. [17]publish minutes
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [18]scribe.perl version 1.154 ([19]CVS log)
$Date: 2020/05/28 13:40:44 $
[18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[19] http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 28 May 2020 13:42:13 UTC