W3C home > Mailing lists > Public > public-wot-ig@w3.org > May 2020

[wot-security] minutes - 4 May 2020

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Thu, 28 May 2020 22:42:44 +0900
Message-ID: <874ks0mazv.wl-ashimura@w3.org>
To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:

also as text below.




      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

04 May 2020


          Kaz_Ashimura, Clerley_Silveira, David_Ezell,
          Michael_McCool, Oliver_Pfaff, Tomoaki_Mizushima,
          Elena_Reshetova, Zoltan_Kis





     * [2]Topics
         1. [3]Review of minutes
         2. [4]Lifecycle review and input
         3. [5]Requirements review and Use Case Templates
         4. [6]Other issues
     * [7]Summary of Action Items
     * [8]Summary of Resolutions

   <inserted> scribenick: dezell

Review of minutes

   McCool: suggest we continue with lifecycle review
   ... also requirements.

   RESOLUTION: publish Apr-27 minutes

Lifecycle review and input

   Elena: haven't seen much traffic, except the diagram that
   Zoltan sent.
   ... (shows the diagram)

   McCool: Zoltan proposed this latest version with the layered
   ... I think we should examine where the keys are instantiated
   and managed.
   ... provider should only update service keys.
   ... application level updates application keys.
   ... Should our state diagram include service keys, and
   potentially rotation (management) for those keys.

   Zoltan: I think I got those changes.

   McCool: need a dotted line around operational and maintenance
   ... double arrows between operation and maintenance implies a
   return to the original state, whereas the change should be to
   the latest state.
   ... when you go back to operational state, you don't go back to
   a state with no keys yet.
   ... in other words, a shift along the arrows doesn't lose the
   existing state.

   Elena: returning to operational from maintenance but retaining
   keys is a departure from what's intended.

   McCool: remove "operational keys - none" from the diagram and
   it should be good.
   ... recommend detailed follow up in the architecture call.

Requirements review and Use Case Templates

   <inserted> [9]wot-architecture issue 488

      [9] https://github.com/w3c/wot-architecture/pull/488

   McCool: issue #488
   ... (adjusts topic levels)
   ... now that we've updated the template, there are a bunch of
   use cases missing the (now) higher-level sections.
   ... E.g., look at Smart Cities
   ... I think we should assign use cases to people and come back
   ... Michael has said it would be good to have one good use
   ... (ruminating) we have privacy issues, images, health status.

   (see wot-architecture / USE_CASES /

   <inserted> [10]Public Health Monitoring use case

     [10] https://github.com/w3c/wot-architecture/blob/master/USE-CASES/smartcity-health-monitoring.md

   McCool: this is a use case of combining pictures with
   temperatures to allow personnel to find sick people in a crowd.
   ... major concern is mistaken identity.
   ... Use #488 as an example for how to fill out other use cases.
   ... we'll put use cases in sets, and then assign sets to

   <McCool> [11]https://github.com/w3c/wot-architecture/issues/492

     [11] https://github.com/w3c/wot-architecture/issues/492


     [12] https://github.com/w3c/wot-architecture/tree/master/USE-CASES

   Oliver: I'll volunteer for "X-Protocol Internetworking"

   McCool: will people go through the issues and volunteer?
   ... I've worked on "mni" but others should take a look.

   <kaz> [13]wot-architecture issue 493

     [13] https://github.com/w3c/wot-architecture/issues/493

   McCool: anybody familiar with nhk?
   ... David, can we assign you to retail.
   ... Yes.
   ... The issues are going to be in architecture.

   Clerley: I would like to volunteer

   McCool: members should take a look at how they can contribute.

   <kaz> ACTION: kaz to check the editor's teams for wot-security
   and wot-architecture

   McCool: Clerley/David volunteered for retail.
   ... I suggest we merge the security and architecture groups.

Other issues

   Oliver: I have tried to issue a PR but have had problems

   McCool: it looks like the PR is to your own master, not the
   remote one (W3C).

   Oliver: I'll take a look.

   <McCool> [14]https://github.com/w3c/wot-security/issues/144

     [14] https://github.com/w3c/wot-security/issues/144

   McCool: we need to take at this issue #144 while we work out
   the technical issue.

   <scribe> (Kaz has just added the "w3c-group-95969-members"
   Team, which includes all the WoT WG participants, to the
   "wot-architecture" repository so that Oliver can be assigned to
   the related issues.)

   <McCool> [15]https://github.com/w3c/wot-architecture/issues/493

     [15] https://github.com/w3c/wot-architecture/issues/493

   <McCool> [16]https://github.com/w3c/wot-architecture/issues/494

     [16] https://github.com/w3c/wot-architecture/issues/494

   McCool: you need to go to the issue and post a comment, then
   you can take the assignment. comment first, take assignment
   ... retail use case is #494
   ... next week we'll try to clear as many issues as possible.
   ... go and volunteer yourselves for the use cases.


Summary of Action Items

   [NEW] ACTION: kaz to check the editor's teams for wot-security
   and wot-architecture - [DONE]

Summary of Resolutions

    1. [17]publish minutes

   [End of minutes]

    Minutes manually created (not a transcript), formatted by
    David Booth's [18]scribe.perl version 1.154 ([19]CVS log)
    $Date: 2020/05/28 13:40:44 $

     [18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [19] http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 28 May 2020 13:42:13 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 28 May 2020 13:42:13 UTC