- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 21 Sep 2020 18:36:15 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2020/09/07-wot-sec-minutes.html also as text below. Thanks a lot for taking the minutes, Cristiano! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 07 Sep 2020 [2]Agenda [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#7_September_2020 Attendees Present Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Cristiano_Aguzzi, Tomoaki_Mizushima Regrets Chair McCool Scribe cris Contents * [3]Topics 1. [4]Previous minutes 2. [5]TD security PRs 3. [6]Lifecycle review 4. [7]Directory security 5. [8]Clean up issues * [9]Summary of Action Items * [10]Summary of Resolutions __________________________________________________________ <kaz> scribenick: cris Previous minutes <kaz> [11]Aug-31 [11] https://www.w3.org/2020/08/31-wot-sec-minutes.html McCool: by the way it is labor day in the U.S. ... by looking into the minutes it is not clear what Cristiano is agreeing to .. please kaz could you fix this? ... aside from that issue I am ok with the minutes Kaz: Ok the plan you mentioned has been added McCool: any other comments? should we make this public? ... ok published. TD security PRs <inserted> [12]wot-thing-description PR945 [12] https://github.com/w3c/wot-thing-description/pull/945 <inserted> [13]wot-thing-description PR944 [13] https://github.com/w3c/wot-thing-description/pull/944 McCool: TD group provided some feedback on the PR about security ... the main concern was about the fact that we still does not have an implementation of the proposed changes in the PR ... however we do not really define new functionalities in the PR. Infact both of them propose feature that can be easily translated back to the old TD model ... like inline definition can be prepocessed back to a securityDefinition ... anyway the two PRs right now are still on hold... we still have to implement a pre-processor to test them Elena: do we have existing use cases for combination schema? McCool: yes we have an example in the TD document (Example 11). There a proxy is described using a TD ... on the other hand, example 15 shows the problem of redundancy for multiple or security schemas. This is solved by the combination scheme (see Example 16) ... it is an improved syntax for "and" and "or" security constraints Elena: it looks good. Also the inline feature is fine. McCool: we need implementation, for example node-wot still does not support "and" combination (even the old version with the array is not supported) Lifecycle review <kaz> [14]Issue 169 [14] https://github.com/w3c/wot-security/issues/169 McCool: Oliver was confused about roles and entities. I suggested to add the word "role" at the end of some terms to make it clearer ... if have any comments please use the issue comment section. Directory security McCool: we still have to really discuss in depth the issue ... for example what should it be the default method? ... any other topics to add to the agenda for today? otherwise I'd rather try to close some open issues ... ok Clean up issues <kaz> [15]Issue 169 [15] https://github.com/w3c/wot-security/issues/169 McCool: I'd propose to close #169 since we already did the review Elena: we probably need a new issue to track additional review work on the lifecycle McCool: I suggest to do additional reviews when the Arch document goes to CR ... ok closed <kaz> [16]Issue 173 [16] https://github.com/w3c/wot-security/issues/173 McCool: #173 we already completed the task described there. So I'm closing it ... any objection? ... ok closed. <kaz> [17]Issue 177 [17] https://github.com/w3c/wot-security/issues/177 McCool: #177 still has some open points Cristiano: I think the review is done. We may open a new issue to track the left points McCool: yes, let's create an issue in the use-case repository ... I'll assign cristiano to this new issue <McCool> [18]https://github.com/w3c/wot-usecases/issues/49 [18] https://github.com/w3c/wot-usecases/issues/49 McCool: ok now let's close #177 ... closed. <kaz> [19]Issue 170 [19] https://github.com/w3c/wot-security/issues/170 Elena: I am not sure how to update the Threat Model. McCool: I think we can discuss this in a issue Elena: if we decide that the modification is trivial I can just add two lines there however if we plan to create a new section it is better to have a discussion McCool: I think a new issue is the best place to decide this. ... I'm creating a new one in the wot-security repository <kaz> [20]New Issue 183 [20] https://github.com/w3c/wot-security/issues/183 McCool: Elena any other issue that we should add here? Elena: not really <kaz> [21]Issue 170 on Conexxus security and privacy threat model [21] https://github.com/w3c/wot-security/issues/170 McCool: I added a Consider closing label to #170 ... we still have open points and issues to create ... EdgeX have their own internal system for authentication. <kaz> [22]Issue 180 on EdgeX [22] https://github.com/w3c/wot-security/issues/180 McCool: I'd prefer to see a more extensible support ... so I'll the issue open to track the discussion ... I think that a solution for #168 is to create an issue for each use case that still miss security/privacy section. <kaz> [23]Issue 168 - security and privacy considerations for all the use cases (or requirements) [23] https://github.com/w3c/wot-security/issues/168 <kaz> [24]Issue 166 - integrity protection [24] https://github.com/w3c/wot-security/issues/166 McCool: any final things? ... Ok let's close the meeting <kaz> [adjourned] Summary of Action Items Summary of Resolutions [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [25]scribe.perl version ([26]CVS log) $Date: 2020/09/09 01:29:37 $ [25] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [26] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 21 September 2020 09:36:21 UTC