RE: [wot-security] minutes - 23 August 2017

As of yesterday, I have completed a pull request for an updated security section in the TD.   See

As requested, this now includes an HTML diff (and also a PDF rendering).

Mostly this was just formatting cleanup of Elena's contributions.  I expect Elena to do another pass on the content... and we will probably also move some of the more general content to the Architecture document, necessitating another PR to the wot-architecture repo.

I also added an entry (well, a PR) for "WoT API" to the terminology under wot-architecture since we use it a lot in the Threat Model.

If you want to discuss the content of these please plan to attend the Security TF meeting on Monday, where I hope we can put/plan the final touches on these PRs, then next Wednesday we can discuss if they are mature enough to include in the FPWD.

Michael McCool

-----Original Message-----
From: Kazuyuki Ashimura [] 
Sent: Friday, August 25, 2017 03:17
To: Public Web of Things IG <>;
Subject: [wot-security] minutes - 23 August 2017

available at:

also as text below.

Thanks a lot for taking these minutes, Elena!





                               - DRAFT -

                           WoT IG - Security

23 Aug 2017

   See also: [2]IRC log



          Kaz_Ashimura, Elena_Reshetova, Michael_Koster,
          Soumya_Kanti_Datta, Tomoaki_Mizushima, Zoltan_Kis,
          Michael_McCool, Barry_Leiba, Katsuyoshi_Naka




     * [3]Topics
         1. [4]Logistics
         2. [5]Documents status
         3. [6]IEEE Workshop
     * [7]Summary of Action Items
     * [8]Summary of Resolutions

   <kaz> scribenick: elena


   McCool: agenda, change security task force meeting to Monday
   3pm finland time?

   no objections, meeting time changed

Documents status

   McCool: next agenda item, first draft for overall arch. and TD
   document security sections
   ... next wednesday, Aug. 30, is fist deadline
   ... monday is a final time for changes, after goes to review
   ... another item overal direction, general things go to
   architecture document, td doc only to have specifics

   <zkis> elena: yes, PR was made to mccool's repo with the TD

   next we are discussing PR that elena did with changes in TD
   security section

   pr would be accepted to mccool repo, he would cleanup etc

   elena: it would be nice to cross reference to threat model
   ... when writing security sections in different docs

   McCool: insert link to threat model in TD security section

   elena: use of secure transport should move to general
   architecture doc section



   McCool: what pieces from generic practice document should be
   moved to the security architecture or TD sections?
   ... will do a first pass on generic arch. document security
   section, elena will take second pass



   kaz: what is procedure from url above?

   ex.html htmldiff


   we will do html diff according to above

   zkis, could McCool merge the PR above from Zoltan?

   <kaz> kaz: Zoltan was proposing a procedure (pullrequest 5) and
   everybody is encouraged to use htmldiff

   <kaz> [12]


   RESOLUTION: will be merged

   McCool: access token currently for entire TD and not for
   individual entries

   elena: this is not good and won't scale in general

   McCool: we will need to double check this and discuss further
   ... minimize application functionality should go to general

   <kaz> [13]pullrequest for wot-thing-description on McCool's


   McCool: testing should also be moved into general document
   ... WoT API needs to be added to terminology list for further

   question: what should be extracted from the WoT Current
   Practices document security section?

   elena: will take a pass on thinking and moving stuff

   <kaz> [14]WoT Best Practices document


   McCool will create first PR, elena will do a next pass

   everyone should read it and say their objections if any or

   McCool: what are the best available practices and reference to

   McCool will update the list of references from set that people
   recommended over email

IEEE Workshop

   McCool: we need to submit proposal for workshop for S&P IEEE
   workshop by 20 of september

   anyone wants to volunteer?

   <kaz> [15]IEEE workshop page


   McCool will try to do the first pass on it

   others need to review

   we should discuss it during next meeting

   McCool: will ask around who else wants to participate in
   workshop/share costs
   ... workshop probably is one day and asking people to submit
   short papers

   kaz: we will need to talk about it during next chairs meeting

   another option to consider is NDSS workshop in February

   but deadline is august 31st, so very soon

   next meeting is next monday

Summary of Action Items

Summary of Resolutions

    1. [16]will be merged

   [End of minutes]

    Minutes formatted by David Booth's [17]scribe.perl version
    1.152 ([18]CVS log)
    $Date: 2017/08/24 18:13:22 $



Received on Friday, 25 August 2017 03:55:50 UTC