[wot-security] minutes - 4 December 2017

available at:
  https://www.w3.org/2017/12/04-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Michael Koster!

BTW, as confirmed below, now gh-pages setting is available for the
wot-security GitHub repository and we can access the draft document
by visiting:
  https://w3c.github.io/wot-security/

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

04 Dec 2017

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Michael_Koster, Zoltan_Kis, Tomoaki_Mizushima,
          Barry_Leiba

   Regrets
   Chair
          McCool

   Scribe
          mjkoster

Contents

     * [3]Topics
         1. [4]previous minutes
         2. [5]schedule for 2nd draft W3C note
         3. [6]NDSS paper deadline
         4. [7]publication of the W3C note
         5. [8]issues review
         6. [9]https local
         7. [10]Next steps for next publication
     * [11]Summary of Action Items
     * [12]Summary of Resolutions
     __________________________________________________________

   <kaz> scribenick: mjkoster

previous minutes

   <kaz> [13]prev minutes

     [13] https://www.w3.org/2017/11/20-wot-sec-minutes.html

   mccool: any objections to accepting the minutes?

   minutes accepted

schedule for 2nd draft W3C note

   second draft mid-january

NDSS paper deadline

   mccool: submitted and updated the abstract
   ... will continue to update until the deadline
   ... there is a review version

   [14]https://github.com/mmccool/ndss-wot-sec/blob/submission-1/n
   dss-wot-sec.pdf

     [14] https://github.com/mmccool/ndss-wot-sec/blob/submission-1/ndss-wot-sec.pdf

   the submission-1 branch contains the review draft

   mccool: removed examples in order to get the length under the
   limit
   ... added local links as a fifth issue
   ... does the structure of five issues make sense?
   ... the five things are a mixed bag, but we can't restructure
   the document massively at this point
   ... maybe we can fix up the wording
   ... need to have someone to do a critical review of the paper

   <McCool>
   [15]https://github.com/mmccool/ndss-wot-sec/blob/submission-1/n
   dss-wot-sec.pdf

     [15] https://github.com/mmccool/ndss-wot-sec/blob/submission-1/ndss-wot-sec.pdf

   Barry Leiba volunteered

   mccool: review from the POV of a conference reviewer for this
   wprkshop
   ... schedule one more meeting before the Friday deadline

publication of the W3C note

   mccool: what is the status of the publication?

   kaz: working on the process of publication
   ... for example, a static rendered HTML version is needed

   mccool: this is needed for github.io hosting also
   ... W3C moratorium on publication starts on December 18th

   kaz: we could set December 7th as the publication date

   <kaz> [kaz will let Michael McCool know about the publication
   version URL for the NDSS paper]

   <kaz> ACTION: kaz to set up gh-pages setting for wot-security
   repo so that we can use github.io URL

issues review

   [16]https://github.com/w3c/wot-security/issues

     [16] https://github.com/w3c/wot-security/issues

   mccool: get oauth2 and webtoken stuff sorted ASAP
   ... current issues won't affect the current version of the
   document

https local

   <kaz> [17]issue 55

     [17] https://github.com/w3c/wot-security/issues/55

   mccool: network reachability
   ... attended the https in local network W3C CG meeting at TPAC

   <kaz> [18]HTTP in Local Network CG

     [18] https://www.w3.org/community/httpslocal/

   mccool: depends on globally visible URLs
   ... Plex solution based on certificates based on IP address

   <kaz> [19]Certificate.md

     [19] https://github.com/httpslocal/usecases/blob/master/Certificates.md

   <kaz> [20]How Plex is doing

     [20] https://blog.filippo.io/how-plex-is-doing-https-for-all-its-users/

   <McCool> see here for various ways to do https local:
   [21]https://github.com/httpslocal/usecases/blob/master/Certific
   ates.md

     [21] https://github.com/httpslocal/usecases/blob/master/Certificates.md

   mccool: these are based on "wildcard certificates"

   <McCool> [22]https://github.com/httpslocal/usecases

     [22] https://github.com/httpslocal/usecases

   <kaz> HTTP in Local Network CG's Use Cases above

Next steps for next publication

   mccool: any other issues?
   ... what should be done by January 16th?
   ... what priorities and how can we split up the work?
   ... what about municipal or industrial sections?

   elena: section 4.2
   ... scripting considerations

   <kaz> [23]section 4.2

     [23] https://rawgit.com/w3c/wot-security/master/index.html#secure-practices-for-designing-wot-scripts-and-wot-script-apis

   elena: we also need work on the validation section

   mccool: cite some existing IoT related approaches to security
   validation

   <kaz> [24]section 6 - Security Validation

     [24] https://rawgit.com/w3c/wot-security/master/index.html#security-validation

   mccool: reviewing assignments to the issues
   ... asking Zoltan to provide scripting input

   <kaz> [25]Issue 22

     [25] https://github.com/w3c/wot-security/issues/22

   mccool: any more issues, AOB?
   ... next week will be cleaning up the paper submission
   ... no more business, adjourned

Summary of Action Items

   [NEW] ACTION: kaz to set up gh-pages setting for wot-security
   repo so that we can use github.io URL

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [26]scribe.perl version
    1.152 ([27]CVS log)
    $Date: 2017/12/04 17:57:25 $

     [26] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [27] http://dev.w3.org/cvsweb/2002/scribe/

Received on Monday, 11 December 2017 16:20:47 UTC