W3C home > Mailing lists > Public > public-wot-wg@w3.org > June 2017

[wot-security] minutes - 30 June 2017

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Fri, 30 Jun 2017 21:57:39 +0900
Message-ID: <CAJ8iq9VvqCMNHzs6b5o7tEw4tYPTb2L5sMLvw1QSxvgdX=AHsg@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:

also as text below.




      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

30 Jun 2017

   See also: [2]IRC log

      [2] http://www.w3.org/2017/06/30-wot-sec-irc


          Elena_Reshetova, Michael_Koster, Michael_McCool,
          Kaz_Ashimura, Daniel_Ibaseta




     * [3]Topics
         1. [4]Privacy questionnaire - online google doc
         2. [5]F2F agenda
         3. [6]Privacy questionnaire
         4. [7]AOB
     * [8]Summary of Action Items
     * [9]Summary of Resolutions

Privacy questionnaire - online google doc

   Elena: RFC6973 questionnaire
   ... generated a google doc for that

   McCool: first question about stakeholder?

   Elena: and then system maintainer, asset list, ...
   ... (goes through the questionnaire list)
   ... list of threats complete?
   ... security objectives correct?

   McCool: use cases look more like features
   ... would clarify scenario of use use cases

   Koster: use case being what use is doing
   ... so far it seems component-oriented approach
   ... we had "atomic use cases" already and that is a bit
   different kind of use case
   ... still struggling about what "security for WoT"
   ... there are existing security considerations
   ... asking about this questionnaire is a good approach
   ... also we should go back to people and ask what they're
   concerned about WoT security

   Elena: f2f would be a good opportunity to get people's opinions

   McCool: we should generate this questionnaire and also should
   have a session during f2f
   ... we need to think about scenario more

F2F agenda

   McCool: we have 2 sessions, one is security, another is privacy
   ... how to handle them
   ... how many sessions should we have?
   ... Elena will call in
   ... Zoltan will be there f2f
   ... 3 hours total maybe?
   ... should avoid parallel sessions

   Elena: 1 hour for privacy?
   ... the rest 2 hours scenarios

   McCool: there are already security features in the architecture
   ... good to get connected with them
   ... we should include scripting people as well
   ... half hour for review

   Elena: how many mechanisms?

   McCool: TLS, secure CoAP, etc.
   ... will go back to see the details
   ... a section in the TD about security but vague
   ... the details should be written in another document and
   should add a link to that
   ... management API
   ... isolation
   ... would figure out how to evaluate
   ... focused discussion with scripting guys
   ... 3 hours total
   ... 1 hour for privacy
   ... security architecture session
   ... 1.5 hour for use case scenarios
   ... 0.5 for reviewing existing mechanisms

   Elena: we don't have anybody from TD

   McCool: shows the f2f agenda:
   ... edits the agenda
   ... 1 hour for TD
   ... adds topics for security
   ... 1.5h securiy use cases and scenarios
   ... 0.5h review of exisiting/proposed security architecture
   ... 1h privacy

     [10] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_9-13_July_2017,_Düsseldorf,_Germany

Privacy questionnaire

   -> Elena's doc file on "Privacy questionnaire for WoT protocol"

   Elena: can modify it
   ... and put it a google doc

   McCool: looks good

   Elena: will apply changes

   McCool: next Friday, I'll be travelling

   Koster: will be preparing on that day

   McCool: would propose we cancel the next meeting
   ... we should have a couple of presentation slides for f2f
   ... let's skip general background
   ... join the openday, and mention the state, etc.

   Elena: can generate some slides and send them to you

   McCool: introductory explanation probably will be done by

   Elena: how to distribute the resources?

   McCool: google doc?
   ... would have a link on the security tf page
   ... and ask people to review particular
   documents/questionnaires on the ML
   ... to fill out the questionnaire prior to the f2f


   Kaz: think we should have security sessions as plenary sessions

   McCool: agree
   ... would add "plenary" mark to those sessions

   Kaz: another question is distributing today's resources to the
   group lists: member-wot-ig@w3.org and member-wot-wg@w3.org

   Elena: can update the google doc today
   ... and send them to you

   McCool: will add hyperlinks to the TF wiki page

   Kaz: just thought it would be nicer to add concrete resources
   to the minutes from this call

   Elena: can update the resources and add links to the minutes


Summary of Action Items

Summary of Resolutions

   [End of minutes]

    Minutes formatted by David Booth's [11]scribe.perl version
    1.152 ([12]CVS log)
    $Date: 2017/06/30 12:55:58 $

     [11] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [12] http://dev.w3.org/cvsweb/2002/scribe/
Received on Friday, 30 June 2017 12:58:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:47 UTC