- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Fri, 30 Jun 2017 21:57:39 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at: https://www.w3.org/2017/06/30-wot-sec-minutes.html also as text below. Thanks, --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT IG - Security 30 Jun 2017 See also: [2]IRC log [2] http://www.w3.org/2017/06/30-wot-sec-irc Attendees Present Elena_Reshetova, Michael_Koster, Michael_McCool, Kaz_Ashimura, Daniel_Ibaseta Regrets Chair McCool Scribe kaz Contents * [3]Topics 1. [4]Privacy questionnaire - online google doc 2. [5]F2F agenda 3. [6]Privacy questionnaire 4. [7]AOB * [8]Summary of Action Items * [9]Summary of Resolutions __________________________________________________________ Privacy questionnaire - online google doc Elena: RFC6973 questionnaire ... generated a google doc for that McCool: first question about stakeholder? Elena: and then system maintainer, asset list, ... ... (goes through the questionnaire list) ... list of threats complete? ... security objectives correct? McCool: use cases look more like features ... would clarify scenario of use use cases Koster: use case being what use is doing ... so far it seems component-oriented approach ... we had "atomic use cases" already and that is a bit different kind of use case ... still struggling about what "security for WoT" ... there are existing security considerations ... asking about this questionnaire is a good approach ... also we should go back to people and ask what they're concerned about WoT security Elena: f2f would be a good opportunity to get people's opinions McCool: we should generate this questionnaire and also should have a session during f2f ... we need to think about scenario more F2F agenda McCool: we have 2 sessions, one is security, another is privacy ... how to handle them ... how many sessions should we have? ... Elena will call in ... Zoltan will be there f2f ... 3 hours total maybe? ... should avoid parallel sessions Elena: 1 hour for privacy? ... the rest 2 hours scenarios McCool: there are already security features in the architecture ... good to get connected with them ... we should include scripting people as well ... half hour for review Elena: how many mechanisms? McCool: TLS, secure CoAP, etc. ... will go back to see the details ... a section in the TD about security but vague ... the details should be written in another document and should add a link to that ... management API ... isolation ... would figure out how to evaluate ... focused discussion with scripting guys ... 3 hours total ... 1 hour for privacy ... security architecture session ... 1.5 hour for use case scenarios ... 0.5 for reviewing existing mechanisms Elena: we don't have anybody from TD McCool: shows the f2f agenda: [10]https://www.w3.org/WoT/IG/wiki/F2F_meeting,_9-13_July_2017, _D%C3%BCsseldorf,_Germany ... edits the agenda ... 1 hour for TD ... adds topics for security ... 1.5h securiy use cases and scenarios ... 0.5h review of exisiting/proposed security architecture ... 1h privacy [10] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_9-13_July_2017,_Düsseldorf,_Germany Privacy questionnaire -> Elena's doc file on "Privacy questionnaire for WoT protocol" Elena: can modify it ... and put it a google doc McCool: looks good Elena: will apply changes McCool: next Friday, I'll be travelling Koster: will be preparing on that day McCool: would propose we cancel the next meeting ... we should have a couple of presentation slides for f2f ... let's skip general background ... join the openday, and mention the state, etc. Elena: can generate some slides and send them to you McCool: introductory explanation probably will be done by Matthias Elena: how to distribute the resources? McCool: google doc? ... would have a link on the security tf page ... and ask people to review particular documents/questionnaires on the ML ... to fill out the questionnaire prior to the f2f AOB Kaz: think we should have security sessions as plenary sessions McCool: agree ... would add "plenary" mark to those sessions Kaz: another question is distributing today's resources to the group lists: member-wot-ig@w3.org and member-wot-wg@w3.org Elena: can update the google doc today ... and send them to you McCool: will add hyperlinks to the TF wiki page Kaz: just thought it would be nicer to add concrete resources to the minutes from this call Elena: can update the resources and add links to the minutes [adjourned] Summary of Action Items Summary of Resolutions [End of minutes] __________________________________________________________ Minutes formatted by David Booth's [11]scribe.perl version 1.152 ([12]CVS log) $Date: 2017/06/30 12:55:58 $ [11] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [12] http://dev.w3.org/cvsweb/2002/scribe/
Received on Friday, 30 June 2017 12:58:54 UTC