W3C home > Mailing lists > Public > public-wot-wg@w3.org > November 2017

[wot-security] minutes - 23 October 2017

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Wed, 1 Nov 2017 09:14:19 +0900
Message-ID: <CAJ8iq9Xdrzd6jTbyjur2Yw_9JrTv2DOJb9=2JSEDm8Gu8G5VkQ@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
  https://www.w3.org/2017/10/23-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

23 Oct 2017

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

   See also: [3]IRC log

      [3] http://www.w3.org/2017/10/23-wot-sec-irc

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Zoltan_Kis, Uday_Davuluru, Barry_Leiba,
          Tomoaki_Mizushima

   Regrets
   Chair
          McCool

   Scribe
          kaz

Contents

     * [4]Topics
         1. [5]Previous mintues
         2. [6]Review schedule
         3. [7]PRs
         4. [8]ISSUE 46
         5. [9]ISSUE 44
         6. [10]ISSUE 41
         7. [11]ISSUE 40
         8. [12]ISSUE 32
         9. [13]NDSS DISS workshop
        10. [14]AOB
     * [15]Summary of Action Items
     * [16]Summary of Resolutions
     __________________________________________________________

   <scribe> scribenick: kaz

   [17]prev minutes

     [17] https://www.w3.org/2017/10/16-wot-sec-minutes.html

Previous mintues

   mccool: goes through the prev minutes

   kaz: Soumya is already included in the wot-security-tf team

   mccool: the minutes are fine by me
   ... any objections?

   (none)

   minutes approved

Review schedule

   [18]proposed schedule

     [18] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Schedule

   kaz: can send a publication request on 27th

   mccool: ok
   ... schedule looks good

PRs

   [19]PRs

     [19] https://github.com/w3c/wot-security/pulls

   [20]pr 47 - remove redundant security objectives content

     [20] https://github.com/w3c/wot-security/pull/47

   mccool: will clean this up
   ... objections to merge this?
   ... straight forward

   (no objections)

   mccool: merges pr 47
   ... working branch is merged now

   [21]https://services.w3.org/htmldiff

     [21] https://services.w3.org/htmldiff

   <McCool>
   [22]https://services.w3.org/htmldiff?doc1=https%3A%2F%2Frawgit.
   com%2Fw3c%2Fwot-security%2Fmaster%2Findex.html&doc2=https%3A%2F
   %2Frawgit.com%2Fw3c%2Fwot-security%2Fworking%2Findex.html

     [22] https://services.w3.org/htmldiff?doc1=https://rawgit.com/w3c/wot-security/master/index.html&doc2=https://rawgit.com/w3c/wot-security/working/index.html

   mccool: terminology changes
   ... solution including the entire hardware as well?
   ... (goes through the changes)
   ... acronym "Mgm" means "Management"
   ... Management API or management interface?

   zoltan: not API

   mccool: "interface" for network API

   zoltan: no management API for Scripting API (so far)

   mccool: scripting api will talk with network interface. right?

   zoltan: API has a bit easier connotation
   ... service carried out by network interface would require
   security

   mccool: any other interesting points?
   ... (security objectives)
   ... TBD here and there (right above "2.3.2 Scenario 2 -
   Business/Corporate environment")
   ... added section "3. Existing Security Best Practices in
   related fields"
   ... here most about TD
   ... "4.1 Secure Practices for designing a Thing Description"
   ... section 8
   ... no summary yet
   ... lot of work to do
   ... fine with going with this as a FP Note?
   ... Elena, could you create a PR on management?
   ... let's ask the group for review on Wednesday, Oct. 25
   ... please state issues by Wednesday
   ... I'm OK with this published as a first Note
   ... ready or not?

   barry: let's start the review

   uday: would leave the majority
   ... fine as the first draft

   mccool: Zoltan?

   zoltan: think mature as a first draft

   mccool: ok
   ... let's move forward
   ... if there are too many issues on Wednesday, let's have
   discussion at TPAC

   elena: Matthias's comment?

   mccool: you can ask him to review the latest draft

   <McCool>
   [23]https://rawgit.com/w3c/wot-security/working/index.html#exam
   ples-of-wot-security-configurations

     [23] https://rawgit.com/w3c/wot-security/working/index.html#examples-of-wot-security-configurations

   mccool: let's see if there is anything to be merged before the
   publication

   <inserted> kaz: we should merge all the changes to the master
   branch before asking the whole group for publication approval

   <McCool> McCool: I will merge changes to master branch, then
   send email to group pointing at result as RC

   <McCool> ... after Elena changes Mgm API -> Management
   Interface

ISSUE 46

   [24]issue 46 on "Reference Fetch standard in addition to CORS"

     [24] https://github.com/w3c/wot-security/issues/46

   mccool: stay open

ISSUE 44

   [25]issue 44 on "Make links to the WoT Terminology from the WoT
   Architecture document"

     [25] https://github.com/w3c/wot-security/issues/44

   mccool: how to refer definitions from external files?
   ... using ReSpec

   zoltan: you can do that in ReSpec
   ... attach tags
   ... link to external documents
   ... you can remove definitions inside the draft later

ISSUE 41

   [26]issue 41 on "Clean up Security Objectives section"

     [26] https://github.com/w3c/wot-security/issues/41

   mccool: can close it?

   elena: ok

   mccool: closed issue 41

ISSUE 40

   [27]issue 40 on "Align Threat model with IETF IoT RFC"

     [27] https://github.com/w3c/wot-security/issues/40

   mccool: assign to Elena

ISSUE 32

   [28]issue 32 on " Cite WoT Architecture Doc in Intro"

     [28] https://github.com/w3c/wot-security/issues/32

   mccool: done
   ... closes the issue 32

NDSS DISS workshop

   mccool: CFP done
   ... working on logistics for white paper

AOB

   mccool: working on POC
   ... a few things to discuss on security
   ... after TPAC, concrete discussion on security
   ... the goal is using TLS, etc., for the interface
   ... CoAPS, HTTPS, etc.
   ... anything else?

   elena: nothing from me

   mccool: ok
   ... the next meeting should be the last one before TPAC
   ... (creating a new issue)

   [29]issue 48 on "Review Security Learnings from TPAC2017"

     [29] https://github.com/w3c/wot-security/issues/48

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [30]scribe.perl version
    1.152 ([31]CVS log)
    $Date: 2017/11/01 00:12:59 $

     [30] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [31] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 1 November 2017 00:15:28 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 1 November 2017 00:15:29 UTC