W3C home > Mailing lists > Public > public-wot-wg@w3.org > September 2017

[wot-security] minutes - 18 September 2017

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 26 Sep 2017 11:33:46 +0900
Message-ID: <CAJ8iq9VNsf8nuu8EysKwFU4mdQ-Z2WUrwTB8PWa=q31STSKu=A@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:

also as text below.





      [1] http://www.w3.org/

                               - DRAFT -

                           WoT IG - Security

18 Sep 2017


      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

   See also: [3]IRC log

      [3] http://www.w3.org/2017/09/18-wot-sec-irc


          Kaz_Ashimura, Elena_Reshetova, Michael_McCool,
          Zoltan_Kis, Barry_Leiba




     * [4]Topics
         1. [5]Agenda
         2. [6]Workshop update
         3. [7]PR
         4. [8]Previous minutes
         5. [9]Security draft
     * [10]Summary of Action Items
     * [11]Summary of Resolutions

   <scribe> scribenick: kaz

   [12]prev minutes

     [12] https://www.w3.org/2017/09/11-wot-sec-minutes.html

   elena: wondering about the workshop thing

   mccool: IEEE S&P
   ... will discuss


   WoT Security and Privacy Considerations

   Document status and issue review

   Security sections in other documents

   Document status and issue review

   IoT Conference workshop update

   NDSS proposal accepted

   IEEE S&P deadline: Sept 20

   Other work items


   mccool: workshop first

Workshop update

   mccool: NDSS proposal
   ... submitted one and accepted
   ... Decentralized IoT Security and Standards
   ... submitted in parallel
   ... had a meeting
   ... to merge the two proposals
   ... fundamental issue for WoT is interoperability
   ... security for multiple interoperable implementations
   ... added a couple of topics
   ... 3 points
   ... Carsten, co-Chair
   ... similar proposal on TLS
   ... not our primary objective
   ... not optimal but still worth presenting our paper
   ... get discussion there
   ... could get people interested there
   ... networking purposes
   ... question is if we would like to submit a proposal for IEEE
   S&P as well
   ... deadline Sep. 20
   ... can tune it up
   ... but should I?

   barry: think we should
   ... target which help our work

   mccool: right
   ... but some concern
   ... keep it different from NDSS
   ... any other comments?
   ... can submit a proposal asis
   ... more security people anyhow
   ... any suggestions?
   ... will circulate the proposal
   ... need to wrap up the proposal within 48h
   ... you can edit the proposal on Google doc
   ... let me know about your Google account
   ... will send invitation to you

   mccool: so we'll do this


   [13]Elena's PR

     [13] https://github.com/w3c/wot-security/pull/8

   elena: goes through it
   ... had discussion with Matthias the other day
   ... adding pictures

   mccool: rendered version?


     [14] https://rawgit.com/ereshetova/wot-security/working/index.html

   kaz: does the above rawgit work fine?

   mccool: fine
   ... contents extracted from the TD draft
   ... will work on the pull request
   ... one document for security
   ... summary within TD, etc.

   elena: when to have more concrete content?

   mccool: Thing Description management
   ... threat model should go here (Recommended Security
   ... publish this as a Note
   ... and put the threat model into it

   elena: no text under 2.3 yet
   ... 2.3 Determining a suitable security architecture

   mccool: we should put the material here inline
   ... need TODOs as Editor's Note

   elena: this is a working branch, not the main branch

   mccool: pull request on the working branch
   ... will add a tag
   ... (adds a tag, "TDmaterial" to the working branch content)
   ... (also a branch, "TDmaterial")
   ... (merges the pull request 8 and add a comment to the pull
   ... OK, but we probably want to pull back in the TD material,
   so I branched as TDmaterial"
   ... any procedure to add Elena as an Editor?

   zoltan: you can create a pull request for that?

   mccool: ok
   ... will create a pull request then
   ... we can update the link for the threat model

   elena: can we keep the threat model content a separate file?

   mccool: there is a trade-off
   ... also should think about the references
   ... some of the references should go into the draft


     [15] https://github.com/w3c/wot-security/blob/master/wot-security-references.md

   mccool: will create a pull request to put the thread model
   ... note that I'm working on the master branch and the working
   ... on the working branch, will put the contents from the MD
   files into the index.html file
   ... let's see an example of the TD repo
   ... or the architecture

   [16]Arechitecture draft on GitHub

     [16] https://w3c.github.io/wot-architecture/

   mccool: we have summary in the main docs
   ... remove the Editor's note and put text that we're working on
   a separate security doc

Previous minutes

   mccool: let's go back to the prev minutes

   [17]prev minutes

     [17] https://www.w3.org/2017/09/11-wot-sec-minutes.html

   mccool: CSS file for a WG Note

   kaz: we can put "WG-NOTE" instead of WD/ED for respec
   ... but we can keep "Editor's Draft" for the index.html on
   ... and I can change the CSS to "WG-NOTE" when we publish the
   draft as a WG Note

   [18]example of WG Note

     [18] https://www.w3.org/TR/EARL10-Schema/

   mccool: will also see that
   ... can we accept the minutes?

   (no objections)

   mccool: ok

Security draft

   mccool: Abstract is missing
   ... Elena, do you want to put a stab?
   ... it's the first thing people will read
   ... we should submit pull requests for the structure and the
   individual sections
   ... each section can have one pull request
   ... will do mechanical edit to include MD file content
   ... and Elena will look into the Abstract
   ... and then section restructure
   ... if there is any conflict, we'll sort that out

   elena: comments welcome for the structure

   mccool: where the best practices come from


Summary of Action Items

Summary of Resolutions

   [End of minutes]

    Minutes formatted by David Booth's [19]scribe.perl version
    1.152 ([20]CVS log)
    $Date: 2017/09/18 13:20:41 $

     [19] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [20] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 26 September 2017 02:34:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:48 UTC