- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 17 Apr 2018 21:53:18 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at: https://www.w3.org/2018/04/09-wot-sec-minutes.html also as text below. Thanks a lot for taking these minutes, Soumya! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 09 Apr 2018 [2]Agenda [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda Attendees Present Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Michael_Koster, Soumya_Kanti_Datta, Kazuaki_Nimura, Tomoaki_Mizushima, Barry_Leiba, Zoltan_Kis Regrets Chair McCool Scribe Soumya Contents * [3]Topics 1. [4]Previous minutes 2. [5]NDSS paper 3. [6]Pullrequests 4. [7]Planning 5. [8]issues * [9]Summary of Action Items * [10]Summary of Resolutions __________________________________________________________ <kaz> scribenick: Soumya Previous minutes <McCool> [11]https://www.w3.org/2018/03/19-wot-sec-minutes.html [11] https://www.w3.org/2018/03/19-wot-sec-minutes.html mccool: talks about prev minutes ... shows the agenda ... accepts the minutes, no objections heard, minutes accepted. NDSS paper mccool: note - tomorrow is the final deadline for NDSS paper ... already uploaded, 24 hour for any last min changes <McCool> [12]https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-di ss-008.pdf [12] https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-diss-008.pdf mccool: overview of changes ... identify for things, brought up the issue in the paper, potential issues for privacy ... asks the participants to review ... discusses new additions to the wot-sec paper in NDSS workshops ... discussion on tokens for RBAC <Zakim> kaz, you wanted to wonder about the URLs for WoT drafts <kaz> ACTION: kaz to provide updated/correct URLs for the WoT drafts Pullrequests mccool: next topic is two PRs ... we have choice in order of acceptance ... quickly review the changes in security metadata ... merge as it elena: main doc will have lifecycle drawing from Matthias mccool: someone may have committed directly in master branch on lifecycle <kaz> [13]pullrequest 88 [13] https://github.com/w3c/wot-security/pull/88 mccool: need a common master, changes can be done later ... simple changes related to JSON LD 1.1 ... discussing PR 88 koster, mccool: discussion on authentication and authorization koster: kerboros and openAPI follow diff things, have to be careful ... authorization is the correct term, when authentication comes - things might get complicated mccool: shows the changes in TD example regarding security metadata <McCool> [14]https://github.com/mmccool/wot-security/blob/f007a7309a6ac3 aeb14f1200fc21a9b33c386038/wot-security-metadata.md [14] https://github.com/mmccool/wot-security/blob/f007a7309a6ac3aeb14f1200fc21a9b33c386038/wot-security-metadata.md mccool: token - highlight bearer or pop ... added that in metadata ... thinking about profile for admin, security configuration ... diff config for diff protocols ... not sure how to deal with that and scopes in case of oauth ... could give scope and lookup scope from a listing ... might be complicated elena: still can implement this, might not need it yet, not do anything about it yet mccool: syntax change to be addressed first ... then consider roles (if we need) elena: not sure how to define roles ... what types of roles make sense mccool: current example not ready for merging ... should be inline with new TD, need some cleaning ... would like to merge the other PR ... showing PR 87 ... any objection from anyone? none heard mccool: merges it ... other PR is going on working branch <kaz> [15]pullrequest 87 [15] https://github.com/w3c/wot-security/pull/87 Planning mccool: asks about any additional topic for 'what next?' barry gives IETF WG names TEEP, SUIT mccool: going into lifecycle ... matthias is creating a general version of lifecycle? elena: yes, adapt to that ... it was agreed in last f2f mccool: discuss more on next IG/WG call ... testing and validation ... created some notes on this ... asks barry to walk us through the ietf wgs ... request a security review from w3c sec group kaz points out that it is an IG mccool: need external security review but not yet there ... need a version ready to review ... need to start planning for next plugfest ... asks barry about IETF WGs barry: can write and post in the MLs ... teep is aimed at the idea that execution env in a device is divided into trusted and untrusted env. driven by ARM and Intel ... SUIT - keep software updated for IoT ... relationship b/w is - proposed in the same time and have some overlaps mccool: capture some writeup in a md file barry: agrees mccool: goes to testing and validation ... shows a github page for this ... penetration testing ... ... pick a suite that makes sense there ... sec review to be included elena: wot certified test suite? mccool: markup (must, should, may) and test suites ... go through normative specs, mark (must, should, may) ... testing ontologies (out of scope) <McCool> [16]initial testing content [16] https://github.com/w3c/wot/pull/439 mccool: asks for review ... discuss more on wednesday issues mccool: initial content for industrial infrastructure ... shows an issue <kaz> [17]issue 21 [17] https://github.com/w3c/wot-security/issues/21 mccool: try to capture requirements in an industrial use case mccool, elena discusses if industrial a strict superset of enterprise koster asks the definition of industrial or enterprise mccool: looks at issue tracker elena: complete some pending tasks mccool: suggests creating a PR ... next time - retire some issues <kaz> [18]e.g., issue 65 [18] https://github.com/w3c/wot-security/issues/65 mccool: AOB? meeting adjourned ... Summary of Action Items [NEW] ACTION: kaz to provide updated/correct URLs for the WoT drafts [NEW] ACTION: barry to provide information on 2 new IETF groups (TEEP, SUIT) [NEW] ACTION: mccool to talk with security guys about testing/validation timeline Summary of Resolutions [End of minutes] __________________________________________________________ Minutes formatted by David Booth's [19]scribe.perl version 1.152 ([20]CVS log) $Date: 2018/04/17 12:48:38 $ [19] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [20] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 17 April 2018 12:54:28 UTC