[wot-security] minutes - 19 November 2018

available at:
  https://www.w3.org/2018/11/19-wot-sec-minutes.html

also as text below.

Thanks a lot for taking these minutes, Zoltan!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

19 Nov 2018

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Yosuke_Nakamura, Tomoaki_Mizushima, Zoltan_Kis

   Regrets

   Chair
          McCool

   Scribe
          zolkis

Contents

     * [2]Topics
         1. [3]Publication status
         2. [4]PR #155 for Scripting API
         3. [5]issues
         4. [6]past minutes
         5. [7]Actions
         6. [8]issue #98 (closed)
         7. [9]issue #120
         8. [10]https://github.com/w3c/wot-security/issues/118
         9. [11]https://github.com/w3c/wot-security/issues/115
        10. [12]https://github.com/w3c/wot-security/issues/100
        11. [13]https://github.com/w3c/wot-security/issues/81
        12. [14]https://github.com/w3c/wot-security/issues/80
        13. [15]https://github.com/w3c/wot-security/issues/75
        14. [16]https://github.com/w3c/wot-security/issues/97
        15. [17]https://github.com/w3c/wot-security/issues/71
        16. [18]https://github.com/w3c/wot-security/issues/59
        17. [19]https://github.com/w3c/wot-security/issues/70
     * [20]Summary of Action Items
     * [21]Summary of Resolutions
     __________________________________________________________

   <kaz> scribenick: zolkis

Publication status

   Kaz: after publication of Scripting API will deal with the
   Security Note
   ... question about (sub)directory structure on how to arrange
   versions

   McCool: send an email, will check

   Kaz: the Changes section needs updating, include link to the
   auto-generated diff

   <inserted> [22]Kaz's message on publication preparation

     [22] https://lists.w3.org/Archives/Member/member-wot-wg/2018Nov/0023.html

   McCool: will check

PR #155 for Scripting API

   [23]https://github.com/w3c/wot-scripting-api/pull/155/files

     [23] https://github.com/w3c/wot-scripting-api/pull/155/files

   Zoltan: Runtime would need a separate Note because it has
   network facing API and also an optional Scripting runtime

   McCool: it should contain Scripting related stuff
   ... management API is out of scope for Scripting
   ... provisioning is also out of scope
   ... we consider Scripting in secure operational state

   Elena: about half of the recommendations are generic Runtime
   stuff
   ... Scripting is optional so the generic Runtime considerations
   maybe should be elsewhere
   ... maybe the Architecture document

   McCool: let's keep it with a changed context: scripting runtime
   considerations, not generic runtime considerations

   Zoltan: there should be place also for the generic Runtime
   considerations, including how to get to the secure operational
   state

   Elena: could return to separate runtime vs scripting runtime
   threats

   McCool: maybe we partition it so that runtime is separate so
   that we could remove it

   Elena: should we discuss with the group

   McCool: let's re-structure this PR in two parts: generic and
   scripting specific security considerations, and later move out
   the generic part elsewhere

   Zoltan: fine with that
   ... argues for the need of making a Runtime Note including how
   to set up WoT (secure operating environment) including
   provisioning

   McCool: let's finish this PR now and deal with this later.
   Let's discuss in the main call. Could add an Editor's Note
   about this
   ... added it as a topic for the main call

issues

past minutes

   <McCool> [24]https://github.com/w3c/wot-scripting-api/pull/155

     [24] https://github.com/w3c/wot-scripting-api/pull/155

   <kaz> [25]previous minutes

     [25] https://www.w3.org/2018/11/12-wot-sec-minutes.html

   McCool walks through security related TD PR's

   scribe: linked from the last minutes

   McCool: any change suggestions for the past minutes?
   ... no: accept it

Actions

   McCool walking through the action points

   <kaz> [26]Security Actions

     [26] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions

   in the WoT wiki, on the IG Security WebConf page

   McCool updating the Actions section

   scribe: created the PR for security definitions, not done yet
   ... it was merged as work in progress, so needs updating
   ... the technical problem was that security definitions are
   objects but one cannot use security schemes inside those;
   wanted to allow both names and security definitions, but was
   not sure how ontology allowed that

   McCool: asks for suggestions how to get around the problem
   above

   no other issues to bring up

issue #98 (closed)

   <kaz> [27]issue 98

     [27] https://github.com/w3c/wot-security/issues/98

   URI templates

   McCool: don't think we can put URI templates in security
   definitions
   ... any comments about the issue?
   ... no, the issue stays closed

issue #120

   this was PR'd into TD spec, so closing it

   <kaz> [28]issue 120

     [28] https://github.com/w3c/wot-security/issues/120

   McCool: creating a new issue to track the remaining problem

   [29]new issue 122

     [29] https://github.com/w3c/wot-security/issues/122

[30]https://github.com/w3c/wot-security/issues/118

     [30] https://github.com/w3c/wot-security/issues/118

   <scribe> closed it with a comment

[31]https://github.com/w3c/wot-security/issues/115

     [31] https://github.com/w3c/wot-security/issues/115

   has been merged in TD spec

   closing

[32]https://github.com/w3c/wot-security/issues/100

     [32] https://github.com/w3c/wot-security/issues/100

   McCool: some of this has been done and merged in the TD spec
   ... looks like sufficient to close the issue

[33]https://github.com/w3c/wot-security/issues/81

     [33] https://github.com/w3c/wot-security/issues/81

   has been addressed, so closing it

[34]https://github.com/w3c/wot-security/issues/80

     [34] https://github.com/w3c/wot-security/issues/80

[35]https://github.com/w3c/wot-security/issues/75

     [35] https://github.com/w3c/wot-security/issues/75

   closing

[36]https://github.com/w3c/wot-security/issues/97

     [36] https://github.com/w3c/wot-security/issues/97

   closing

[37]https://github.com/w3c/wot-security/issues/71

     [37] https://github.com/w3c/wot-security/issues/71

   closing because the one raising it has not commented, and the
   issue has been addressed

[38]https://github.com/w3c/wot-security/issues/59

     [38] https://github.com/w3c/wot-security/issues/59

   <scribe> closed

   will create new issue for the next plugfest

[39]https://github.com/w3c/wot-security/issues/70

     [39] https://github.com/w3c/wot-security/issues/70

   has been addressed in the TD spec, closing

   McCool: continued working on Testing and Validation
   ... particularly penetration testing
   ... maybe next week will write a draft and then discuss it
   during the next call

   see PR 290 on TD spec

   [40]https://github.com/w3c/wot-thing-description/pull/290

     [40] https://github.com/w3c/wot-thing-description/pull/290

   McCool: closed the meeting

   Elena: will prepare the Runtime issue for discussion on the
   main call this week

   McCool: meeting adjourned

Summary of Action Items

   See [41]the Action wiki.

     [41] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [42]scribe.perl version 1.154 ([43]CVS log)
    $Date: 2018/12/06 02:10:58 $

     [42] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [43] http://dev.w3.org/cvsweb/2002/scribe/

Received on Thursday, 6 December 2018 02:15:24 UTC