- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Thu, 6 Dec 2018 11:14:21 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2018/11/19-wot-sec-minutes.html
also as text below.
Thanks a lot for taking these minutes, Zoltan!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
19 Nov 2018
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Yosuke_Nakamura, Tomoaki_Mizushima, Zoltan_Kis
Regrets
Chair
McCool
Scribe
zolkis
Contents
* [2]Topics
1. [3]Publication status
2. [4]PR #155 for Scripting API
3. [5]issues
4. [6]past minutes
5. [7]Actions
6. [8]issue #98 (closed)
7. [9]issue #120
8. [10]https://github.com/w3c/wot-security/issues/118
9. [11]https://github.com/w3c/wot-security/issues/115
10. [12]https://github.com/w3c/wot-security/issues/100
11. [13]https://github.com/w3c/wot-security/issues/81
12. [14]https://github.com/w3c/wot-security/issues/80
13. [15]https://github.com/w3c/wot-security/issues/75
14. [16]https://github.com/w3c/wot-security/issues/97
15. [17]https://github.com/w3c/wot-security/issues/71
16. [18]https://github.com/w3c/wot-security/issues/59
17. [19]https://github.com/w3c/wot-security/issues/70
* [20]Summary of Action Items
* [21]Summary of Resolutions
__________________________________________________________
<kaz> scribenick: zolkis
Publication status
Kaz: after publication of Scripting API will deal with the
Security Note
... question about (sub)directory structure on how to arrange
versions
McCool: send an email, will check
Kaz: the Changes section needs updating, include link to the
auto-generated diff
<inserted> [22]Kaz's message on publication preparation
[22] https://lists.w3.org/Archives/Member/member-wot-wg/2018Nov/0023.html
McCool: will check
PR #155 for Scripting API
[23]https://github.com/w3c/wot-scripting-api/pull/155/files
[23] https://github.com/w3c/wot-scripting-api/pull/155/files
Zoltan: Runtime would need a separate Note because it has
network facing API and also an optional Scripting runtime
McCool: it should contain Scripting related stuff
... management API is out of scope for Scripting
... provisioning is also out of scope
... we consider Scripting in secure operational state
Elena: about half of the recommendations are generic Runtime
stuff
... Scripting is optional so the generic Runtime considerations
maybe should be elsewhere
... maybe the Architecture document
McCool: let's keep it with a changed context: scripting runtime
considerations, not generic runtime considerations
Zoltan: there should be place also for the generic Runtime
considerations, including how to get to the secure operational
state
Elena: could return to separate runtime vs scripting runtime
threats
McCool: maybe we partition it so that runtime is separate so
that we could remove it
Elena: should we discuss with the group
McCool: let's re-structure this PR in two parts: generic and
scripting specific security considerations, and later move out
the generic part elsewhere
Zoltan: fine with that
... argues for the need of making a Runtime Note including how
to set up WoT (secure operating environment) including
provisioning
McCool: let's finish this PR now and deal with this later.
Let's discuss in the main call. Could add an Editor's Note
about this
... added it as a topic for the main call
issues
past minutes
<McCool> [24]https://github.com/w3c/wot-scripting-api/pull/155
[24] https://github.com/w3c/wot-scripting-api/pull/155
<kaz> [25]previous minutes
[25] https://www.w3.org/2018/11/12-wot-sec-minutes.html
McCool walks through security related TD PR's
scribe: linked from the last minutes
McCool: any change suggestions for the past minutes?
... no: accept it
Actions
McCool walking through the action points
<kaz> [26]Security Actions
[26] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions
in the WoT wiki, on the IG Security WebConf page
McCool updating the Actions section
scribe: created the PR for security definitions, not done yet
... it was merged as work in progress, so needs updating
... the technical problem was that security definitions are
objects but one cannot use security schemes inside those;
wanted to allow both names and security definitions, but was
not sure how ontology allowed that
McCool: asks for suggestions how to get around the problem
above
no other issues to bring up
issue #98 (closed)
<kaz> [27]issue 98
[27] https://github.com/w3c/wot-security/issues/98
URI templates
McCool: don't think we can put URI templates in security
definitions
... any comments about the issue?
... no, the issue stays closed
issue #120
this was PR'd into TD spec, so closing it
<kaz> [28]issue 120
[28] https://github.com/w3c/wot-security/issues/120
McCool: creating a new issue to track the remaining problem
[29]new issue 122
[29] https://github.com/w3c/wot-security/issues/122
[30]https://github.com/w3c/wot-security/issues/118
[30] https://github.com/w3c/wot-security/issues/118
<scribe> closed it with a comment
[31]https://github.com/w3c/wot-security/issues/115
[31] https://github.com/w3c/wot-security/issues/115
has been merged in TD spec
closing
[32]https://github.com/w3c/wot-security/issues/100
[32] https://github.com/w3c/wot-security/issues/100
McCool: some of this has been done and merged in the TD spec
... looks like sufficient to close the issue
[33]https://github.com/w3c/wot-security/issues/81
[33] https://github.com/w3c/wot-security/issues/81
has been addressed, so closing it
[34]https://github.com/w3c/wot-security/issues/80
[34] https://github.com/w3c/wot-security/issues/80
[35]https://github.com/w3c/wot-security/issues/75
[35] https://github.com/w3c/wot-security/issues/75
closing
[36]https://github.com/w3c/wot-security/issues/97
[36] https://github.com/w3c/wot-security/issues/97
closing
[37]https://github.com/w3c/wot-security/issues/71
[37] https://github.com/w3c/wot-security/issues/71
closing because the one raising it has not commented, and the
issue has been addressed
[38]https://github.com/w3c/wot-security/issues/59
[38] https://github.com/w3c/wot-security/issues/59
<scribe> closed
will create new issue for the next plugfest
[39]https://github.com/w3c/wot-security/issues/70
[39] https://github.com/w3c/wot-security/issues/70
has been addressed in the TD spec, closing
McCool: continued working on Testing and Validation
... particularly penetration testing
... maybe next week will write a draft and then discuss it
during the next call
see PR 290 on TD spec
[40]https://github.com/w3c/wot-thing-description/pull/290
[40] https://github.com/w3c/wot-thing-description/pull/290
McCool: closed the meeting
Elena: will prepare the Runtime issue for discussion on the
main call this week
McCool: meeting adjourned
Summary of Action Items
See [41]the Action wiki.
[41] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [42]scribe.perl version 1.154 ([43]CVS log)
$Date: 2018/12/06 02:10:58 $
[42] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[43] http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 6 December 2018 02:15:24 UTC