W3C home > Mailing lists > Public > public-wot-wg@w3.org > January 2018

[wot-security] 18 December 2017

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 9 Jan 2018 00:08:45 +0900
Message-ID: <CAJ8iq9V40Ny-MWo82=8wsmLBAeeNQYKVp6PnF00FOU-JgVUtXA@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:

also as text below.





      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

18 Dec 2017


          Michael_McCool, Kaz_Ashimura, Tomoaki_Mizushima




     * [2]Topics
         1. [3]prev minutes
     * [4]Summary of Action Items
     * [5]Summary of Resolutions

prev minutes

   [6]prev minutes

      [6] https://www.w3.org/2017/12/11-wot-sec-minutes.html

   kaz: if possible, we should update the URL for the security
   Note in the NDSS paper with:

      [7] https://www.w3.org/TR/2017/NOTE-wot-security-20171214/

   mccool: looking through the prev minutes
   ... one fix, number 20 should be 12
   ... CoI should be spelled out as "conflict of interest"
   ... minutes look good
   ... we published the Note on Sep. 24
   ... also NDSS paper has been submitted


      [8] https://github.com/mmccool/ndss-wot-sec/blob/submission-5/ndss-wot-sec.pdf

   <McCool> as submitted

   <McCool> [9]https://github.com/w3c/wot-security/issues/59

      [9] https://github.com/w3c/wot-security/issues/59

   mccool: we talked about issue 59 about scripting api


     [10] https://github.com/w3c/wot-scripting-api/issues/82#issuecomment-350662317

   mccool: related to scripting issue 82
   ... resolution from the scripting call

   RESOLUTION: As discussed in the meeting on Dec 18, security
   data, like protocol bindings, need to be provided when the
   Thing is provisioned, eg when the Thing runtime is set up. The
   scripting API only deals with actions taken from "inside" a
   Thing, and so this setup is out of scope. However, for
   practical reasons, we do need to have an implementation that
   allows this information to be specified. Therefore, the
   node-wot API should be extended to support the definition of
   security metadata during setup, and this part of the API should
   be documented, but it should be made clear that this part of
   the node-wot API is non-normative.

   <McCool> consider this issue resolved now, but won't close it
   until we meet next time and can review with a larger set of

   <McCool> next meeting: Jan 8


Summary of Action Items

Summary of Resolutions

   [End of minutes]

    Minutes formatted by David Booth's [11]scribe.perl version
    1.152 ([12]CVS log)
    $Date: 2018/01/08 15:04:04 $

     [11] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [12] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 8 January 2018 15:09:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:49 UTC