W3C home > Mailing lists > Public > public-wot-wg@w3.org > January 2018

[wot-security] 8 January 2018

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 15 Jan 2018 23:48:44 +0900
Message-ID: <CAJ8iq9V+hUkJSgJ1aOSorf8e=GqiWOkiJZwBVQVcaCPe16_9uA@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
  https://www.w3.org/2018/01/08-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

08 Jan 2018

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

Attendees

   Present
          Kaz_Ashimura, Elena_Reshetova, Michael_McCool,
          Tomoaki_Mizushima, Michael_Koster, zkis

   Regrets
   Chair
          McCool

   Scribe
          kaz

Contents

     * [3]Topics
         1. [4]Agenda
         2. [5]NDSS workshop
         3. [6]IoT semantic interop ws
         4. [7]WoT Security and Privacy Considerations
         5. [8]Issues
         6. [9]prev minutes
     * [10]Summary of Action Items
     * [11]Summary of Resolutions
     __________________________________________________________

Agenda

   previous minutes:
   [12]https://www.w3.org/2017/12/18-wot-sec-minutes.html

     [12] https://www.w3.org/2017/12/18-wot-sec-minutes.html

   [13]Soumya's message

     [13] https://lists.w3.org/Archives/Public/public-wot-ig/2018Jan/0000.html

   mccool: one more meeting before Elena leaving
   ... need to talk about plugfest planning
   ... and f2f planning

   elena: when/where?

   mccool: in March in Prague
   ... OCF meeting (March 19-23)
   ... WoT PlugFest (March 24-25)
   ... WoT f2f (March 26-29)
   ... plugfest call will be held on Wed (Jan 10)
   ... can show slides
   ... on possible support for TLS, etc.
   ... not everyone is aware of security (at the moment)

   elena: should take a look from security viewpoint
   ... e.g., sensor/actuator within some network and application
   from outside

   mccool: right
   ... TLS and tokens
   ... among OAuth

   elena: how normally PlugFests set up/down?
   ... can we see the high-level scenario?

   mccool: still on planning phase
   ... personally want to see security aspects
   ... how to generalize multiple participants
   ... so far we didn't consider security
   ... but we have to go beyond that

   elena: if we put too much it wouldn't be accomplished

   mccool: right
   ... might want to start with simple provisioning
   ... there is more specific things to do
   ... one discussion we had during the scripting call is
   affection of security information to the metadata
   ... set up out of bound

   zoltan: provisioning is not part of the current scripting api

   mccool: how can we prototype?
   ... need to document it

   <zkis> provisioning may be covered by a scripting API with a
   different entry point than the WoT API

   mccool: (shows the 2018-prague area for plugfest)
   ... (and then 2017-burlingame area)

   [14]2017-burlingame area

     [14] https://github.com/w3c/wot/blob/master/plugfest/2017-burlingame

   [15]latest slides

     [15] https://github.com/w3c/wot/blob/master/plugfest/2017-burlingame/PlugfestForNext171213.pdf

   (to be merged with the HTML)

   mccool: [p5. Issues for the next]
   ... issues here
   ... TD distribution and management should be done in a secure
   manner
   ... this week (on Wed) we should have more detailed discussion
   ... would accomplish voice interface
   ... all the stuff inside a secure mechanism
   ... that's my preference

   kostelena: we should put all of them together

NDSS workshop

   mccool: paper on the queue
   ... and still under review

IoT semantic interop ws

   mccool: another topic on the queue
   ... negotiating with the NDSS co-Chair for submitting a paper
   to this ws



   *Important Dates*

   Paper submission deadline: February 28, 2018

   Acceptance Notification: March 31, 2018

   Camera-Ready Paper Submission: April 30, 2018

   ]]

   mccool: thinking about security aspects
   ... semantic tagging for security
   ... policy information marked up by semantic tagging
   ... let me know if you have any ideas
   ... this workshop itself is more about semantic
   interoperability

WoT Security and Privacy Considerations

   mccool: need to see the Editor's notes
   ... create GitHub issues based on those notes

   kaz: maybe I should check the possible difference between the
   publication version and the Editor's draft just to make sure

   mccool: (shows pullrequest 62)

   [16]pullrequest 62

     [16] https://github.com/w3c/wot-security/pull/62

   [17]files changed

     [17] https://github.com/w3c/wot-security/pull/62/files

   mccool: conversion from "Thing" to "System" seems ok
   ... (browses some more keywords, e.g., "System Maintainer",
   "Security Owner")
   ... have to read through all the changes before merging
   ... and another pullrequest 37

   [18]pullrequest 37

     [18] https://github.com/w3c/wot-security/pull/37

   [19]file changed

     [19] https://github.com/w3c/wot-security/pull/37/files

   mccool: need to check with Dave
   ... (add a comment to the issue 37)
   ... regarding pullrequest 62, I'll check all the changes
   including the threat model with IETF IoT RFC #40
   ... Kaz, can you check the diff between the Editor's draft
   (master branch) and the published version?

   kaz: will quickly do

   mccool: will review the PRs
   ... and accept them (if it's ok)
   ... we should be thinking about security for plugfest
   ... also will review the security document

Issues

   mccool: got a comment from Wendy

   [20]issue 61

     [20] https://github.com/w3c/wot-security/issues/61

   mccool: will respond to Wendy
   ... (goes through other issues)

   [21]issue 59

     [21] https://github.com/w3c/wot-security/issues/59

   [22]issue 39

     [22] https://github.com/w3c/wot-security/issues/39

   mccool: maybe can assign issue 39 to Elena

   [23]issue 36

     [23] https://github.com/w3c/wot-security/issues/36

   mccool: will check with Dave

prev minutes

   [24]prev minutes

     [24] https://www.w3.org/2017/12/18-wot-sec-minutes.html

   mccool: any objections to accept the minutes?

   (none)

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [25]scribe.perl version
    1.152 ([26]CVS log)
    $Date: 2018/01/15 14:09:19 $

     [25] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [26] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 15 January 2018 14:49:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:49 UTC