- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 15 Jan 2018 23:48:44 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2018/01/08-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
08 Jan 2018
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
Attendees
Present
Kaz_Ashimura, Elena_Reshetova, Michael_McCool,
Tomoaki_Mizushima, Michael_Koster, zkis
Regrets
Chair
McCool
Scribe
kaz
Contents
* [3]Topics
1. [4]Agenda
2. [5]NDSS workshop
3. [6]IoT semantic interop ws
4. [7]WoT Security and Privacy Considerations
5. [8]Issues
6. [9]prev minutes
* [10]Summary of Action Items
* [11]Summary of Resolutions
__________________________________________________________
Agenda
previous minutes:
[12]https://www.w3.org/2017/12/18-wot-sec-minutes.html
[12] https://www.w3.org/2017/12/18-wot-sec-minutes.html
[13]Soumya's message
[13] https://lists.w3.org/Archives/Public/public-wot-ig/2018Jan/0000.html
mccool: one more meeting before Elena leaving
... need to talk about plugfest planning
... and f2f planning
elena: when/where?
mccool: in March in Prague
... OCF meeting (March 19-23)
... WoT PlugFest (March 24-25)
... WoT f2f (March 26-29)
... plugfest call will be held on Wed (Jan 10)
... can show slides
... on possible support for TLS, etc.
... not everyone is aware of security (at the moment)
elena: should take a look from security viewpoint
... e.g., sensor/actuator within some network and application
from outside
mccool: right
... TLS and tokens
... among OAuth
elena: how normally PlugFests set up/down?
... can we see the high-level scenario?
mccool: still on planning phase
... personally want to see security aspects
... how to generalize multiple participants
... so far we didn't consider security
... but we have to go beyond that
elena: if we put too much it wouldn't be accomplished
mccool: right
... might want to start with simple provisioning
... there is more specific things to do
... one discussion we had during the scripting call is
affection of security information to the metadata
... set up out of bound
zoltan: provisioning is not part of the current scripting api
mccool: how can we prototype?
... need to document it
<zkis> provisioning may be covered by a scripting API with a
different entry point than the WoT API
mccool: (shows the 2018-prague area for plugfest)
... (and then 2017-burlingame area)
[14]2017-burlingame area
[14] https://github.com/w3c/wot/blob/master/plugfest/2017-burlingame
[15]latest slides
[15] https://github.com/w3c/wot/blob/master/plugfest/2017-burlingame/PlugfestForNext171213.pdf
(to be merged with the HTML)
mccool: [p5. Issues for the next]
... issues here
... TD distribution and management should be done in a secure
manner
... this week (on Wed) we should have more detailed discussion
... would accomplish voice interface
... all the stuff inside a secure mechanism
... that's my preference
kostelena: we should put all of them together
NDSS workshop
mccool: paper on the queue
... and still under review
IoT semantic interop ws
mccool: another topic on the queue
... negotiating with the NDSS co-Chair for submitting a paper
to this ws
*Important Dates*
Paper submission deadline: February 28, 2018
Acceptance Notification: March 31, 2018
Camera-Ready Paper Submission: April 30, 2018
]]
mccool: thinking about security aspects
... semantic tagging for security
... policy information marked up by semantic tagging
... let me know if you have any ideas
... this workshop itself is more about semantic
interoperability
WoT Security and Privacy Considerations
mccool: need to see the Editor's notes
... create GitHub issues based on those notes
kaz: maybe I should check the possible difference between the
publication version and the Editor's draft just to make sure
mccool: (shows pullrequest 62)
[16]pullrequest 62
[16] https://github.com/w3c/wot-security/pull/62
[17]files changed
[17] https://github.com/w3c/wot-security/pull/62/files
mccool: conversion from "Thing" to "System" seems ok
... (browses some more keywords, e.g., "System Maintainer",
"Security Owner")
... have to read through all the changes before merging
... and another pullrequest 37
[18]pullrequest 37
[18] https://github.com/w3c/wot-security/pull/37
[19]file changed
[19] https://github.com/w3c/wot-security/pull/37/files
mccool: need to check with Dave
... (add a comment to the issue 37)
... regarding pullrequest 62, I'll check all the changes
including the threat model with IETF IoT RFC #40
... Kaz, can you check the diff between the Editor's draft
(master branch) and the published version?
kaz: will quickly do
mccool: will review the PRs
... and accept them (if it's ok)
... we should be thinking about security for plugfest
... also will review the security document
Issues
mccool: got a comment from Wendy
[20]issue 61
[20] https://github.com/w3c/wot-security/issues/61
mccool: will respond to Wendy
... (goes through other issues)
[21]issue 59
[21] https://github.com/w3c/wot-security/issues/59
[22]issue 39
[22] https://github.com/w3c/wot-security/issues/39
mccool: maybe can assign issue 39 to Elena
[23]issue 36
[23] https://github.com/w3c/wot-security/issues/36
mccool: will check with Dave
prev minutes
[24]prev minutes
[24] https://www.w3.org/2017/12/18-wot-sec-minutes.html
mccool: any objections to accept the minutes?
(none)
[adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [25]scribe.perl version
1.152 ([26]CVS log)
$Date: 2018/01/15 14:09:19 $
[25] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[26] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 15 January 2018 14:49:52 UTC