[wot-security] minutes - 1 October 2018 from Kazuyuki Ashimura on 2018-10-10 (public-wot-wg@w3.org from October 2018)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Wed, 10 Oct 2018 16:14:22 +0900
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
Message-ID: <CAJ8iq9UQHoixjan5dJPF=2CXpjGCC_54f3Bq8E5yBTh+6YLB0w@mail.gmail.com>
available at:
  https://www.w3.org/2018/10/01-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

01 Oct 2018

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Tomoaki_Mizushima

   Regrets

   Chair
          McCool

   Scribe
          kaz

Contents

     * [2]Topics
         1. [3]Issue 118: Signing and encrypting body of actual
            responses of interaction pattern endpoints
         2. [4]Update from online plugfest
         3. [5]Some discussion on TPAC schedule
         4. [6]Publication plan
         5. [7]Previous minutes
     * [8]Summary of Action Items
     * [9]Summary of Resolutions
     __________________________________________________________

Issue 118: Signing and encrypting body of actual responses of
interaction pattern endpoints

   [10]issue 118

     [10] https://github.com/w3c/wot-security/issues/118

   McCool: (adds comments on the GH issue)

   [11]McCool's comment

     [11] https://github.com/w3c/wot-security/issues/118#issuecomment-425884074

   [12]McCool's 2nd comment

     [12] https://github.com/w3c/wot-security/issues/118#issuecomment-425884074

Update from online plugfest

   McCool: hard work on setting for gateway and VPN
   ... fair number of people started to work on security
   ... e.g., Panasonic working on bearer token
   ... all the stuff for the online plugfest should be kept for
   the plugfest in Lyon
   ... would see node-wot for CoAP, etc.
   ... still some ambiguity with OAuth setting
   ... we have digest, bearer and basic, for authentication
   ... so made progress for security
   ... had a couple of services for security
   ... authentication on the proxy side, etc.
   ... Matthias is also working
   ... smart home demo for OCF
   ... hoping the resources are updated
   ... fortunately succeeded to fork it
   ... kind of struggling
   ... in particular about OCF testing
   ... no open-source implementation which generates OCF
   credentials
   ... some issue with Directory service as well
   ... a lot work to do for TPAC

   Elena: do we have a scenario for demonstration?

   McCool: PlugFest planning call after the main call
   ... Lagally, etc., are interested in developing demo scenarios
   ... different set of effort for demo and testing
   ... personally think that we should get good application
   scenarios
   ... hoping we make steady progress
   ... good scenario in Lyon
   ... also dev meetup on Monday
   ... (checks the schedule during the TPAC week)

   Kaz: we need to fix the joint meetings with the other groups
   (during the WoT Chairs call)

Some discussion on TPAC schedule

   McCool: (adds information about "Conflicts and Time
   constraints" to the f2f wiki)
   ... (also put possible topics)

Publication plan

   McCool: made a PR for TD
   ... drafted security section

   [13]TD PR 207

     [13] https://github.com/w3c/wot-thing-description/pull/207

   McCool: what would be the normative content for TD security?
   ... need to go back again
   ... would like to finalize this next week
   ... also need to see what the normative assertions would be
   ... and then
   ... we have the best practices document
   ... to give suggestions
   ... and then
   ... security testing plan

   [14]testing plan

     [14] https://github.com/w3c/wot/blob/master/testing/plan.md

   McCool: much to do before TPAC
   ... need to read Scripting API as well
   ... is the draft reasonably stable?

   Kaz: think so
   ... Daniel volunteered to start new work on Typescript
   ... but that will be done using a separate branch

   McCool: testability and requirements
   ... to see if implementations are WoT compliant
   ... we should figure out what kind of statements would make
   sense
   ... maybe for a homework
   ... if you could look at the Scripting API draft
   ... and see what should be normative assertions
   ... that would be helpful

   Elena: ok
   ... btw, what is the expected level?

   McCool: we should continue the discussion during TPAC as well
   ... do a brain dump first and have discussion
   ... we should put down whatever in our mind first
   ... we need to put things on the table

   Elena: will people from TD, Scripting, etc., also available on
   Monday/Tuesday?

   McCool: let's continue to discuss the scheduling

Previous minutes

   McCool: we don't have enough people today

   [adjourned]

Summary of Action Items

   See [15]the Action wiki.

     [15] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [16]scribe.perl version 1.154 ([17]CVS log)
    $Date: 2018/10/10 07:09:24 $

     [16] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [17] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 10 October 2018 07:15:30 UTC