W3C home > Mailing lists > Public > public-wot-wg@w3.org > October 2018

[wot-security] minutes - 1 October 2018

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Wed, 10 Oct 2018 16:14:22 +0900
Message-ID: <CAJ8iq9UQHoixjan5dJPF=2CXpjGCC_54f3Bq8E5yBTh+6YLB0w@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:

also as text below.





      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

01 Oct 2018


          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,





     * [2]Topics
         1. [3]Issue 118: Signing and encrypting body of actual
            responses of interaction pattern endpoints
         2. [4]Update from online plugfest
         3. [5]Some discussion on TPAC schedule
         4. [6]Publication plan
         5. [7]Previous minutes
     * [8]Summary of Action Items
     * [9]Summary of Resolutions

Issue 118: Signing and encrypting body of actual responses of
interaction pattern endpoints

   [10]issue 118

     [10] https://github.com/w3c/wot-security/issues/118

   McCool: (adds comments on the GH issue)

   [11]McCool's comment

     [11] https://github.com/w3c/wot-security/issues/118#issuecomment-425884074

   [12]McCool's 2nd comment

     [12] https://github.com/w3c/wot-security/issues/118#issuecomment-425884074

Update from online plugfest

   McCool: hard work on setting for gateway and VPN
   ... fair number of people started to work on security
   ... e.g., Panasonic working on bearer token
   ... all the stuff for the online plugfest should be kept for
   the plugfest in Lyon
   ... would see node-wot for CoAP, etc.
   ... still some ambiguity with OAuth setting
   ... we have digest, bearer and basic, for authentication
   ... so made progress for security
   ... had a couple of services for security
   ... authentication on the proxy side, etc.
   ... Matthias is also working
   ... smart home demo for OCF
   ... hoping the resources are updated
   ... fortunately succeeded to fork it
   ... kind of struggling
   ... in particular about OCF testing
   ... no open-source implementation which generates OCF
   ... some issue with Directory service as well
   ... a lot work to do for TPAC

   Elena: do we have a scenario for demonstration?

   McCool: PlugFest planning call after the main call
   ... Lagally, etc., are interested in developing demo scenarios
   ... different set of effort for demo and testing
   ... personally think that we should get good application
   ... hoping we make steady progress
   ... good scenario in Lyon
   ... also dev meetup on Monday
   ... (checks the schedule during the TPAC week)

   Kaz: we need to fix the joint meetings with the other groups
   (during the WoT Chairs call)

Some discussion on TPAC schedule

   McCool: (adds information about "Conflicts and Time
   constraints" to the f2f wiki)
   ... (also put possible topics)

Publication plan

   McCool: made a PR for TD
   ... drafted security section

   [13]TD PR 207

     [13] https://github.com/w3c/wot-thing-description/pull/207

   McCool: what would be the normative content for TD security?
   ... need to go back again
   ... would like to finalize this next week
   ... also need to see what the normative assertions would be
   ... and then
   ... we have the best practices document
   ... to give suggestions
   ... and then
   ... security testing plan

   [14]testing plan

     [14] https://github.com/w3c/wot/blob/master/testing/plan.md

   McCool: much to do before TPAC
   ... need to read Scripting API as well
   ... is the draft reasonably stable?

   Kaz: think so
   ... Daniel volunteered to start new work on Typescript
   ... but that will be done using a separate branch

   McCool: testability and requirements
   ... to see if implementations are WoT compliant
   ... we should figure out what kind of statements would make
   ... maybe for a homework
   ... if you could look at the Scripting API draft
   ... and see what should be normative assertions
   ... that would be helpful

   Elena: ok
   ... btw, what is the expected level?

   McCool: we should continue the discussion during TPAC as well
   ... do a brain dump first and have discussion
   ... we should put down whatever in our mind first
   ... we need to put things on the table

   Elena: will people from TD, Scripting, etc., also available on

   McCool: let's continue to discuss the scheduling

Previous minutes

   McCool: we don't have enough people today


Summary of Action Items

   See [15]the Action wiki.

     [15] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Actions

Summary of Resolutions

   [End of minutes]

    Minutes manually created (not a transcript), formatted by
    David Booth's [16]scribe.perl version 1.154 ([17]CVS log)
    $Date: 2018/10/10 07:09:24 $

     [16] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [17] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 10 October 2018 07:15:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:51 UTC