W3C home > Mailing lists > Public > public-wot-wg@w3.org > June 2019

[wot-security] minutes - 20 May 2019

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 17 Jun 2019 22:15:53 +0900
Message-ID: <CAJ8iq9UhWoZVwSEqh5vv9PfqG+v7-UN8ziDRiBJGTZqy8W6iEQ@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:

also as text below.





      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

20 May 2019


      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda


          Kaz_Ashimura, Elena_Reshetova, Tomoaki_Mizushima,





     * [3]Topics
         1. [4]Review of Minutes from earlier meetings
         2. [5]Agenda
         3. [6]Review of Minutes from earlier meetings
         4. [7]Quick update
         5. [8]Name change
         6. [9]Issues and PRs
         7. [10]Next call
     * [11]Summary of Action Items
     * [12]Summary of Resolutions

   <McCool> agenda:

     [13] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#May_20.2C_2019

Review of Minutes from earlier meetings

   [14]previous minutes

     [14] https://www.w3.org/2019/05/06-wot-sec-minutes.html

   <scribe> scribenick: kaz


   Kaz: during the Architecture call, Matthias suggested we rename
   the "Security and Privacy Considerations" WG Note to "Security
   and Privacy Guideline"

   McCool: good point, let's talk about that as well

Review of Minutes from earlier meetings

   [15]previous minutes

     [15] https://www.w3.org/2019/05/06-wot-sec-minutes.html

   McCool: reviewed the minutes
   ... didn't see anything problematic
   ... other than a minor typo "nothig" (should be "nothing")
   ... propose we accept the minutes

   (no objections)

   McCool: let's accept the minutes then

Quick update

   McCool: I'm at IIC now
   ... making a presentation
   ... the schedule is pretty tight for the security review
   ... during the 3 upcoming weeks

   Elena: will send a reminder to my assigned reviewers
   ... when is the deadline?

   <McCool> [16]https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf

     [16] https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf

   McCool: we'll have an online plugfest
   ... so think the last moment for PR transition will be June 19
   ... we have to make our resolution for PR transition
   ... also workshop on June 3-5, and f2f on June 6-7
   ... should have some presentation there
   ... so we should add extra security considerations by June 10
   or so
   ... we can do that as part of this round
   ... considerations as part of the TD spec as well
   ... June 12 would be the absolute deadline
   ... let's copy the timeline from the PlugFest wiki to the
   Security wiki, and add some edit
   ... (adds edit on "Key Dates")
   ... June 6-7 - F2F: initial security review results, proposed
   update to TD and Arch docs
   ... June 12 - target for security revidw results
   ... June 13 - pullrequests to update Arch
   ... June 14 - pullrequests to update TD
   ... June 19 - PR transition resolution
   ... June 20 - PR transition request
   ... TAG review still outstanding

   Kaz: we can send a reminder to Daniel

   McCool: right

Name change

   McCool: "Security and Privacy Considerations" to "Security and
   Privacy Guidelines"
   ... personally don't care
   ... ok with the change

   Kaz: if we really want, I can talk with the Webmaster about the
   ... we should be able to change it

   McCool: fortunately, we don't need to change the URL
   ... any objections to change the text title?

   Elena: should be careful about cross-references

   McCool: ok
   ... the conclusion of the security tf itself is OK with
   changing the title

   Elena: think "Guideline" implies something more like our best
   practices document including what to do
   ... I personally think "Considerations" would fit the current

   McCool: I'm OK with "Guidelines"
   ... we've listed issues already

   (some more discussion)

   <McCool> proposal: the security TF will not oppose a name
   change to "Security and Privacy Guidelines".

   <McCool> here say "not oppose" rather than "support"

   <McCool> but I will talk to the chairs at the main call

   <McCool> we can dicuss then and make the final decision there

   RESOLUTION: the security TF will not oppose a name change to
   "Security and Privacy Guidelines".

Issues and PRs

   [17]Issue 34

     [17] https://github.com/w3c/wot-security/issues/34

   McCool: all about websockets
   ... deferred

   [18]Issue 35

     [18] https://github.com/w3c/wot-security/issues/35

   McCool: align with architecture doc

   [19]CR version of the WoT Architecture doc

     [19] https://www.w3.org/TR/2019/CR-wot-architecture-20190516/

   [20]Section 10. Security and Privacy Considerations

     [20] https://www.w3.org/TR/2019/CR-wot-architecture-20190516/#sec-security-considerations

   McCool: now should be "align with security and privacy
   considerations section of architecture CR"
   ... how about putting this as an agenda item for the next week?

   Elena: next week I won't be able to join
   ... is the architecture document finalized now?

   McCool: yes, it's in the Candidate Recommendation stage now
   ... so we should see if it's aligned with the latest "Security
   and Privacy Guidelines" document

   Elena: can take a first pass then

   McCool: ok, so would assign this issue (35) to you
   ... (also changes the title to "Align with Architecture CR")
   ... (also creates another issue 125: Align with Thing
   Description CR)
   ... (and assign it as well to Elena)
   ... we should make sure the documents are consistent
   ... (adds a note to Issue 125)
   ... please look for inconsistencies. the Security Privacy
   Considerations section of the TD spec dowsn not have to list
   everything in the wot-security doc, just the most important
   ... another point is if the wot-security doc is consistent with
   the terminology defined by the wot-architecture doc
   ... related to issue 123

   [21]Issue 123

     [21] https://github.com/w3c/wot-security/issues/123

   Elena: related to the issue 35 which is already assigned to me,
   isn't it?

   McCool: a bit different
   ... (adds clarification to the title of issue 35)
   ... "Align Security and Privacy Considerations section of
   Architecture CR with wot-security"

   [22]Issue 35

     [22] https://github.com/w3c/wot-security/issues/35

   scribe: (also adds clarification to the issue 125 as well)
   ... "Align Security and Privacy Considerations section of
   Architecture CR with wot-security"

   [23]Issue 125

     [23] https://github.com/w3c/wot-security/issues/125

   [24]Issue 45

     [24] https://github.com/w3c/wot-security/issues/45

   McCool: (adds some notes)
   ... as part of our review of terminology alignment with the
   architecture CR (issue 126), we should make a list of terms and
   put them in a terminology section.
   ... as a separate step we can worry about tracking an external
   reference (e.g., ITU, NIST).

   [25]Issue 126

     [25] https://github.com/w3c/wot-security/issues/126

Next call

   Elena: not available next week

   McCool: we can cancel the call next week
   ... I'll be also very busy for the demo preparation
   ... so let's cancel the call next week, May 27


Summary of Action Items

Summary of Resolutions

    1. [26]the security TF will not oppose a name change to
       "Security and Privacy Guidelines".

   [End of minutes]

    Minutes manually created (not a transcript), formatted by
    David Booth's [27]scribe.perl version 1.154 ([28]CVS log)
    $Date: 2019/05/21 14:28:31 $

     [27] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [28] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 17 June 2019 13:16:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:52 UTC