- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 17 Jun 2019 22:15:53 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2019/05/20-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
20 May 2019
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
Attendees
Present
Kaz_Ashimura, Elena_Reshetova, Tomoaki_Mizushima,
Michael_McCool
Regrets
Chair
McCool
Scribe
kaz
Contents
* [3]Topics
1. [4]Review of Minutes from earlier meetings
2. [5]Agenda
3. [6]Review of Minutes from earlier meetings
4. [7]Quick update
5. [8]Name change
6. [9]Issues and PRs
7. [10]Next call
* [11]Summary of Action Items
* [12]Summary of Resolutions
__________________________________________________________
<McCool> agenda:
[13]https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#May_20.2
C_2019
[13] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#May_20.2C_2019
Review of Minutes from earlier meetings
[14]previous minutes
[14] https://www.w3.org/2019/05/06-wot-sec-minutes.html
<scribe> scribenick: kaz
Agenda
Kaz: during the Architecture call, Matthias suggested we rename
the "Security and Privacy Considerations" WG Note to "Security
and Privacy Guideline"
McCool: good point, let's talk about that as well
Review of Minutes from earlier meetings
[15]previous minutes
[15] https://www.w3.org/2019/05/06-wot-sec-minutes.html
McCool: reviewed the minutes
... didn't see anything problematic
... other than a minor typo "nothig" (should be "nothing")
... propose we accept the minutes
(no objections)
McCool: let's accept the minutes then
Quick update
McCool: I'm at IIC now
... making a presentation
... the schedule is pretty tight for the security review
... during the 3 upcoming weeks
Elena: will send a reminder to my assigned reviewers
... when is the deadline?
<McCool> [16]https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf
[16] https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf
McCool: we'll have an online plugfest
... so think the last moment for PR transition will be June 19
... we have to make our resolution for PR transition
... also workshop on June 3-5, and f2f on June 6-7
... should have some presentation there
... so we should add extra security considerations by June 10
or so
... we can do that as part of this round
... considerations as part of the TD spec as well
... June 12 would be the absolute deadline
... let's copy the timeline from the PlugFest wiki to the
Security wiki, and add some edit
... (adds edit on "Key Dates")
... June 6-7 - F2F: initial security review results, proposed
update to TD and Arch docs
... June 12 - target for security revidw results
... June 13 - pullrequests to update Arch
... June 14 - pullrequests to update TD
... June 19 - PR transition resolution
... June 20 - PR transition request
... TAG review still outstanding
Kaz: we can send a reminder to Daniel
McCool: right
Name change
McCool: "Security and Privacy Considerations" to "Security and
Privacy Guidelines"
... personally don't care
... ok with the change
Kaz: if we really want, I can talk with the Webmaster about the
change
... we should be able to change it
McCool: fortunately, we don't need to change the URL
... any objections to change the text title?
Elena: should be careful about cross-references
McCool: ok
... the conclusion of the security tf itself is OK with
changing the title
Elena: think "Guideline" implies something more like our best
practices document including what to do
... I personally think "Considerations" would fit the current
document
McCool: I'm OK with "Guidelines"
... we've listed issues already
(some more discussion)
<McCool> proposal: the security TF will not oppose a name
change to "Security and Privacy Guidelines".
<McCool> here say "not oppose" rather than "support"
<McCool> but I will talk to the chairs at the main call
<McCool> we can dicuss then and make the final decision there
RESOLUTION: the security TF will not oppose a name change to
"Security and Privacy Guidelines".
Issues and PRs
[17]Issue 34
[17] https://github.com/w3c/wot-security/issues/34
McCool: all about websockets
... deferred
[18]Issue 35
[18] https://github.com/w3c/wot-security/issues/35
McCool: align with architecture doc
[19]CR version of the WoT Architecture doc
[19] https://www.w3.org/TR/2019/CR-wot-architecture-20190516/
[20]Section 10. Security and Privacy Considerations
[20] https://www.w3.org/TR/2019/CR-wot-architecture-20190516/#sec-security-considerations
McCool: now should be "align with security and privacy
considerations section of architecture CR"
... how about putting this as an agenda item for the next week?
Elena: next week I won't be able to join
... is the architecture document finalized now?
McCool: yes, it's in the Candidate Recommendation stage now
... so we should see if it's aligned with the latest "Security
and Privacy Guidelines" document
Elena: can take a first pass then
McCool: ok, so would assign this issue (35) to you
... (also changes the title to "Align with Architecture CR")
... (also creates another issue 125: Align with Thing
Description CR)
... (and assign it as well to Elena)
... we should make sure the documents are consistent
... (adds a note to Issue 125)
... please look for inconsistencies. the Security Privacy
Considerations section of the TD spec dowsn not have to list
everything in the wot-security doc, just the most important
points.
... another point is if the wot-security doc is consistent with
the terminology defined by the wot-architecture doc
... related to issue 123
[21]Issue 123
[21] https://github.com/w3c/wot-security/issues/123
Elena: related to the issue 35 which is already assigned to me,
isn't it?
McCool: a bit different
... (adds clarification to the title of issue 35)
... "Align Security and Privacy Considerations section of
Architecture CR with wot-security"
[22]Issue 35
[22] https://github.com/w3c/wot-security/issues/35
scribe: (also adds clarification to the issue 125 as well)
... "Align Security and Privacy Considerations section of
Architecture CR with wot-security"
[23]Issue 125
[23] https://github.com/w3c/wot-security/issues/125
[24]Issue 45
[24] https://github.com/w3c/wot-security/issues/45
McCool: (adds some notes)
... as part of our review of terminology alignment with the
architecture CR (issue 126), we should make a list of terms and
put them in a terminology section.
... as a separate step we can worry about tracking an external
reference (e.g., ITU, NIST).
[25]Issue 126
[25] https://github.com/w3c/wot-security/issues/126
Next call
Elena: not available next week
McCool: we can cancel the call next week
... I'll be also very busy for the demo preparation
... so let's cancel the call next week, May 27
[adjourned]
Summary of Action Items
Summary of Resolutions
1. [26]the security TF will not oppose a name change to
"Security and Privacy Guidelines".
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [27]scribe.perl version 1.154 ([28]CVS log)
$Date: 2019/05/21 14:28:31 $
[27] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[28] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 17 June 2019 13:16:55 UTC