W3C home > Mailing lists > Public > public-wot-wg@w3.org > May 2019

[wot-security] minutes - 29 April 2019

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 7 May 2019 22:53:19 +0900
Message-ID: <CAJ8iq9WAeo6uXFtwtx--_Ag93WiODZ-RBcywEiuSDH1C9TyD3A@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:





      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

29 Apr 2019


      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#April_29.2C_2019


          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,





     * [3]Topics
         1. [4]Review of mintues
         2. [5]NIST Security Baseline
         3. [6]Security review progress
         4. [7]Publication schedule
         5. [8]Penetration testing
         6. [9]Issues
         7. [10]Next meeting
     * [11]Summary of Action Items
     * [12]Summary of Resolutions

   McCool: still working on system setting for the penetration

Review of mintues

   [13]Previous mintues

     [13] https://www.w3.org/2019/04/15-wot-sec-minutes.html

   McCool: caught up on the previous minutes
   ... went through them and fixed typos, etc.
   ... and accepted them
   ... would like to accept these minutes from April 15 as well

   (no objections)

   McCool: accepted

NIST Security Baseline

   [14]NIST IoT Security Congress

     [14] https://www.secureworldexpo.com/industry-news/iot-security-congress

   McCool: security baseline defined there
   ... very influential
   ... probably should follow this at some point


     [15] https://www.scribd.com/document/401616402/Internet-of-Things-IoT-Cybersecurity-Improvement-Act-of-2019

   <McCool> The Internet of Things (IoT) Cybersecurity Improvement
   Act of 2019 would require that devices purchased by the U.S.
   government meet certain minimum security requirements.

   McCool: there is a link on IoT Cybersecurity Impeovement Act
   ... should keep eyes on it

Security review progress

   McCool: need to remind people from Intel
   ... note that TAG review is delayed till May 8
   ... discussion on a possible procedure with the W3C Management
   ... our spec has to be perfect for transition after the TAG
   ... external review deadline should be also May 8
   ... note that there are holidays many places this week
   ... in Japan, Europe, etc.
   ... we can still make progress in US, though
   ... we can get information back before May 15 for CR transition

Publication schedule

   McCool: we have 3 documents
   ... bunch of changes for terminology within the WoT
   Architecture document
   ... need to check consistency
   ... proxy, intermidiately, etc.
   ... need a very quick review
   ... after CR transition, edit security docs for consistency
   ... and publish updated Notes in mid-June

   Kaz: security best practices Note and security test Note.

   McCool: right
   ... what's the procedure?

   Kaz: we can publish group Notes whenever we want, but need to
   get a whole group approval

   McCool: this week is not good for that purpose...
   ... need to change the reference
   ... want to cite "latest" version in Arch document, not dated
   ... but can we do that?

   Kaz: we should use the dated URL for reference purposes, so
   need to check

   McCool: target May 8 as meeting to have publication resolution
   for the Notes

   Kaz: note that we can/should check all the reference documents
   and update the references based on the latest versions for
   every publication

   McCool: btw, I think we need to go back to the security section
   of the architecture document and review it in detail

Penetration testing

   McCool: working on it
   ... system description about Intel's devices like the ones for
   the demo at the Munich workshop

   [16]2nd WoT Workshop demo setting

     [16] https://github.com/w3c/wot/tree/master/workshop/ws2/demos-2019-Munich

   McCool: would like to concentrate on the workshop demo
   ... and also penetration test after that
   ... will be traveling to IIC workshop on May 17-23
   ... system description for pen test by May 15


   [17]Issue 123

     [17] https://github.com/w3c/wot-security/issues/123

   McCool: (adds comments on our intention to review the
   Architecture document)

   [18]McCool's comment for Issue 123

     [18] https://github.com/w3c/wot-security/issues/123#issuecomment-487563290

   [19]Issue 102

     [19] https://github.com/w3c/wot-security/issues/102

   McCool: we can close this
   ... we agreed to do this, and also publish a testing plan Note
   as well

   [20]McCool's comment for Issue 102

     [20] https://github.com/w3c/wot-security/issues/102#issuecomment-487563679

   [21]Issue 80

     [21] https://github.com/w3c/wot-security/issues/80

   [22]Issue 23

     [22] https://github.com/w3c/wot-security/issues/23

   McCool: we now have separate testing plan document
   ... (so closed Issue 23)

Next meeting

   McCool: hopefully talk about the system description for pen
   ... and document publications


Summary of Action Items

Summary of Resolutions

   [End of minutes]

    Minutes manually created (not a transcript), formatted by
    David Booth's [23]scribe.perl version 1.154 ([24]CVS log)
    $Date: 2019/04/29 17:31:05 $

     [23] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [24] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 7 May 2019 13:54:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 7 May 2019 13:54:27 UTC