- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 7 May 2019 22:53:19 +0900
- To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:
https://www.w3.org/2019/04/29-wot-sec-minutes.html
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
29 Apr 2019
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#April_29.2C_2019
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
kaz
Contents
* [3]Topics
1. [4]Review of mintues
2. [5]NIST Security Baseline
3. [6]Security review progress
4. [7]Publication schedule
5. [8]Penetration testing
6. [9]Issues
7. [10]Next meeting
* [11]Summary of Action Items
* [12]Summary of Resolutions
__________________________________________________________
McCool: still working on system setting for the penetration
test
Review of mintues
[13]Previous mintues
[13] https://www.w3.org/2019/04/15-wot-sec-minutes.html
McCool: caught up on the previous minutes
... went through them and fixed typos, etc.
... and accepted them
... would like to accept these minutes from April 15 as well
(no objections)
McCool: accepted
NIST Security Baseline
[14]NIST IoT Security Congress
[14] https://www.secureworldexpo.com/industry-news/iot-security-congress
McCool: security baseline defined there
... very influential
... probably should follow this at some point
<McCool>
[15]https://www.scribd.com/document/401616402/Internet-of-Thing
s-IoT-Cybersecurity-Improvement-Act-of-2019
[15] https://www.scribd.com/document/401616402/Internet-of-Things-IoT-Cybersecurity-Improvement-Act-of-2019
<McCool> The Internet of Things (IoT) Cybersecurity Improvement
Act of 2019 would require that devices purchased by the U.S.
government meet certain minimum security requirements.
McCool: there is a link on IoT Cybersecurity Impeovement Act
above
... should keep eyes on it
Security review progress
McCool: need to remind people from Intel
... note that TAG review is delayed till May 8
... discussion on a possible procedure with the W3C Management
... our spec has to be perfect for transition after the TAG
review
... external review deadline should be also May 8
... note that there are holidays many places this week
... in Japan, Europe, etc.
... we can still make progress in US, though
... we can get information back before May 15 for CR transition
Publication schedule
McCool: we have 3 documents
... bunch of changes for terminology within the WoT
Architecture document
... need to check consistency
... proxy, intermidiately, etc.
... need a very quick review
... after CR transition, edit security docs for consistency
... and publish updated Notes in mid-June
Kaz: security best practices Note and security test Note.
right?
McCool: right
... what's the procedure?
Kaz: we can publish group Notes whenever we want, but need to
get a whole group approval
McCool: this week is not good for that purpose...
... need to change the reference
... want to cite "latest" version in Arch document, not dated
version
... but can we do that?
Kaz: we should use the dated URL for reference purposes, so
need to check
McCool: target May 8 as meeting to have publication resolution
for the Notes
Kaz: note that we can/should check all the reference documents
and update the references based on the latest versions for
every publication
McCool: btw, I think we need to go back to the security section
of the architecture document and review it in detail
Penetration testing
McCool: working on it
... system description about Intel's devices like the ones for
the demo at the Munich workshop
[16]2nd WoT Workshop demo setting
[16] https://github.com/w3c/wot/tree/master/workshop/ws2/demos-2019-Munich
McCool: would like to concentrate on the workshop demo
... and also penetration test after that
... will be traveling to IIC workshop on May 17-23
... system description for pen test by May 15
Issues
[17]Issue 123
[17] https://github.com/w3c/wot-security/issues/123
McCool: (adds comments on our intention to review the
Architecture document)
[18]McCool's comment for Issue 123
[18] https://github.com/w3c/wot-security/issues/123#issuecomment-487563290
[19]Issue 102
[19] https://github.com/w3c/wot-security/issues/102
McCool: we can close this
... we agreed to do this, and also publish a testing plan Note
as well
[20]McCool's comment for Issue 102
[20] https://github.com/w3c/wot-security/issues/102#issuecomment-487563679
[21]Issue 80
[21] https://github.com/w3c/wot-security/issues/80
[22]Issue 23
[22] https://github.com/w3c/wot-security/issues/23
McCool: we now have separate testing plan document
... (so closed Issue 23)
Next meeting
McCool: hopefully talk about the system description for pen
test
... and document publications
[adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [23]scribe.perl version 1.154 ([24]CVS log)
$Date: 2019/04/29 17:31:05 $
[23] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[24] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 7 May 2019 13:54:26 UTC