W3C home > Mailing lists > Public > public-wot-wg@w3.org > November 2019

[wot-security] minutes - 14 October 2019

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 5 Nov 2019 23:44:37 +0900
Message-ID: <CAJ8iq9WLK6S+FqhMQ+RXyjT238-2tCaUhjQkgd4QZL3gMPNPUw@mail.gmail.com>
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
available at:

also as text below.




      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

14 Oct 2019


          Kaz_Ashimura, Elena_Reshetova, Michael_McCool,





     * [2]Topics
         1. [3]Agenda
         2. [4]Better slot?
         3. [5]Purpose
         4. [6]Privacy considerations
         5. [7]Prev minutes
     * [8]Summary of Action Items
     * [9]Summary of Resolutions


   McCool: sent an email to you about the potential agenda

   1. Time for the call. It would be good to find a call Taki can
   join, and also Oliver Pfaff from Siemens. One option: use the
   time on Thursday I allocated for working on the Charter. I
   think this is late enough so it's not a problem for Taki but
   may be too late for Oliver and Elena...

   2. Purpose. We need to have something specific to work on. Do
   we keep refining the guidelines or work on something new, like
   Privacy mitigations?

   3. People have limited bandwidth for meetings. Should we put
   the security call on standby while working on something else
   (eg Discovery) then reactivate it later?

   McCool: we've been working on guidelines
   ... we definitely need some more work
   ... privacy mitigation, etc.
   ... but we need to work on management APIs, etc., before that

Better slot?

   McCool: also need to see better slot for new participants
   ... so we should discuss moving the time
   ... also wondering if we should stop our security work and work
   on discovery, etc., first

   Elena: need another doodle to pick a better slot for new

   McCool: later slot would be better for Taki
   ... 2 questions: another day? or late evening?

   Elena: later slot would be OK but maybe problematic for
   Japanese guys

   McCool: for me that would be OK, e.g., 11pm on Thursday

   Elena: let's extend the candidate slots

   McCool: we have several constraints
   ... e.g., earlier slot than 5am PDT would not be good for Taki
   ... wondering about Elena's availability on Monday

   Elena: have to leave 3pm EEST

   McCool: we had to wait for the marketing call settled
   ... but it's fixed now

   Kaz: Thursday, 10pm JST, 9am EDT, 4pm EEST

   McCool: let's set up another doodle for security

   Elena: can do any time Friday

   McCool: what about late evening on Thursday?

   Elena: overlapping meeting

   McCool: 8pm-midnight including Friday

   <scribe> ACTION: kaz to create a new doodle for security


   McCool: having a call slot for discovery/security
   ... so security+privacy+discovery would be the theme
   ... or having a separate call?

   Elena: we can improve the current security/privacy document,
   but what would be the time span?

   McCool: there are people interested in discovery topic
   ... maybe partial overlap with security/privacy
   ... we need separate calls if we have different people
   ... possibly could have both calls alternatively,
   ... what do you think, Kaz?

   Kaz: would hear from the potential participants

   McCool: right
   ... note that initially we might need dedicated discussion for
   the discovery topic

Privacy considerations

   McCool: we're at the middle of our transition
   ... changes for id from TD
   ... cryptgraphically unique might be OK, though
   ... (explains the summary of the discussion with PING)
   ... the question was not having concrete mechanism for
   mitigation of privacy risks


     [10] https://github.com/w3c/wot/blob/master/proposals/privacy.md

   McCool: the conclusion was making "id" optional and also remove
   "unique" from it's description
   ... my remaining concern (for the future) is the distribution
   mechanism for TDs

   Elena: what is the purpose of "title"?
   ... arbitrary string?

   McCool: yes
   ... but people might put information about location, name, etc.
   ... "title" is the only mandatory field if we make "id"
   ... so personally think would be better to make "title" as well
   ... the other point is about Data Schemas
   ... not really clear
   ... same problem with URI Templates
   ... these are my first thoughts
   ... some suggestions for privacy mitigations

   Elena: will take a look
   ... would be better to have a concrete reference implementation
   for that purpose?

Prev minutes

   [11]Sep-9 minutes

     [11] https://www.w3.org/2019/09/09-wot-sec-minutes.html

   McCool: we should take a look at the current updated definition
   within the Architecture document
   ... (skims the minutes themselves)
   ... any comments?
   ... objections to accept them?


   McCool: so accepted


Summary of Action Items

   [NEW] ACTION: kaz to create a new doodle for security

Summary of Resolutions

   [End of minutes]

    Minutes manually created (not a transcript), formatted by
    David Booth's [12]scribe.perl version 1.154 ([13]CVS log)
    $Date: 2019/10/15 07:30:50 $

     [12] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [13] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 5 November 2019 14:45:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:27:54 UTC