[wot-security] minutes - 9 September 2019 from Kazuyuki Ashimura on 2019-10-15 (public-wot-wg@w3.org from October 2019)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Tue, 15 Oct 2019 16:08:25 +0900
To: Public Web of Things IG <public-wot-ig@w3.org>, public-wot-wg@w3.org
Message-ID: <CAJ8iq9WN_f+Kx6o48LG_QR2jaz=o=SWzLChqqkXpH-6+ZY9iog@mail.gmail.com>
available at:
  https://www.w3.org/2019/09/09-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---
   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

09 Sep 2019

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

Attendees

   Present
          Michael_McCool, Elena_Reshetova, Tomoaki_Mizushima,
          Kaz_Ashimura

   Regrets

   Chair
          McCool

   Scribe
          kaz

Contents

     * [3]Topics
         1. [4]Quick updates
         2. [5]Previous minutes
         3. [6]Definition PR in Architecture
         4. [7]WG Charter
         5. [8]Profiles
     * [9]Summary of Action Items
     * [10]Summary of Resolutions
     __________________________________________________________

Quick updates

   (none)

Previous minutes

   [11]Prev minutes

     [11] https://www.w3.org/2019/09/02-wot-sec-minutes.html

   McCool: any objections to accept the minutes?

   (none)

   McCool: accept the previous minutes

Definition PR in Architecture

   [12]PR 384

     [12] https://github.com/w3c/wot-architecture/pull/384

   McCool: created a PR based on ISO standard definition
   ... ISO/IEC 2382 and ISO/IEC 27000
   ... put some explanatory text

   <McCool>
   [13]https://github.com/w3c/wot-architecture/pull/384/files

     [13] https://github.com/w3c/wot-architecture/pull/384/files

   Kaz: seems the link for 2382 is wrong (same as 27000)

   McCool: will fix it
   ... we'll make decision during the Architecture call on
   Thursday
   ... there is a note on PII here
   ... added description on information privacy as well
   ... ISO 2382 and ISO 29100
   ... and then
   ... security
   ... confidentiality, integrity and availability of information
   ... and then add a note "please refer to this document (ISO
   27000)"
   ... also add a note saying " it is desirable that these
   properties be maintained both in normal operation and when the
   system is subject to attack"
   ... also definition of "private life"
   ... any other comments?
   ... (fixes the wrong link for "ISO 2382")
   ... wondering if we need to add an entry to the ReSpec
   reference DB

WG Charter

   [14]WG Charter PR (round 2)

     [14] https://github.com/w3c/wot/pull/862

   [15]Changes

     [15] https://github.com/w3c/wot/pull/862/files

   McCool: (goes through the changes)
   ... how to allow access to metadata?
   ... changed "parties" to "users" ...

Profiles

   <McCool> [16]https://github.com/w3c/wot-profile/issues/6

     [16] https://github.com/w3c/wot-profile/issues/6

   Elena: don't really understand which profiles are for what

   McCool: would be fixed within TD
   ... we're generating a document on "Requirements from WG
   participants for the profile"

   [17]Requirements

     [17] https://github.com/w3c/wot-profile/blob/master/REQUIREMENTS.md

   McCool: it's just outline
   ... we'll discuss this during TPAC
   ... there is a proposal to make TD less complicated
   ... human readability vs machine-to-machine communication

   Elena: what about security?
   ... we have security best practice document
   ... how does things relate to each other?

   McCool: some of the combinations would make sense

   Elena: any plan to merge the best practice with this?

   McCool: not really
   ... we have limitation
   ... but there is a relationship and we should not duplicate

   Elena: ok

   McCool: we need to figure out developer status
   ... there should be a mechanism to allow "nosec" but only in a
   developer context

   Elena: e.g., people working within a local network

   McCool: we have to have discussion at TPAC
   ... also need to find use cases

   Elena: btw, we needed to update the Architecture document with
   updated definition?

   McCool: working on the original issue and newly generated
   definition based on the CR version of the Architecture draft
   ... let's discuss the detail at TPAC
   ... if you have any ideas, please put that on the TPAC f2f wiki

   Elena: Asian time?

   McCool: TPAC will be held in Fukuoka, so JST
   ... would make sure you can make the f2f remotely
   ... let's meet (or talk on webex) at TPAC next week!

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [18]scribe.perl version 1.154 ([19]CVS log)
    $Date: 2019/09/11 15:12:53 $

     [18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [19] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 15 October 2019 07:09:09 UTC