- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 07 Apr 2020 19:07:02 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2020/03/30-wot-sec-minutes.html also as text below. Thanks a lot for taking the minutes, Oliver! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 30 Mar 2020 Attendees Present Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Oliver_Pfaff, Tomoaki_Mizushima Regrets Chair McCool Scribe Oliver Contents * [2]Topics 1. [3]Previous minutes 2. [4]Lifecycle - Anima mapping 3. [5]PRs * [6]Summary of Action Items * [7]Summary of Resolutions __________________________________________________________ <kaz> scribenick: Oliver Previous minutes <McCool> [8]https://www.w3.org/2020/03/23-wot-sec-minutes.html [8] https://www.w3.org/2020/03/23-wot-sec-minutes.html Minutes from 2020-03-23 were reviewed and accepted as okay (modulo some typos) <kaz> [typos fixed] Lifecycle - Anima mapping [9]Elena's updated lifecycle diagram [9] https://github.com/w3c/wot-architecture/blob/master/proposals/WoT lifecycle diagram-WoT new lifecycle.svg Elena presented proposal for Thing lifecycle with a focus on lifecycle stages Original proposal allows a good mapping to IETF Anima Having a dedicated block "Bootstrapping/Onboarding" rather than an arrow-onyl seems a good improvement Mappings against IETF Anima should also consider [10]https://tools.ietf.org/html/draft-ietf-anima-bootstrapping- keyinfra-38#section-2.1 [10] https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-38#section-2.1 Lifecycle as illustrated in slides "Bootstrapping IoT Security - The IETF Anima and OPC-UA Recipes" have their backing in work from IRTF T2TRG (was also mapped with some Operational Technology) Manufacturer keys/credentials shall be distinguished from site keys/credentials The former are regarded optional. The latter may incarnate multiply (per application domain) 3 families of keys/credentials can play a role: manufacturer key/credential (0..1 per Thing), site key/credential (0..1 per Thing), application keys/credentials (0/1..n per Thing) Manufacturer keys/credentials are supplied (if supplied) in the manufacturing phase Site key/credentals are supplied (if supplied) in the bootstrapping/onboarding phase Application keys/credentials are supplied in the bootstrapping/onboarding and/or maintenance phases (depending on the maintenance mode) Manufacturer keys/credentials can contain what the manufacturer knows (production date/location...); issuance under manufacturer control Site keys/credentials can also contain what the user/operator knows about the Thing (independent from an application domain); issuance under site-control Application keys/credentials can also contain what an appliaction domain expects to find (e.g. DNS name in SubjectAltName); issuance under site-control PRs <kaz> [11]PR 164 [11] https://github.com/w3c/wot-security/pull/164 PR 164 needs an editorial update. Can not be done in the GitHub Web UI. Needs to be followed-up... Progress made in lifecycle discussion esp. regarding its states and to-be-distinguished keys/credentials <kaz> [adjourned] Summary of Action Items Summary of Resolutions [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [12]scribe.perl version 1.154 ([13]CVS log) $Date: 2020/04/06 12:09:42 $ [12] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [13] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 7 April 2020 10:07:02 UTC