- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Wed, 05 Feb 2020 14:49:34 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2020/01/27-wot-sec-minutes.html also as text below. Thanks for taking the notes, Oliver! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 27 Jan 2020 [2]Agenda [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#27_Jan_2020 Attendees Present Kaz_Ashimura, Michael_McCool, Oliver_Pfaff, Tomoaki_Mizushima Regrets Chair McCool Scribe Oliver, kaz Contents * [3]Topics * [4]Summary of Action Items * [5]Summary of Resolutions __________________________________________________________ <kaz> scribenick: Oliver Michael: Issue#152 assigned to Elena, Issue#153 to Michael <kaz> [6]Issue 152 [6] https://github.com/w3c/wot-security/issues/152 Michael: Issue#151 assigned to Elena - continues <kaz> [7]Issue 153 [7] https://github.com/w3c/wot-security/issues/153 <kaz> [8]Issue 151 [8] https://github.com/w3c/wot-security/issues/151 <inserted> scribenick: kaz Michael: add labels of "PR Available" and "WIP" to Issue#149 [9]Issue 149 [9] https://github.com/w3c/wot-security/issues/149 Michael: adds comments for Zoltan for Issue#151 [10]Issue 151 [10] https://github.com/w3c/wot-security/issues/151 [11]Issue 148 [11] https://github.com/w3c/wot-security/issues/148 Oliver: question on which actor to be addressed ... maybe discussion for Architecture ... mapping is unclear McCool: need a clear description in definition? ... in the security document? ... if so, someone should provide a pullrequest ... should elaborate in the security document ... (adds comment to Issue 148) ... it's not clear who the actors are for authentication ... it needs a clearer definition and discussion Oliver: yes ... but not only related to security guidelines ... but also TD and Architecture McCool: (adds comments) ... this is true in the TD and Architecture docs as well as in the security guidelines. ... a lot of the definitions in Architecture are based on other standards, which however may be based on client-server arcihtecture./server-based ... propose a clearer definition in the Architecture document for "authentication" that references existing standards but builds upon them as necessary ... will create an issue in Architecture repo Oliver: sounds like a good plan McCool: (creates an issue for wot-architecture) ... issue title should be [[More clearly define "Thing Authentication"]] [12]new wot-architecture issue 429 corresponding wot-security issue 148 [12] https://github.com/w3c/wot-architecture/issues/429 [13]Issue 147 [13] https://github.com/w3c/wot-security/issues/147 McCool: Missing reference for IETFAnima ... (adds labels of "PR Available" and "WIP") [14]Issue 146 [14] https://github.com/w3c/wot-security/issues/146 McCool: need to create a pullrequest ... Oliver, do you have a branch for that purpose? ... can you show us the branch? [15]Issue 145 [15] https://github.com/w3c/wot-security/issues/145 McCool: client/server vs publish/subscribe patterns ... we'll be looking at protocols that support publish/subscribe patterns, e.g., MQTT, HTTP with event/subscribe interactions, OPC-UA ... so we do need to look at this ... any resources to refer? ... for MQTT, OPC-UA, HTTP ... would like to assign this issue 145 to Oliver ... not for a pullrequest at this point, but only to come up with a more concrete plan Oliver: fine by me ... will look into that ... but will take vacation till Feb 24 McCool: not critical to do by next week Oliver: can work on it but discussion to be done on Feb 24 McCool: ok. we need to collect references first [16]Issue 144 [16] https://github.com/w3c/wot-security/issues/144 McCool: next, end-to-end security ... summary is we need a clearer definition ... can apply to multiple levels of the network stack ... seems more security-specific topic Oliver: we need some description about different levels of security McCool: end-to-end security is related to protocols ... so related to protocol binding ... basic definition to be included in the Architecture document ... and elaborated within the Security Guidelines document ... actions: ... 1. create a pullrequest for basic definition in Architecture ... 2. create a pullrequest for discussion in Security Guidelines ... let me create another issue for Architecture [17]new Architecture issue 430 [17] https://github.com/w3c/wot-architecture/issues/430 McCool: any other input for the next call? ... (updates the agenda wiki for Jan-27 call) ... AOB? (none) [adjourned] Summary of Action Items Summary of Resolutions [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [18]scribe.perl version 1.154 ([19]CVS log) $Date: 2020/02/04 03:41:02 $ [18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [19] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 5 February 2020 05:49:44 UTC