[wot-security] minutes - 16 November 2020 from Kazuyuki Ashimura on 2020-11-30 (public-wot-wg@w3.org from November 2020)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 30 Nov 2020 21:13:27 +0900
To: public-wot-ig@w3.org, public-wot-wg@w3.org
Message-ID: <871rgbqbyw.wl-ashimura@w3.org>
available at:
  https://www.w3.org/2020/11/16-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---
   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

16 Nov 2020

   [2]Agenda

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#16_November_2020

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Oliver_Pfaff,
          Jack_Dickinson, Tomoaki_Mizushima

   Regrets
          Elena_Reshetova

   Chair
          McCool

   Scribe
          kaz

Contents

     * [3]Topics
         1. [4]Prev minutes
         2. [5]Quick updates?
         3. [6]Issues on security for Discovery
         4. [7]Issue 192 on lifecycle in Architecture
         5. [8]Issue 191
         6. [9]Issue 185 on Consider how to support object
            security
         7. [10]Issue 195 on security guidance
     * [11]Summary of Action Items
     * [12]Summary of Resolutions
     __________________________________________________________

Prev minutes

   [13]Nov-9

     [13] https://www.w3.org/2020/11/09-wot-sec-minutes.html

   McCool: (goes through the minutes)
   ... any objections to publish the minutes?

   (none)

   approved

Quick updates?

   (none)

Issues on security for Discovery

   <inserted> [14]wot-security issues

     [14] https://github.com/w3c/wot-security/issues

   McCool: anything we can close?
   ... maybe one missing thing on security for discovery
   ... cross-over issue with discovery
   ... unsecure directory service would be bad
   ... (goes through the issues from wot-discovery too)

   [15]wot-discovery issues

     [15] https://github.com/w3c/wot-discovery/issues

   McCool: creates a new issue on security for directory

   [16]wot-discovery issue 96: Should security be mandatory on
   directories?

     [16] https://github.com/w3c/wot-discovery/issues/96

   McCool: if mandatory, what scheme?
   ... what security is appropriate for what contexts?

   [17]wot-security issue 196: Consider security issues in
   Discovery

     [17] https://github.com/w3c/wot-security/issues/196

Issue 192 on lifecycle in Architectuere

   [18]Issue 192

     [18] https://github.com/w3c/wot-security/issues/192

   McCool: was there any discussion on lifecycle during the
   Architecture call last week?

   Kaz: no
   ... we just talked about the FPWD publication, recent use
   cases, etc.

   McCool: there is still PR ongoing
   ... we should leave this open until the lifecycle is finalized
   ... the PR 539 has been merged, though

   [19]PR 539 merged on Oct 7

     [19] https://github.com/w3c/wot-architecture/pull/539

   McCool: Oliver has agreed to review the current status and
   provide input on whether any additional updates are needed from
   a security perspective
   ... (assigns Oliver to Issue 192)

   <McCool> [20]https://github.com/w3c/wot-security/issues/192

     [20] https://github.com/w3c/wot-security/issues/192

Issue 191

   [21]Issue 191

     [21] https://github.com/w3c/wot-security/issues/191

   McCool: this is an opensource home automation assistant tool
   ... would ask Cristiano himself to this issue
   ... to collect information
   ... (adds comments on possible questions)
   ... I'll take Issue 189 on ThingSpeak

   [22]Issue 189

     [22] https://github.com/w3c/wot-security/issues/189

   McCool: Oliver to review Issue 187

   [23]Issue 187

     [23] https://github.com/w3c/wot-security/issues/187

   McCool: do we have a right stuff for home assistants?
   ... (adds "Hubs" label to issues on home assistants)

   [24]Issue 191

     [24] https://github.com/w3c/wot-security/issues/191

   [25]Issue 189

     [25] https://github.com/w3c/wot-security/issues/189

   [26]Issue 188

     [26] https://github.com/w3c/wot-security/issues/188

   <McCool> [27]Issue 187

     [27] https://github.com/w3c/wot-security/issues/187

   [28]Issue 180

     [28] https://github.com/w3c/wot-security/issues/180

   topic Issue 66 on Role of Platforms in WoT

   [29]Issue 66

     [29] https://github.com/w3c/wot-security/issues/66

   McCool: are "Hubs" and "Platforms" the same thing?
   ... perhaps not

Issue 185 on Consider how to support object security

   [30]Issue 185

     [30] https://github.com/w3c/wot-security/issues/185

   McCool: any opinions?
   ... next steps here would be (1) to find existing systems that
   use object security and consider how to model them (OCF 2.x?)
   ... (2) to build and experiment with some prototypes in a
   Plugfest
   ... before doing #2 above
   ... we would have to justify the effort with use cases, etc.
   ... could be the case if some major ecosystem we want to
   integrate with WoT requires object security
   ... smart city use case may require it

   Kaz: yeah

Issue 195 on security guidance

   [31]Issue 195

     [31] https://github.com/w3c/wot-security/issues/195

   McCool: could start by defining the contexts

   [32]new comment

     [32] https://github.com/w3c/wot-security/issues/195#issuecomment-728063150

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [33]scribe.perl version
    1.152 ([34]CVS log)
    $Date: 2020/11/17 07:00:10 $

     [33] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [34] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 30 November 2020 12:13:34 UTC