- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 21 Sep 2020 18:32:05 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2020/09/14-wot-sec-minutes.html also as text below. Thanks a lot for taking the minutes, Elena! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 14 Sep 2020 [2]Agenda [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#14_September_2020 Attendees Present Kaz_Ashimura, Clerley_Silveira, Elena_Reshetova, Michael_McCool, Oliver_Pfaff, Tomoaki_Mizushima, Cristiano_Aguzzi, David_Ezell Regrets Chair McCool Scribe elena Contents * [3]Topics 1. [4]Review the minutes from last meeting 2. [5]Issue 183 3. [6]Issue 180 4. [7]Issue 170 * [8]Summary of Action Items * [9]Summary of Resolutions __________________________________________________________ <kaz> scribenick: elena Review the minutes from last meeting <kaz> [10]Sep-7 [10] https://www.w3.org/2020/09/07-wot-sec-minutes.html McCool: any objections publishing the minutes? no objections, minutes approved McCool: any updates from anyone? ... we might need two producers and two consumers for implementation to be approved. This can be a problem for Oauth implementations. ... does anyone know about wot-node and oauth? Cristiano: difference in implementations between producers and consumers can be very minimal for node-wot McCool: need to bring it up with node-wot, could Cristiano create an issue about this and test cases for node-wot? ... let me do issue creation now McCool creates a new issue in wot-testing Cristiano: I am afraid that LinkSmart wont implement consumer side McCool: we need then another consumer ... node-gen or node-RED might be an option for that ... we need to have two tests per flow Cristiano: code is not implemented in node-wot, might be a problem McCool: node-wot also assumes that security configuration is the same, another thing that needs review <McCool> [11]https://github.com/w3c/wot-testing/issues/51 [11] https://github.com/w3c/wot-testing/issues/51 McCool: we need to review security implementation of node-wot McCool creates a new issue under wot-security on this [12]https://github.com/w3c/wot-security/issues/184 [12] https://github.com/w3c/wot-security/issues/184 McCool: Cristiano, could you walk us through node-wot implementation since you know it well? Cristiano agrees McCool: we should also dig into node-gen also ... are we doing something special for plugfest? I have not seen any security focus there ... does anyone have any thoughts on this? ... oauth is something we should do but we dont have enough time for this plugfest. Maybe next plugfest that is in February/March? ... if we want to be safe to get things done in time, we need to finalize test cases by the end of the year Kaz: a bit off topic but I attended the Singapore Geospatial Week's Smart Cities session this afternoon and some of the presenters mentioned end-to-end security would be important for IoT purposes. so I'm wondering how to deal with end-to-end security in wot. Oliver: that depends on definition of the ends McCool: should we have security schemes for object security? Oliver: we have to double check first how to express object security in order not to redo this in TD McCool: we don't have any existing issues about object security and how to deal with it ... we need to decide how we support object security McCool creates a new issue for this [13]https://github.com/w3c/wot-security/issues/185 [13] https://github.com/w3c/wot-security/issues/185 Kaz: this issue 185 could include a definition of end-to-end security. right? McCool: we need to make a list of object security alternatives McCool adds some initial options to the issue 185 Oliver proposes more schemes that McCool adds to the issue 185 McCool: next let's look into issue tracker Issue 183 McCool looks into issue [14]https://github.com/w3c/wot-security/issues/183 [14] https://github.com/w3c/wot-security/issues/183 <kaz> [15]Issue 183 [15] https://github.com/w3c/wot-security/issues/183 McCool: should we also add monitoring into this issue? elena: IMO it should go into separate issue McCool creates a new issue [16]https://github.com/w3c/wot-security/issues/186 on monitoring [16] https://github.com/w3c/wot-security/issues/186 <kaz> [17]related issue on IETF MUD [17] https://github.com/w3c/wot-security/issues/153 Issue 180 McCool: next issue [18]https://github.com/w3c/wot-security/issues/180 [18] https://github.com/w3c/wot-security/issues/180 McCool adds some todos to the issue McCool: should we also be looking into mozilla hub or other hubs? ... what about open Hab? McCool creates a new issue on OpenHab [19]https://github.com/w3c/wot-security/issues/187 [19] https://github.com/w3c/wot-security/issues/187 <criis> [20]https://github.com/iobridge/thingspeak [20] https://github.com/iobridge/thingspeak McCool creates another issue on mozilla WebThings gateway [21]https://github.com/w3c/wot-security/issues/188 [21] https://github.com/w3c/wot-security/issues/188 McCool creates an issue on ThingSpeak [22]https://github.com/w3c/wot-security/issues/189 [22] https://github.com/w3c/wot-security/issues/189 McCool: we don't have wot integrated in projects like the above ... we need to talk to these groups ... and we need to look into their security architecture to make sure we are compatible Issue 170 McCool: let's look into issue [23]https://github.com/w3c/wot-security/issues/170 ... last time we created issues for follow up work, should we close this issue? ... or do we still have some missing actions? [23] https://github.com/w3c/wot-security/issues/170 elena: i don't see anything else from my side McCool: let's create an issue about trust levels of actors and then we can close the issue 170 McCool creates a new issue [24]https://github.com/w3c/wot-security/issues/190 on this [24] https://github.com/w3c/wot-security/issues/190 McCool: any objections to close 170? no objections, closed <kaz> [adjourned] Summary of Action Items Summary of Resolutions [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [25]scribe.perl version ([26]CVS log) $Date: 2020/09/21 09:29:28 $ [25] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [26] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 21 September 2020 09:32:10 UTC