See also: IRC log
meeting Web of Things IG Security task force
<scribe> scribenick: dsr
We introduce ourselves
Dan: have you adopted a threat model?
Oliver: we haven’t talked yet about threat models, and have rather discussed objectives. Threat model would fit into the elaboration of the landscape.
Oliver shows us the wiki page for the Security, Privacy and Resilience task force
https://www.w3.org/WoT/IG/wiki/Security,_Privacy_and_Resilience
We aim to provide a report within a few months.
James Lynn suggested some dimensions we could adopt for our study.
Oliver asks if we’re comfortable with the proposed direction.
Oliver asks about the wording “creation time” and “execution time” mechanisms
James: What do you mean by creation time? This could be interpreted as either design time or when the service is created.
Oliver: I am happy with the term “design time”.
James: perhaps “run time” rather than “execution time”
Oliver I am happy with that too.
Oliver: I would like us to be as interactive as possible
Oliver introduces the section on Thing Authentication.
Are there missing criteria we should add?
[no one answers]
May be we should have a “benefits” section?
Oliver: it would be nice to have a consistent set of criteria across the sections
James: I will see how practical that is.
Oliver points to the wiki page on security and privacy mechanism candidates
If you have anything we need to cover please let us know via email
Perhaps we can now have a quick brainstorming session? What other points on the landscape should be considered?
[no suggestions]
Oliver: the IETF ACE working group is studying mechanisms for constrained devices.
There are NIST documents which offer a couple of mechanisms
Dave sent out a document on the IIC reference architecture with some ideas on security at a high level.
My suggestion is that we also cover traditional security mechanisms, and reckon that we will have something like 10-20 items
Oliver volunteers to draw a draft list of mechanisms for us to consider.
For a couple of mechanisms we should discuss them in detail on a future call
Oliver asks if James can prepare something for our next call.
James: yes, I can certainly try
Oliver: any further ideas for the technology landscape?
Edoardo: should we consider guidance documents, such as those from the IETF?
Oliver: yes, that would apply to the section on design time criteria
Edoardo: I agree with that
Edoardo volunteers to make a start on that
Oliver: I drafted a very early version for this section
We can elaborate this over the next few weeks
Edoardo: how much should the requirements here be aligned with the use case studies
Oliver: eventually 100%
Right now, we are in a bootstrap phase
We can then iterate to reflect the use cases as they evolve
This is a join W3C/IRTF workshop with a half day track on security and privacy,
We have a draft in the wiki for the meeting page.
If you would like to give a presentation, please contact Oliver or Carsten Bormann.
At the end of this month the WoT IG is having a face to face in Sunnyvale California.
Perhaps we can discuss agenda items for that meeting in next week’s call.
Oliver brings the meeting to a close.
This is scribe.perl Revision: 1.140 of Date: 2014-11-06 18:16:30 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/J_Lyn/J_Lynn/ Succeeded: s/objectes/objectives/ Succeeded: s/J_Lynn/James/ Succeeded: s/20-30/10-20/ Found ScribeNick: dsr Inferring Scribes: dsr Present: Oliver Dave Dan Edoardo Kathy James WARNING: No meeting title found! You should specify the meeting title like this: <dbooth> Meeting: Weekly Baking Club Meeting Got date from IRC log name: 02 Jul 2015 Guessing minutes URL: http://www.w3.org/2015/07/02-wot-sp-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]