W3C

- DRAFT -

Security task force

01 Oct 2015

Agenda

See also: IRC log

Attendees

Present
Oliver, Dave, Ari, Yingying, Michael
Regrets
Chair
Oliver
Scribe
dsr

Contents

<scribe> scribenick: dsr

Oliver shares his screen showing the agenda

Any agenda change requests? [no]

Security and Privacy Landscape

See https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means

There is a list of some 17 technology items covered.

Oliver invites additions to the table of technologies for the current state of the art.

He reviews the mechanisms listed at https://www.w3.org/WoT/IG/wiki/Design-Time_Security%26Privacy_Means#Mechanisms

We distinguish evolution stages in security and privacy technologies: classic (invented before 2010), new and future (invted > 2015)

Oliver suggests that we formally ask the IG as a whole for a review.

The conclusion session text is now complete, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#Conclusions

Oliver proposes to to give us a short overview

We need standards to ensure that different vendors can create interoperable software.

He introduces the section on inclusion of physical goods, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#Inclusion_of_Physical_Goods

We need new standards relating to authorisation of discovery, management and software updates.

In respect to origin/heritage, security and privacy for the IoT is still a work in progress.

What are the impacts of security technology choices on the architecture of WoT products and solutions.

Oliver draws our attention to the state of the art section, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#State-of-the-Art

Oliver notes that he has cut down the text leaving the details on the respective wiki sections

The report then looks at clusters of requirements, e.g. privacy, authentication, authorisation, secure commuication and storage, provisioning and credentialing.

This is followed by the conclusions.

The document is around 4 pages long.

Oliver wants to invite review from the IG mailing list.

Perhaps with one to two weeks for reviewers to send comments.

Dave: sounds like a good ideas. We also should seek ways to encourage more people to participate in this task force.

Oliver: perhaps the people representing the companies in the IG don’t include many security experts, but those companies should have securit experts that they can consult.

Dave: this is something the proposed communications strategy task force could help.

Oliver: the first step is to check that the work has a meaning for existing IG members, and after that to look at further outreach beyond current IG people.

Dave: any idea for where and when we will address resiliency which itself is a broad topic?

Oliver: I want to review the IIC materials after TPAC and come back to resilience at the start of 2016

Dave: we should discuss the roadmap during the October face to face.

Oliver: so I will email the list tomorrow to initiate the review and encourage people to involve security experts in their respective companies.

SP Requirements

This will require a lot of time, I propose to leave this as it is see https://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements_Catalogue

Oliver has a few days vacation to take.

He proposes to initiate study of use cases and emerging requirements after the face to face

That’s all I wanted to cover today, any comments?

F2F preparation

Joerg asked each task force to prepare a short status report for the October face to face.

Discussion has started on requirements, but is going slow right now. We have a complete document for the requirements catalogue. The landscape is in good shape. We’re waiting for the IIC security reference architecture. We’ve discussed run-time means.

We’ve also initiated discussion on authorisation in relationship to discovery.

We’ve plans for the compilation of the technology landscape.

In respect to proposals for discussion at TPAC, Oliver plans to focus on the landscape work, both at the overview level and the technical building blocks.

It would be good to discuss ideas for introducing security into future work on plugfests.

Oliver would like to do some work use cases, but feels that this would take too much time. So he proposes to use the face to face to prepare that work.

Michael: I am trying to bring in fresh people and to get involved with the security work. The process looks good.

Oliver: we can also discuss security etc. in the W3C/T2TRG meeting

Any other business

Oliver: we won’t have a call on Oct 29, nor on Oct 15 (when I will be on vacation)

Dave: suggests dropping the calls, but try to use the existing calls to draw attention to the review of the SP materials.

Oliver ask if Dave could handle that in his absence.

Dave: sure

Oliver: okay we will next meet in Japan.

… end of meeting …

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/10/01 13:54:41 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/technoogy/technology/
Succeeded: s/out/our/
Succeeded: s/pages/sections/
Found ScribeNick: dsr
Inferring Scribes: dsr
Present: Oliver Dave Ari Yingying Michael
Agenda: https://lists.w3.org/Archives/Public/public-wot-ig/2015Sep/0074.html
Got date from IRC log name: 01 Oct 2015
Guessing minutes URL: http://www.w3.org/2015/10/01-wot-sp-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
[End of scribe.perl diagnostic output]