W3C

Web of Things Interest Group Teleconference

TF-SP

10 Dec 2015

See also: IRC log

Attendees

Present
Oliver_Pfaff, Yingying_Chen, Carsten_Bormann, James_Lynn, Tibor_Z_Pardi, Toru_Kawaguchi
Regrets
Chair
Oliver
Scribe
Yingying

Contents

Oliver: today's agenda:
... 1. Proposal for security-enabling the Plugfest@Eurecom F2F: overview of security-related deliverables and their status, hands-on session with Postman/Copper
... 2. Security and privacy artifacts in Github (https://github.com/w3c/wot)
... 3. Status of SP work items, next steps
... 4. AOB
... any comments on the agenda?

Carsten: could you post the presentation you showed yesterday?

Oliver: I will use the same slides as in yesterday meeting. I could post it in the afternoon.

Proposal for security-enabling the Plugfest@Eurecom F2F: overview of security-related deliverables and their status, hands-on session with Postman/Copper

Oliver shows the presentation slides: Overview of security-enabling

Oliver: the Plugfest in Sapporo is successful. we would like to continue and carry out the security aspects.
... We would like include more people.
... we have only 8 weeks left before Christmas.
... So We could not demand the details of security domain knowledge.
... We need to do what is possible.
... we would like to have security communications.
... We don't want to finish the whole security functionality.
... We would add components to get instructions on security aspects.
... the trick is to rely on existing standards as much as possible.
... here is a layout of components showed in Sapporo.
... we would introduce additional components.
... there would be supporting components. communication protection and security token could be included.
... The servient component has a security token processing.
... Cleint and RS implementations are like what was done in Sapporo.
... Siemens volunteers to provide AM and AS. And we also welcome other companies to join it.
... We need to avoid that AM and AS are implemented by different companies.
... here is the list of materials we would be able to provide.
... overview, howto and cheatsheet are already existed.
... Cheatsheet includes some code snippets.
... we are willing to give handson help.

Oliver shows the howto document, a 10 pages doc.

Oliver: there is "protected interaction" chapter.
... We need to do some shortcut.
... there are 10-15 footnotes along the doc.
... we are working with Postman which is a Google Chrome plugin.
... there are some code examples and texts in the howto.

Oliver uses the Postman to show some example.

Oliver: Postman is a google chrome plugin.
... I will show you the registration.
... in the example, we need to give the client_name and grant_types.
... you can select Curl, or Java as the language as you prefer to.
... then you get 201 for the response.
... it is very straightforward to use.
... the only dynamic is the authentication header.
... which is a piece of client code to do.
... you get the 200 response. and you get the access token.
... it's not a tricky part.

Oliver shows the JWT.

Oliver: we have the type of the token.
... there is something like as_token.

Oliver explains the minimum data in the payload.

Oliver: this is about the proposal for the plugfest.
... there is a list of libs. We use the ES256 as default but you could also select others.

Carsten: the communications between Cllient and AS are protected by other methods that are not covered here?

Oliver: the server has some authentication.
... there is some instructions in the howto.

[some discussions on the protection of communication between client, AM and AS]

Carsten: is there any way that we don't need to care what the underlying certificaiton is on-going?

Oliver: It can be done.

[some discussion about DTLS/TLS underneath]

Oliver: the slides should be put in the wiki in this afternoon. I will fine tune the howto document.
... I can send it to you by end of next week.

Security and privacy artifacts in Github

Oliver shows the wiki landing page.

Oliver: I started moving the wiki page content into wot github.
... here you can see some subfolders.
... I created the IG-SP folder.
... it is the same content as in wiki.
... I will not move all. For the advanced concept stuff during brainstorming, I would like to keep them in wiki

Oliver explains the security privacy challenge page in github.

Oliver: I would invite people to make the move as well.
... the requirements were moved to github as well.
... I also moved the glossary and references to github.
... I will remove the wiki pages that were moved to github.
... is that ok?
... I will remove the payload in wiki and add the link to github.
... next call will be in 4 weeks. It should be Jan 7th.

Status of SP work items, next steps

Oliver: no content changes for these 2 weeks.
... everybody is busy with plugfest.
... and will be no further efforts put on it until end of Jan.
... comments?

[no]

Merry Christmas and Happy New year!

[adjourned]

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.144 (CVS log)
$Date: 2015/12/11 02:29:13 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.144  of Date: 2015/11/17 08:39:34  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/Carsten/Oliver/
Found Scribe: Yingying
Inferring ScribeNick: Yingying
Present: Oliver_Pfaff Yingying_Chen Carsten_Bormann James_Lynn Tibor_Z_Pardi Toru_Kawaguchi

WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

Got date from IRC log name: 10 Dec 2015
Guessing minutes URL: http://www.w3.org/2015/12/10-wot-sp-minutes.html
People with action items:
[End of scribe.perl diagnostic output]