12:03:58 <RRSAgent> RRSAgent has joined #wot-sec
12:03:58 <RRSAgent> logging to http://www.w3.org/2017/06/30-wot-sec-irc
12:04:38 <kaz> present+ Elena_Reshetova, Michael_Koster, Michael_McCool, Kaz_Ashimura
12:05:28 <kaz> meeting: WoT IG - Security
12:07:57 <kaz> elena: RFC6973 questionnaire
12:08:08 <kaz> ... generated a google doc for that
12:08:56 <kaz> mm: first question about stakeholder?
12:09:53 <kaz> er: and then system maintainer, asset list, ...
12:10:56 <kaz> ... (goes through the questionnaire list)
12:11:10 <kaz> ... list of threats complete?
12:11:21 <kaz> ... security objectives correct?
12:11:39 <kaz> mm: use cases look more like features
12:12:08 <kaz> ... would clarify scenario of use use cases
12:12:49 <kaz> mk: use case being what use is doing
12:13:18 <kaz> ... so far it seems component-oriented approach
12:13:58 <kaz> ... we had "atomic use cases" already and that is a bit different kind of use case
12:14:40 <kaz> ... still struggling about what "security for WoT"
12:14:53 <kaz> ... there are existing security considerations
12:15:26 <kaz> ... asking about this questionnaire is a good approach
12:15:59 <kaz> ... also we should go back to people and ask what they're concerned about WoT security
12:16:29 <kaz> q+
12:17:00 <kaz> er: f2f would be a good opportunity to get people's opinions
12:17:27 <kaz> mm: we should generate this questionnaire and also should have a session during f2f
12:17:57 <kaz> ... we need to think about scenario more
12:18:43 <kaz> present+ Daniel_Ibaseta
12:18:56 <kaz> ... we have 2 sessions, one is security, another is privacy
12:19:04 <kaz> ... how to handle them
12:19:10 <kaz> ... how many sessions should we have?
12:19:19 <kaz> ... Elena will call in
12:19:24 <kaz> ... Zoltan will be there f2f
12:19:39 <kaz> ... 3 hours total maybe?
12:19:51 <kaz> ... should avoid parallel sessions
12:20:05 <kaz> er: 1 hour for privacy?
12:20:23 <kaz> ... the rest 2 hours scenarios
12:20:47 <kaz> mm: there are already security features in the architecture
12:20:54 <kaz> ... good to get connected with them
12:21:13 <kaz> ... we should include scripting people as well
12:21:30 <kaz> ... half hour for review
12:21:52 <kaz> er: how many mechanisms?
12:22:07 <kaz> mm: TLS, secure CoAP, etc.
12:22:14 <kaz> ... will go back to see the details
12:22:24 <kaz> ... a section in the TD about security but vague
12:22:49 <kaz> ... the details should be written in another document and should add a link to that
12:22:58 <kaz> ... management API
12:23:02 <kaz> ... isolation
12:23:15 <kaz> ... would figure out how to evaluate
12:23:27 <kaz> ... focused discussion with scripting guys
12:23:37 <kaz> ... 3 hours total
12:23:41 <kaz> ... 1 hour for privacy
12:23:50 <kaz> ... security architecture session
12:23:59 <kaz> ... 1.5 hour for use case scenarios
12:24:11 <kaz> ... 0.5 for reviewing existing mechanisms
12:24:45 <kaz> er: we don't have anybody from TD
12:25:02 <kaz> mm: shows the f2f agenda: https://www.w3.org/WoT/IG/wiki/F2F_meeting,_9-13_July_2017,_D%C3%BCsseldorf,_Germany
12:25:20 <kaz> ... edits the agenda
12:25:24 <kaz> ... 1 hour for TD
12:26:32 <kaz> ... add topics for security
12:26:36 <kaz> s/add/adds/
12:28:06 <kaz> ... 1.5h securiy use cases and scenarios
12:28:19 <kaz> ... 0.5h review of exisiting/proposed security architecture
12:28:26 <kaz> ... 1h privacy
12:28:40 <kaz> topic: Privacy questionnaire
12:29:16 <kaz> -> Elena's doc file on "Privacy questionnaire for WoT protocol"
12:29:39 <kaz> q?
12:30:30 <kaz> er: can modify it
12:30:44 <kaz> ... and put it a google doc
12:31:15 <kaz> mm: looks good
12:31:36 <kaz> er: will apply changes
12:31:47 <kaz> mm: next Friday, I'll be travelling
12:32:05 <kaz> mk: will be preparing on that day
12:32:22 <kaz> mm: would propose we cancel the next meeting
12:32:37 <kaz> ... we should have a couple of presentation slides for f2f
12:33:15 <kaz> ... let's skip general background
12:33:37 <kaz> ... join the openday, and mention the state, etc.
12:33:53 <kaz> er: can generate some slides and send them to you
12:34:27 <kaz> mm: introductory explanation probably will be done by Matthias
12:34:28 <kaz> q?
12:34:44 <kaz> er: how to distribute the resources?
12:34:50 <kaz> mm: google doc?
12:35:10 <kaz> ... would have a link on the security tf page
12:35:38 <kaz> ... and ask people to review particular documents/questionnaires on the ML
12:35:56 <kaz> ... to fill out the questionnaire prior to the f2f
12:36:31 <kaz> q?
12:36:53 <kaz> ack k
12:37:14 <kaz> topic: aob
12:37:37 <kaz> kaz: think we should have security sessions as plenary sessions
12:37:37 <kaz> mm: agree
12:37:58 <kaz> ... would add "plenary" mark to those sesssions
12:38:01 <kaz> s/sss/ss/
12:39:11 <kaz> kaz: another question is distributing today's resources to the group list
12:39:31 <kaz> er: can update the google doc today
12:39:38 <kaz> ... and send them to you
12:40:38 <kaz> member-wot-ig@w3.org and member-wot-wg@w3.org
12:42:17 <kaz> mm: will add hyperlinks to the TF wiki page
12:44:01 <kaz> kaz: just thought it would be nicer to add concrete resources to the minutes from this call
12:44:11 <kaz> er: can update the resources and add links to the minutes
12:44:14 <kaz> [adjourned]
12:44:19 <kaz> rrsagent, make log public
12:44:44 <kaz> rrsagent, draft minutes
12:44:44 <RRSAgent> I have made the request to generate http://www.w3.org/2017/06/30-wot-sec-minutes.html kaz
12:45:13 <kaz> Chair: McCool
12:51:01 <kaz> i/RFC6973/topic: Privacy questionnaire - online google doc/
12:51:03 <kaz> rrsagent, draft minutes
12:51:03 <RRSAgent> I have made the request to generate http://www.w3.org/2017/06/30-wot-sec-minutes.html kaz
12:51:39 <kaz> i/we have 2 sessions/topic: F2F agenda/
12:51:50 <kaz> s/aob/AOB/
12:51:53 <kaz> rrsagent, draft minutes
12:51:53 <RRSAgent> I have made the request to generate http://www.w3.org/2017/06/30-wot-sec-minutes.html kaz
15:01:45 <Zakim> Zakim has left #wot-sec