IRC log of wot-sec on 2017-06-30

Timestamps are in UTC.

12:03:58 [RRSAgent]
RRSAgent has joined #wot-sec
12:03:58 [RRSAgent]
logging to http://www.w3.org/2017/06/30-wot-sec-irc
12:04:38 [kaz]
present+ Elena_Reshetova, Michael_Koster, Michael_McCool, Kaz_Ashimura
12:05:28 [kaz]
meeting: WoT IG - Security
12:07:57 [kaz]
elena: RFC6973 questionnaire
12:08:08 [kaz]
... generated a google doc for that
12:08:56 [kaz]
mm: first question about stakeholder?
12:09:53 [kaz]
er: and then system maintainer, asset list, ...
12:10:56 [kaz]
... (goes through the questionnaire list)
12:11:10 [kaz]
... list of threats complete?
12:11:21 [kaz]
... security objectives correct?
12:11:39 [kaz]
mm: use cases look more like features
12:12:08 [kaz]
... would clarify scenario of use use cases
12:12:49 [kaz]
mk: use case being what use is doing
12:13:18 [kaz]
... so far it seems component-oriented approach
12:13:58 [kaz]
... we had "atomic use cases" already and that is a bit different kind of use case
12:14:40 [kaz]
... still struggling about what "security for WoT"
12:14:53 [kaz]
... there are existing security considerations
12:15:26 [kaz]
... asking about this questionnaire is a good approach
12:15:59 [kaz]
... also we should go back to people and ask what they're concerned about WoT security
12:16:29 [kaz]
q+
12:17:00 [kaz]
er: f2f would be a good opportunity to get people's opinions
12:17:27 [kaz]
mm: we should generate this questionnaire and also should have a session during f2f
12:17:57 [kaz]
... we need to think about scenario more
12:18:43 [kaz]
present+ Daniel_Ibaseta
12:18:56 [kaz]
... we have 2 sessions, one is security, another is privacy
12:19:04 [kaz]
... how to handle them
12:19:10 [kaz]
... how many sessions should we have?
12:19:19 [kaz]
... Elena will call in
12:19:24 [kaz]
... Zoltan will be there f2f
12:19:39 [kaz]
... 3 hours total maybe?
12:19:51 [kaz]
... should avoid parallel sessions
12:20:05 [kaz]
er: 1 hour for privacy?
12:20:23 [kaz]
... the rest 2 hours scenarios
12:20:47 [kaz]
mm: there are already security features in the architecture
12:20:54 [kaz]
... good to get connected with them
12:21:13 [kaz]
... we should include scripting people as well
12:21:30 [kaz]
... half hour for review
12:21:52 [kaz]
er: how many mechanisms?
12:22:07 [kaz]
mm: TLS, secure CoAP, etc.
12:22:14 [kaz]
... will go back to see the details
12:22:24 [kaz]
... a section in the TD about security but vague
12:22:49 [kaz]
... the details should be written in another document and should add a link to that
12:22:58 [kaz]
... management API
12:23:02 [kaz]
... isolation
12:23:15 [kaz]
... would figure out how to evaluate
12:23:27 [kaz]
... focused discussion with scripting guys
12:23:37 [kaz]
... 3 hours total
12:23:41 [kaz]
... 1 hour for privacy
12:23:50 [kaz]
... security architecture session
12:23:59 [kaz]
... 1.5 hour for use case scenarios
12:24:11 [kaz]
... 0.5 for reviewing existing mechanisms
12:24:45 [kaz]
er: we don't have anybody from TD
12:25:02 [kaz]
mm: shows the f2f agenda: https://www.w3.org/WoT/IG/wiki/F2F_meeting,_9-13_July_2017,_D%C3%BCsseldorf,_Germany
12:25:20 [kaz]
... edits the agenda
12:25:24 [kaz]
... 1 hour for TD
12:26:32 [kaz]
... add topics for security
12:26:36 [kaz]
s/add/adds/
12:28:06 [kaz]
... 1.5h securiy use cases and scenarios
12:28:19 [kaz]
... 0.5h review of exisiting/proposed security architecture
12:28:26 [kaz]
... 1h privacy
12:28:40 [kaz]
topic: Privacy questionnaire
12:29:16 [kaz]
-> Elena's doc file on "Privacy questionnaire for WoT protocol"
12:29:39 [kaz]
q?
12:30:30 [kaz]
er: can modify it
12:30:44 [kaz]
... and put it a google doc
12:31:15 [kaz]
mm: looks good
12:31:36 [kaz]
er: will apply changes
12:31:47 [kaz]
mm: next Friday, I'll be travelling
12:32:05 [kaz]
mk: will be preparing on that day
12:32:22 [kaz]
mm: would propose we cancel the next meeting
12:32:37 [kaz]
... we should have a couple of presentation slides for f2f
12:33:15 [kaz]
... let's skip general background
12:33:37 [kaz]
... join the openday, and mention the state, etc.
12:33:53 [kaz]
er: can generate some slides and send them to you
12:34:27 [kaz]
mm: introductory explanation probably will be done by Matthias
12:34:28 [kaz]
q?
12:34:44 [kaz]
er: how to distribute the resources?
12:34:50 [kaz]
mm: google doc?
12:35:10 [kaz]
... would have a link on the security tf page
12:35:38 [kaz]
... and ask people to review particular documents/questionnaires on the ML
12:35:56 [kaz]
... to fill out the questionnaire prior to the f2f
12:36:31 [kaz]
q?
12:36:53 [kaz]
ack k
12:37:14 [kaz]
topic: aob
12:37:37 [kaz]
kaz: think we should have security sessions as plenary sessions
12:37:37 [kaz]
mm: agree
12:37:58 [kaz]
... would add "plenary" mark to those sesssions
12:38:01 [kaz]
s/sss/ss/
12:39:11 [kaz]
kaz: another question is distributing today's resources to the group list
12:39:31 [kaz]
er: can update the google doc today
12:39:38 [kaz]
... and send them to you
12:40:38 [kaz]
member-wot-ig@w3.org and member-wot-wg@w3.org
12:42:17 [kaz]
mm: will add hyperlinks to the TF wiki page
12:44:01 [kaz]
kaz: just thought it would be nicer to add concrete resources to the minutes from this call
12:44:11 [kaz]
er: can update the resources and add links to the minutes
12:44:14 [kaz]
[adjourned]
12:44:19 [kaz]
rrsagent, make log public
12:44:44 [kaz]
rrsagent, draft minutes
12:44:44 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/06/30-wot-sec-minutes.html kaz
12:45:13 [kaz]
Chair: McCool
12:51:01 [kaz]
i/RFC6973/topic: Privacy questionnaire - online google doc/
12:51:03 [kaz]
rrsagent, draft minutes
12:51:03 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/06/30-wot-sec-minutes.html kaz
12:51:39 [kaz]
i/we have 2 sessions/topic: F2F agenda/
12:51:50 [kaz]
s/aob/AOB/
12:51:53 [kaz]
rrsagent, draft minutes
12:51:53 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/06/30-wot-sec-minutes.html kaz
15:01:45 [Zakim]
Zakim has left #wot-sec