See also: IRC log
Elena: RFC6973
questionnaire
... generated a google doc for that
McCool: first question about stakeholder?
Elena: and then system maintainer,
asset list, ...
... (goes through the questionnaire list)
... list of threats complete?
... security objectives correct?
McCool: use cases look more like
features
... would clarify scenario of use use cases
Koster: use case being what use is
doing
... so far it seems component-oriented approach
... we had "atomic use cases" already and that is a bit
different kind of use case
... still struggling about what "security for WoT"
... there are existing security considerations
... asking about this questionnaire is a good approach
... also we should go back to people and ask what they're
concerned about WoT security
Elena: f2f would be a good opportunity to get people's opinions
McCool: we should generate this
questionnaire and also should have a session during f2f
... we need to think about scenario more
McCool: we have 2 sessions, one is
security, another is privacy
... how to handle them
... how many sessions should we have?
... Elena will call in
... Zoltan will be there f2f
... 3 hours total maybe?
... should avoid parallel sessions
Elena: 1 hour for privacy?
... the rest 2 hours scenarios
McCool: there are already security
features in the architecture
... good to get connected with them
... we should include scripting people as well
... half hour for review
Elena: how many mechanisms?
McCool: TLS, secure CoAP, etc.
... will go back to see the details
... a section in the TD about security but vague
... the details should be written in another document and
should add a link to that
... management API
... isolation
... would figure out how to evaluate
... focused discussion with scripting guys
... 3 hours total
... 1 hour for privacy
... security architecture session
... 1.5 hour for use case scenarios
... 0.5 for reviewing existing mechanisms
Elena: we don't have anybody from TD
McCool: shows the f2f agenda:
https://www.w3.org/WoT/IG/wiki/F2F_meeting,_9-13_July_2017,_D%C3%BCsseldorf,_Germany
... edits the agenda
... 1 hour for TD
... adds topics for security
... 1.5h securiy use cases and scenarios
... 0.5h review of exisiting/proposed security
architecture
... 1h privacy
-> Elena's doc file on "Privacy questionnaire for WoT protocol"
Elena: can modify it
... and put it a google doc
McCool: looks good
Elena: will apply changes
McCool: next Friday, I'll be travelling
Koster: will be preparing on that day
McCool: would propose we cancel the
next meeting
... we should have a couple of presentation slides for
f2f
... let's skip general background
... join the openday, and mention the state, etc.
Elena: can generate some slides and send them to you
McCool: introductory explanation probably will be done by Matthias
Elena: how to distribute the resources?
McCool: google doc?
... would have a link on the security tf page
... and ask people to review particular
documents/questionnaires on the ML
... to fill out the questionnaire prior to the f2f
Kaz: think we should have security sessions as plenary sessions
McCool: agree
... would add "plenary" mark to those sessions
Kaz: another question is distributing today's resources to the group lists: member-wot-ig@w3.org and member-wot-wg@w3.org
Elena: can update the google doc
today
... and send them to you
McCool: will add hyperlinks to the TF wiki page
Kaz: just thought it would be nicer to add concrete resources to the minutes from this call
Elena: can update the resources and add links to the minutes
[adjourned]