12:00:39 <RRSAgent> RRSAgent has joined #wot-sec
12:00:39 <RRSAgent> logging to http://www.w3.org/2017/09/04-wot-sec-irc
12:00:40 <Zakim> Zakim has joined #wot-sec
12:00:49 <kaz> Meeting: WoT IG - Security
12:01:19 <kaz> present+ Kaz_Ashimrua, Michale_McCool, Tomoaki_Mizushima, Uday_Davuluru, Zoltan_Kis
12:03:19 <kaz> present+ Elena_Reshetova
12:05:53 <elena> elena has joined #wot-sec
12:07:04 <kaz> present+ Michale_Koster
12:07:26 <kaz> zakim, pick a scribe
12:07:26 <Zakim> Not knowing who is chairing or who scribed recently, I propose Uday_Davuluru
12:07:43 <kaz> scribenick: uday
12:07:50 <zkis> zkis has joined #wot-sec
12:08:24 <kaz> Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
12:08:51 <uday> MM: Discusses issues and next steps
12:10:17 <mjkoster> mjkoster has joined #wot-sec
12:11:01 <kaz> -> https://github.com/w3c/wot/pulls/ereshetova pull request 349
12:11:09 <uday> MM: Issue 349 discussion
12:11:22 <kaz> https://github.com/w3c/wot/pull/349
12:11:55 <kaz> s/pull request 349/Elena's pull request/
12:12:04 <uday> ER: TD privacy and TD local storage updated
12:13:59 <kaz> s/349/349 pull request 349 has just been merged/
12:15:18 <uday> ER: Security consideration section: goal is to use this to adopt security scenario and build one's own security objects
12:16:05 <uday> MM: might get a conflict issue
12:16:56 <kaz> kaz: a quick question
12:17:19 <kaz> ... do you want to commit this by Wednesday (=finalizing the whole group review)?
12:17:32 <kaz> er: this is not ready for commit and need more discussion
12:17:32 <uday> Kaz: can we include this in architecture doc
12:18:09 <uday> MM: no time till the first public draft
12:19:06 <uday> MM: need security repo
12:20:03 <uday> ER: can have a single big document or sub documents
12:20:40 <uday> MM: lengthy document might overshadow topics
12:21:16 <kaz> q?
12:21:43 <uday> MM: threat model and security consideration can be put into one doc
12:22:49 <uday> MM: privacy is missing in the doc, need to add this
12:23:24 <uday> ER: started to add privacy related threats in threat model itself
12:23:56 <uday> ER: explains privacy with examples
12:24:48 <Mizushima> Mizushima has joined #wot-sec
12:24:54 <kaz> mm: would try a vote. anybody object to have a separate document for "WoT Security and Privacy Consideration"?
12:24:54 <uday> MM: do anyone objects separate deliverable for WoT security considerations
12:27:05 <uday> ER: need to highlight important parts
12:27:08 <uday> MM: agree
12:28:05 <uday> MM: need to separate implementation details
12:28:56 <uday> MM: we should create new doc under WoT repo and have a security repo in parallel
12:29:23 <uday> Kaz: can create a separate repo if needed
12:29:32 <kaz> ... "wot-security"?
12:29:48 <uday> MM: WoT-security would be a good name
12:30:27 <uday> kaz: need to use repo manager to publish
12:30:39 <kaz> kaz: as part of the normative WG deliverables? if so we need to use the repository manager as well
12:31:10 <kaz> mm: should be an informative deliverable, e.g., a WG Note
12:31:21 <uday> MM: normative and informative parts of security
12:31:45 <uday> smilar to WoT architecture repo
12:32:52 <uday> how do we publish security?
12:33:24 <uday> shall we make security as a separate doc instead of merging in architecture doc
12:33:51 <kaz> because the description would become long
12:34:44 <uday> MM: how do people handle this in another groups
12:35:03 <uday> Kaz: maybe with separate normative doc
12:36:21 <uday> MM: don't want to ember all security stuff in architecture doc
12:36:42 <uday> @Kaz can you post your comment here
12:37:18 <uday> kaz: makes sense to start with informative note and decide with the chairs call
12:37:43 <uday> MM: will also create hyperlink between docs
12:38:57 <McCool> mm: we will aim for a separate security document, "WoT Security and Privacy Considerations"
12:39:05 <McCool> we'll talk to the editors/chairs to confirm this
12:39:29 <McCool> the document will be informative, but published in such a way (note) that we can hyperlink to sections from the other documents
12:39:49 <McCool> ideally, we would have it in its own repo, parallel to the wot-architecture
12:39:54 <McCool> proposed name: wot-security
12:41:04 <uday> MM: security in architecture doc clan up
12:41:08 <kaz> -> https://w3c.github.io/wot-architecture/#security-considerations
12:42:54 <zkis> https://zolkis.github.io/wot-scripting-api/
12:42:56 <uday> ZK: already made a PR, can see on my gitthub page
12:43:11 <kaz> -> https://w3c.github.io/wot-scripting-api/#security
12:44:30 <kaz> mm: should read "The security section is under development and will be completed later."
12:45:05 <kaz> ... on the other hand, there is a link to the threat model in the TD draft
12:45:55 <kaz> -> https://w3c.github.io/wot-thing-description/#threat-model
12:47:29 <kaz> kaz: do we want to update the Architecture/Scripting API as well with the detailed description?
12:47:39 <kaz> ... or ok to publish them asis?
12:48:13 <kaz> mm: publishing them with the minimum description now is ok
12:48:32 <uday> thanks for the filling kaz
12:48:34 <kaz> ... but would like to remove "More general..." from the security/privacy section of the TD draft
12:49:03 <kaz> s/"More general..."/"More general discussion of overall security of a Thing (for example, best practices for WoT Interface design) can be found in the WoT Architecture document. "/
12:50:34 <kaz> s|security/privacy section|"7. Security Consideration" section|
12:50:42 <kaz> -> https://w3c.github.io/wot-thing-description/#security-consideration
12:51:45 <kaz> mm: and also for the architecture document
12:52:57 <kaz> ... the Editor's note at "8. Security Considerations"
12:53:43 <kaz> ... Security and privacy considerations are under development
12:54:01 <kaz> ... and remove "For now, only..."
12:54:27 <kaz> s/only.../only the sub-section headings are included to indicate the roadmap for the WoT Architecture security considerations./
12:54:33 <kaz> rsagent, make log public
12:54:41 <kaz> rrsagent, make log public
12:54:43 <kaz> rrsagent, draft minutes
12:54:43 <RRSAgent> I have made the request to generate http://www.w3.org/2017/09/04-wot-sec-minutes.html kaz
12:55:06 <kaz> https://github.com/w3c/wot-architecture/issues
12:55:28 <kaz> github issues for architecture above
12:56:10 <kaz> mm: add "Please see work in progress at WoT Security and Privacy."
12:56:51 <kaz> ... linking to: https://github.com/w3c/wot/tree/master/security-privacy
12:58:33 <kaz> ... (creates a pull request on his own repo; and will create a pull request on the main repo)
12:58:41 <kaz> ... next
12:58:55 <kaz> ... Elena, if you can take out an overview on W3C WoT security and privacy
12:59:18 <kaz> ... copy the framework from the WoT Architecture document
12:59:21 <uday> MM: next steps: ER to create new doc under WoT Security and privacy and start general documentation
13:00:00 <uday> MM to make sure the draft is clean
13:00:49 <kaz> er: regrets for the next call (Sp. 11)
13:02:03 <kaz> mm: if you can send a link to your repo, I can make a pull request
13:02:51 <kaz> topic: NDSS workshop
13:02:57 <kaz> mm: worked on the proposal
13:03:04 <uday> MM: proposal submitted to NDSS
13:03:44 <kaz> mm: deadlines:
13:03:50 <kaz> ... cfp 25 sep 2017
13:04:03 <kaz> ... now done and in the pipe
13:05:04 <kaz> ... focused on standards
13:05:13 <kaz> ... review of existing standards
13:05:38 <kaz> ... including but not limited to W3C standards
13:06:16 <kaz> ... will be held in February
13:07:07 <kaz> er: paper deadline too close?
13:07:19 <kaz> mm: we should discuss that
13:07:30 <kaz> ... notice to authors: 15 Jan 2018
13:07:39 <kaz> ... not expecting a big paper, just 1-3 pages
13:07:59 <kaz> ... publication-ready papers: 1 Feb. 2018
13:08:53 <kaz> [ adjourned ]
13:08:57 <kaz> rrsagent, draft minutes
13:08:57 <RRSAgent> I have made the request to generate http://www.w3.org/2017/09/04-wot-sec-minutes.html kaz
13:23:15 <zkis> zkis has joined #wot-sec
14:32:43 <Zakim> Zakim has left #wot-sec