IRC log of wot-sec on 2017-09-04

Timestamps are in UTC.

12:00:39 [RRSAgent]
RRSAgent has joined #wot-sec
12:00:39 [RRSAgent]
logging to http://www.w3.org/2017/09/04-wot-sec-irc
12:00:40 [Zakim]
Zakim has joined #wot-sec
12:00:49 [kaz]
Meeting: WoT IG - Security
12:01:19 [kaz]
present+ Kaz_Ashimrua, Michale_McCool, Tomoaki_Mizushima, Uday_Davuluru, Zoltan_Kis
12:03:19 [kaz]
present+ Elena_Reshetova
12:05:53 [elena]
elena has joined #wot-sec
12:07:04 [kaz]
present+ Michale_Koster
12:07:26 [kaz]
zakim, pick a scribe
12:07:26 [Zakim]
Not knowing who is chairing or who scribed recently, I propose Uday_Davuluru
12:07:43 [kaz]
scribenick: uday
12:07:50 [zkis]
zkis has joined #wot-sec
12:08:24 [kaz]
Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
12:08:51 [uday]
MM: Discusses issues and next steps
12:10:17 [mjkoster]
mjkoster has joined #wot-sec
12:11:01 [kaz]
-> https://github.com/w3c/wot/pulls/ereshetova pull request 349
12:11:09 [uday]
MM: Issue 349 discussion
12:11:22 [kaz]
https://github.com/w3c/wot/pull/349
12:11:55 [kaz]
s/pull request 349/Elena's pull request/
12:12:04 [uday]
ER: TD privacy and TD local storage updated
12:13:59 [kaz]
s/349/349 pull request 349 has just been merged/
12:15:18 [uday]
ER: Security consideration section: goal is to use this to adopt security scenario and build one's own security objects
12:16:05 [uday]
MM: might get a conflict issue
12:16:56 [kaz]
kaz: a quick question
12:17:19 [kaz]
... do you want to commit this by Wednesday (=finalizing the whole group review)?
12:17:32 [kaz]
er: this is not ready for commit and need more discussion
12:17:32 [uday]
Kaz: can we include this in architecture doc
12:18:09 [uday]
MM: no time till the first public draft
12:19:06 [uday]
MM: need security repo
12:20:03 [uday]
ER: can have a single big document or sub documents
12:20:40 [uday]
MM: lengthy document might overshadow topics
12:21:16 [kaz]
q?
12:21:43 [uday]
MM: threat model and security consideration can be put into one doc
12:22:49 [uday]
MM: privacy is missing in the doc, need to add this
12:23:24 [uday]
ER: started to add privacy related threats in threat model itself
12:23:56 [uday]
ER: explains privacy with examples
12:24:48 [Mizushima]
Mizushima has joined #wot-sec
12:24:54 [kaz]
mm: would try a vote. anybody object to have a separate document for "WoT Security and Privacy Consideration"?
12:24:54 [uday]
MM: do anyone objects separate deliverable for WoT security considerations
12:27:05 [uday]
ER: need to highlight important parts
12:27:08 [uday]
MM: agree
12:28:05 [uday]
MM: need to separate implementation details
12:28:56 [uday]
MM: we should create new doc under WoT repo and have a security repo in parallel
12:29:23 [uday]
Kaz: can create a separate repo if needed
12:29:32 [kaz]
... "wot-security"?
12:29:48 [uday]
MM: WoT-security would be a good name
12:30:27 [uday]
kaz: need to use repo manager to publish
12:30:39 [kaz]
kaz: as part of the normative WG deliverables? if so we need to use the repository manager as well
12:31:10 [kaz]
mm: should be an informative deliverable, e.g., a WG Note
12:31:21 [uday]
MM: normative and informative parts of security
12:31:45 [uday]
smilar to WoT architecture repo
12:32:52 [uday]
how do we publish security?
12:33:24 [uday]
shall we make security as a separate doc instead of merging in architecture doc
12:33:51 [kaz]
because the description would become long
12:34:44 [uday]
MM: how do people handle this in another groups
12:35:03 [uday]
Kaz: maybe with separate normative doc
12:36:21 [uday]
MM: don't want to ember all security stuff in architecture doc
12:36:42 [uday]
@Kaz can you post your comment here
12:37:18 [uday]
kaz: makes sense to start with informative note and decide with the chairs call
12:37:43 [uday]
MM: will also create hyperlink between docs
12:38:57 [McCool]
mm: we will aim for a separate security document, "WoT Security and Privacy Considerations"
12:39:05 [McCool]
we'll talk to the editors/chairs to confirm this
12:39:29 [McCool]
the document will be informative, but published in such a way (note) that we can hyperlink to sections from the other documents
12:39:49 [McCool]
ideally, we would have it in its own repo, parallel to the wot-architecture
12:39:54 [McCool]
proposed name: wot-security
12:41:04 [uday]
MM: security in architecture doc clan up
12:41:08 [kaz]
-> https://w3c.github.io/wot-architecture/#security-considerations
12:42:54 [zkis]
https://zolkis.github.io/wot-scripting-api/
12:42:56 [uday]
ZK: already made a PR, can see on my gitthub page
12:43:11 [kaz]
-> https://w3c.github.io/wot-scripting-api/#security
12:44:30 [kaz]
mm: should read "The security section is under development and will be completed later."
12:45:05 [kaz]
... on the other hand, there is a link to the threat model in the TD draft
12:45:55 [kaz]
-> https://w3c.github.io/wot-thing-description/#threat-model
12:47:29 [kaz]
kaz: do we want to update the Architecture/Scripting API as well with the detailed description?
12:47:39 [kaz]
... or ok to publish them asis?
12:48:13 [kaz]
mm: publishing them with the minimum description now is ok
12:48:32 [uday]
thanks for the filling kaz
12:48:34 [kaz]
... but would like to remove "More general..." from the security/privacy section of the TD draft
12:49:03 [kaz]
s/"More general..."/"More general discussion of overall security of a Thing (for example, best practices for WoT Interface design) can be found in the WoT Architecture document. "/
12:50:34 [kaz]
s|security/privacy section|"7. Security Consideration" section|
12:50:42 [kaz]
-> https://w3c.github.io/wot-thing-description/#security-consideration
12:51:45 [kaz]
mm: and also for the architecture document
12:52:57 [kaz]
... the Editor's note at "8. Security Considerations"
12:53:43 [kaz]
... Security and privacy considerations are under development
12:54:01 [kaz]
... and remove "For now, only..."
12:54:27 [kaz]
s/only.../only the sub-section headings are included to indicate the roadmap for the WoT Architecture security considerations./
12:54:33 [kaz]
rsagent, make log public
12:54:41 [kaz]
rrsagent, make log public
12:54:43 [kaz]
rrsagent, draft minutes
12:54:43 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/09/04-wot-sec-minutes.html kaz
12:55:06 [kaz]
https://github.com/w3c/wot-architecture/issues
12:55:28 [kaz]
github issues for architecture above
12:56:10 [kaz]
mm: add "Please see work in progress at WoT Security and Privacy."
12:56:51 [kaz]
... linking to: https://github.com/w3c/wot/tree/master/security-privacy
12:58:33 [kaz]
... (creates a pull request on his own repo; and will create a pull request on the main repo)
12:58:41 [kaz]
... next
12:58:55 [kaz]
... Elena, if you can take out an overview on W3C WoT security and privacy
12:59:18 [kaz]
... copy the framework from the WoT Architecture document
12:59:21 [uday]
MM: next steps: ER to create new doc under WoT Security and privacy and start general documentation
13:00:00 [uday]
MM to make sure the draft is clean
13:00:49 [kaz]
er: regrets for the next call (Sp. 11)
13:02:03 [kaz]
mm: if you can send a link to your repo, I can make a pull request
13:02:51 [kaz]
topic: NDSS workshop
13:02:57 [kaz]
mm: worked on the proposal
13:03:04 [uday]
MM: proposal submitted to NDSS
13:03:44 [kaz]
mm: deadlines:
13:03:50 [kaz]
... cfp 25 sep 2017
13:04:03 [kaz]
... now done and in the pipe
13:05:04 [kaz]
... focused on standards
13:05:13 [kaz]
... review of existing standards
13:05:38 [kaz]
... including but not limited to W3C standards
13:06:16 [kaz]
... will be held in February
13:07:07 [kaz]
er: paper deadline too close?
13:07:19 [kaz]
mm: we should discuss that
13:07:30 [kaz]
... notice to authors: 15 Jan 2018
13:07:39 [kaz]
... not expecting a big paper, just 1-3 pages
13:07:59 [kaz]
... publication-ready papers: 1 Feb. 2018
13:08:53 [kaz]
[ adjourned ]
13:08:57 [kaz]
rrsagent, draft minutes
13:08:57 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/09/04-wot-sec-minutes.html kaz
13:23:15 [zkis]
zkis has joined #wot-sec
14:32:43 [Zakim]
Zakim has left #wot-sec