12:04:43 <RRSAgent> RRSAgent has joined #wot-sec
12:04:43 <RRSAgent> logging to http://www.w3.org/2017/09/18-wot-sec-irc
12:05:04 <kaz> Meeting: WoT IG - Security
12:05:28 <kaz> present: Kaz_Ashimura, Elena_Reshetova, Michael_McCool, Zoltan_Kis
12:05:33 <kaz> scribenick: kaz
12:06:10 <kaz> -> https://www.w3.org/2017/09/11-wot-sec-minutes.html prev minutes
12:06:51 <kaz> Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
12:07:18 <kaz> er: wondering about the workshop thing
12:07:29 <kaz> mm: IEEE S&P
12:07:36 <kaz> ... will discuss
12:08:00 <kaz> topic: Agenda
12:08:18 <kaz> [[
12:08:19 <kaz>     WoT Security and Privacy Considerations
12:08:19 <kaz>         Document status and issue review
12:08:19 <kaz>     Security sections in other documents
12:08:19 <kaz>         Document status and issue review
12:08:19 <kaz>     IoT Conference workshop update
12:08:21 <kaz>         NDSS proposal accepted
12:08:23 <kaz>         IEEE S&P deadline: Sept 20
12:08:25 <kaz>     Other work items
12:08:27 <kaz> ]]
12:08:31 <kaz> mm: workshop first
12:08:37 <kaz> topic: Workshop update
12:09:10 <barryleiba> barryleiba has joined #wot-sec
12:09:16 <kaz> mm: NDSS proposal
12:09:22 <kaz> ... submitted one
12:09:40 <kaz> ... Decentralized IoT Security and Standards
12:09:47 <kaz> present+ Barry_Leiba
12:10:00 <kaz> mm: submitted in parallel
12:10:10 <kaz> ... had a meeting
12:10:23 <kaz> ... to merge the two propodals
12:10:28 <kaz> s/propodals/proposals/
12:10:38 <kaz> ... fundamental issue for WoT is interoperability
12:10:49 <kaz> ... security for multiple interoperable implementations
12:10:57 <kaz> ... added a couple of topics
12:11:07 <kaz> ... 3 points
12:11:28 <kaz> ... Carsten, co-Chair
12:11:50 <kaz> ... similar proposal on TLS
12:12:08 <kaz> ... not our primary objective
12:12:28 <kaz> ... not optimal but still worth presenting our paper
12:12:36 <kaz> ... get discussion there
12:12:47 <kaz> ... could get people interested there
12:12:54 <kaz> ... networking purposes
12:13:23 <kaz> ... question is if we would like to submit a proposal for IEEE S&P as well
12:13:28 <kaz> ... deadline Sep. 20
12:13:47 <kaz> s/submitted one/submitted one and accepted/
12:13:56 <kaz> ... can tune it up
12:14:03 <kaz> ... but should I?
12:14:13 <kaz> br: think we should
12:14:25 <kaz> ... target which help our work
12:14:37 <kaz> mm: right
12:14:41 <kaz> ... but some concern
12:14:49 <kaz> ... keep it different from NDSS
12:15:34 <kaz> ... any other comments?
12:16:06 <kaz> ... can submit a proposal asis
12:16:12 <kaz> ... more security people anyhow
12:16:18 <kaz> ... any suggestions?
12:16:26 <kaz> ... will circulate the proposal
12:16:40 <kaz> ... need to wrap up the proposal within 48h
12:16:51 <kaz> ... you can edit the proposal on Google doc
12:16:58 <kaz> ... let me know about your Google account
12:17:16 <kaz> ... will send invitation to you
12:17:28 <barryleiba> @McCool My Google Docs account is barryleiba@gmail.com
12:17:28 <kaz> ... so we'll do this
12:18:05 <kaz> topic: PR
12:18:16 <kaz> -> https://github.com/w3c/wot-security/pull/8 Elena's PR
12:18:23 <kaz> er: goes through it
12:18:45 <kaz> ... had discussion with Matthias the other day
12:19:33 <kaz> ... adding pictures
12:19:46 <kaz> mm: rendered version?
12:21:19 <kaz> https://rawgit.com/ereshetova/wot-security/working/index.html
12:21:59 <kaz> kaz: does the above rawgit work fine?
12:22:04 <kaz> mm: fine
12:22:19 <kaz> ... contents extracted from the TD draft
12:22:34 <kaz> ... will work on the pull request
12:23:23 <kaz> ... one document for security
12:23:36 <kaz> ... summary within TD, etc.
12:24:46 <kaz> er: when to have more concrete content?
12:24:57 <kaz> mm: Thing Description management
12:25:23 <kaz> ... threat model should go here (Recommended Security Practices)
12:25:37 <kaz> ... publish this as a Note
12:25:44 <kaz> ... and put the threat model into it
12:26:36 <kaz> er: no text under 2.3 yet
12:26:43 <kaz> ... 2.3 Determining a suitable security architecture
12:27:16 <kaz> mm: we should put the material here inline
12:27:32 <kaz> ... need TODOs as Editor's Note
12:28:08 <kaz> er: this is a working branch, not the main branch
12:28:19 <kaz> mm: pull request on the working branch
12:28:45 <kaz> ... will add a tag
12:29:52 <kaz> ... (adds a tag, "TDmaterial" to the working branch content)
12:30:36 <kaz> ... (also a branch, "TDmaterial")
12:31:13 <kaz> ... (and add a comment to the pull request)
12:31:37 <kaz> ... OK, but we probably want to pull back in the TD material, so I branched as TDmaterial"
12:31:49 <kaz> s/and/merges the pull request 8 and/
12:33:19 <kaz> mm: any procedure to add Elena as an Editor
12:33:36 <kaz> s/Editor/Editor?/
12:33:46 <kaz> zk: you can create a pull request for that?
12:33:49 <kaz> mm: ok
12:34:09 <kaz> ... will create a pull request then
12:34:58 <kaz> ... we can update the link for the threat model
12:35:34 <kaz> er: can we keep the threat model content a separate file?
12:36:42 <kaz> mm: there is a trade-off
12:37:32 <kaz> ... also should think about the references
12:38:05 <kaz> ... some of the references should go into the draft
12:38:28 <kaz> -> https://github.com/w3c/wot-security/blob/master/wot-security-references.md references
12:38:46 <kaz> mm: will create a pull request to put the thread model inline
12:39:59 <kaz> ... note that I'm working on the master branch and the working branch
12:40:37 <kaz> ... on the working branch, will put the contents from the MD files into the index.html file
12:41:24 <kaz> ... let's see an example of the TD repo
12:41:53 <kaz> ... or the architecture
12:42:22 <kaz> -> https://w3c.github.io/wot-architecture/ Arechitecture draft on GitHub
12:43:09 <kaz> mm: we have summary in the main docs
12:43:46 <kaz> ... remove the Editor's note and put text that we're working on a separate security doc
12:44:48 <kaz> mm: let's go back to the prev minutes
12:44:51 <kaz> -> https://www.w3.org/2017/09/11-wot-sec-minutes.html prev minutes
12:44:58 <kaz> mm: CSS file for a WG Note
12:45:38 <kaz> kaz: still investigating
12:47:04 <kaz> ... but we can put NOTE instead of WD/ED for respec
12:47:15 <kaz> mm: will also see that
12:47:45 <kaz> ... can we accept the minutes?
12:47:51 <kaz> (no objections)
12:47:54 <kaz> mm: ok
12:48:22 <kaz> -> https://www.w3.org/TR/EARL10-Schema/ example of WG Note
12:49:21 <kaz> i/let's/topic: Previous minutes/
12:50:09 <kaz> topic: Security draft
12:50:15 <kaz> mm: Abstract is missing
12:50:34 <kaz> ... Elena, do you want to put a stab?
12:51:13 <kaz> ... it's the first thing people will read
12:52:12 <kaz> ... we should submit pull requests for the structure and the individual sections
12:52:34 <kaz> ... each section can have one pull request
12:52:49 <kaz> ... will do mechanical edit to include MD file content
12:53:09 <kaz> ... and Elena will look into the Abstract
12:53:23 <kaz> ... and then section restructure
12:53:43 <kaz> ... if there is any conflict, we'll sort that out
12:54:52 <kaz> er: comments welcome for the structure
12:55:01 <kaz> mm: where the best practices come from
12:56:57 <barryleiba> barryleiba has left #wot-sec
13:02:39 <kaz> https://rawgit.com/ereshetova/wot-security/working/index.html#threat-model-and-security-objectives
13:05:47 <kaz> [adjourned]
13:05:54 <kaz> rrsagent, make log public
13:06:01 <kaz> rrsagent, draft minutes
13:06:01 <RRSAgent> I have made the request to generate http://www.w3.org/2017/09/18-wot-sec-minutes.html kaz
14:22:34 <Zakim> Zakim has left #wot-sec