W3C

- DRAFT -

WoT IG - Security

18 Sep 2017

Agenda

See also: IRC log

Attendees

Present
Kaz_Ashimura, Elena_Reshetova, Michael_McCool, Zoltan_Kis, Barry_Leiba
Regrets
Chair
McCool
Scribe
kaz

Contents


<scribe> scribenick: kaz

prev minutes

elena: wondering about the workshop thing

mccool: IEEE S&P
... will discuss

Agenda

[[

WoT Security and Privacy Considerations

Document status and issue review

Security sections in other documents

Document status and issue review

IoT Conference workshop update

NDSS proposal accepted

IEEE S&P deadline: Sept 20

Other work items

]]

mccool: workshop first

Workshop update

mccool: NDSS proposal
... submitted one and accepted
... Decentralized IoT Security and Standards
... submitted in parallel
... had a meeting
... to merge the two proposals
... fundamental issue for WoT is interoperability
... security for multiple interoperable implementations
... added a couple of topics
... 3 points
... Carsten, co-Chair
... similar proposal on TLS
... not our primary objective
... not optimal but still worth presenting our paper
... get discussion there
... could get people interested there
... networking purposes
... question is if we would like to submit a proposal for IEEE S&P as well
... deadline Sep. 20
... can tune it up
... but should I?

barry: think we should
... target which help our work

mccool: right
... but some concern
... keep it different from NDSS
... any other comments?
... can submit a proposal asis
... more security people anyhow
... any suggestions?
... will circulate the proposal
... need to wrap up the proposal within 48h
... you can edit the proposal on Google doc
... let me know about your Google account
... will send invitation to you

mccool: so we'll do this

PR

Elena's PR

elena: goes through it
... had discussion with Matthias the other day
... adding pictures

mccool: rendered version?

https://rawgit.com/ereshetova/wot-security/working/index.html

kaz: does the above rawgit work fine?

mccool: fine
... contents extracted from the TD draft
... will work on the pull request
... one document for security
... summary within TD, etc.

elena: when to have more concrete content?

mccool: Thing Description management
... threat model should go here (Recommended Security Practices)
... publish this as a Note
... and put the threat model into it

elena: no text under 2.3 yet
... 2.3 Determining a suitable security architecture

mccool: we should put the material here inline
... need TODOs as Editor's Note

elena: this is a working branch, not the main branch

mccool: pull request on the working branch
... will add a tag
... (adds a tag, "TDmaterial" to the working branch content)
... (also a branch, "TDmaterial")
... (merges the pull request 8 and add a comment to the pull request)
... OK, but we probably want to pull back in the TD material, so I branched as TDmaterial"
... any procedure to add Elena as an Editor?

zoltan: you can create a pull request for that?

mccool: ok
... will create a pull request then
... we can update the link for the threat model

elena: can we keep the threat model content a separate file?

mccool: there is a trade-off
... also should think about the references
... some of the references should go into the draft

references

mccool: will create a pull request to put the thread model inline
... note that I'm working on the master branch and the working branch
... on the working branch, will put the contents from the MD files into the index.html file
... let's see an example of the TD repo
... or the architecture

Arechitecture draft on GitHub

mccool: we have summary in the main docs
... remove the Editor's note and put text that we're working on a separate security doc

Previous minutes

mccool: let's go back to the prev minutes

prev minutes

mccool: CSS file for a WG Note

kaz: we can put "WG-NOTE" instead of WD/ED for respec
... but we can keep "Editor's Draft" for the index.html on GitHub
... and I can change the CSS to "WG-NOTE" when we publish the draft as a WG Note

example of WG Note

mccool: will also see that
... can we accept the minutes?

(no objections)

mccool: ok

Security draft

mccool: Abstract is missing
... Elena, do you want to put a stab?
... it's the first thing people will read
... we should submit pull requests for the structure and the individual sections
... each section can have one pull request
... will do mechanical edit to include MD file content
... and Elena will look into the Abstract
... and then section restructure
... if there is any conflict, we'll sort that out

elena: comments welcome for the structure

mccool: where the best practices come from

[adjourned]

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/09/18 13:20:41 $