12:01:01 <RRSAgent> RRSAgent has joined #wot-sec
12:01:01 <RRSAgent> logging to http://www.w3.org/2017/09/25-wot-sec-irc
12:01:33 <kaz> Meeting: WoT IG - Security
12:01:54 <kaz> present+ Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Uday_Davuluru, Zoltan_Kis
12:03:46 <kaz> present+ Michael_Koster
12:04:02 <kaz> present+ Tomoaki_Mizushima
12:04:03 <mjkoster> mjkoster has joined #wot-sec
12:06:26 <kaz> zakim, who is here?
12:06:26 <Zakim> Present: Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Uday_Davuluru, Zoltan_Kis, Michael_Koster, Tomoaki_Mizushima
12:06:29 <Zakim> On IRC I see mjkoster, RRSAgent, Zakim, kaz-win, elena, uday, McCool, kaz, zkis
12:06:49 <kaz> zakim, pick a scribe
12:06:49 <Zakim> Not knowing who is chairing or who scribed recently, I propose Michael_Koster
12:07:29 <kaz> scribenick: mjkoster
12:07:29 <McCool> scribenick mjkoster
12:08:27 <kaz> Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
12:08:48 <mjkoster> mccool: document progress update
12:08:59 <mjkoster> ... outstanding PR
12:10:11 <mjkoster> ... created an action for mccool
12:11:46 <mjkoster> ... review the changes in the PR
12:12:07 <kaz> -> https://github.com/w3c/wot-security/issues Issues
12:12:13 <kaz> -> https://github.com/w3c/wot-security/pulls Pull Requests
12:12:17 <mjkoster> ... ( elena's branch)
12:13:25 <mjkoster> elena: recommended practices section
12:14:18 <mjkoster> ... example security configuration section
12:15:04 <kaz> q?
12:15:28 <mjkoster> mccool: need to add content for specific security practices e.g. scripting API
12:15:36 <kaz> -> https://rawgit.com/ereshetova/wot-security/working/index.html Elena's updates
12:17:01 <kaz> -> https://rawgit.com/w3c/wot-security/working/index.html McCool's Working branch
12:17:26 <kaz> mccool: would propose we merge Elena's changes to the above Working branch
12:17:31 <mjkoster> mccool: merging elena's PR into the working branch now (no objections)
12:18:34 <kaz> -> https://github.com/w3c/wot-security/pull/12 PR 12 has been merged
12:19:45 <kaz> https://rawgit.com/w3c/wot-security/working/index.html is updated now
12:20:53 <mjkoster> elena: will work on examples (section 5) next
12:22:00 <mjkoster> mccool: created issue for tracking additions to the examples section
12:23:14 <kaz> -> https://github.com/w3c/wot-security/issues issues
12:23:24 <mjkoster> mccool: need to add vocabulary definitions
12:24:25 <mjkoster> mccool: created issue to track additions to the scenarios section "business/corporate"
12:25:30 <mjkoster> ... added issue to track additions to "industrial/commercial" scenarios
12:26:07 <mjkoster> ... added issue to track scripting API additions
12:26:36 <mjkoster> ... issue to track "validation"
12:27:51 <mjkoster> ... discuss whether security provisioning is in scope
12:28:21 <mjkoster> elena: we need to make a defined set of assumptions about what is done
12:28:38 <mjkoster> ... but can't specify how it's done
12:29:18 <mjkoster> mccool: OK
12:29:55 <mjkoster> ... please add comments to the issue
12:30:01 <mjkoster> q?
12:30:45 <mjkoster> mccool: review the discussion on exposed vs. discoverable things
12:30:53 <mjkoster> ... are they separate ?
12:31:16 <mjkoster> elena: what is the specific difference?
12:32:00 <kaz> -> https://www.w3.org/2017/09/25-wot-minutes.html discussion during the Scripting call (Member-only)
12:32:07 <mjkoster> mccool: different kinds of discovery?
12:33:17 <mjkoster> mjkoster: expose means interaction is available, discoverable meand TD is available
12:33:29 <mjkoster> s/meand/means
12:33:56 <mjkoster> elena: when would a thing be exposed but not discoverable?
12:34:18 <mjkoster> mccool: enumerantes types of discovery
12:34:48 <mjkoster> ... 4 ways to find a thing
12:35:22 <mjkoster> ... may already have a TD or know how to make a URL to get the TD
12:35:39 <mjkoster> ... or maybe there is a scan function
12:37:26 <mjkoster> mjkoster: consider the difference in security model between TD and the Interactions
12:38:05 <mjkoster> elena: how can we define the exact difference between TD and interaction?
12:38:24 <mjkoster> mccool: there are different calls in the scripting API
12:39:19 <mjkoster> elena: how does the system get into a state where the interactions are available but not discoverable?
12:39:49 <mjkoster> s/available/exposed
12:40:29 <mjkoster> mccool: things can't be discoverable but not exposed
12:40:36 <kaz> present+ Soumya_Kanti_Datta
12:42:32 <mjkoster> mjkoster: it's about different layers of security for exposure vs. discoverability
12:42:44 <mjkoster> elena: OK, that is allowed for in the model
12:44:11 <mjkoster> elena: if the proper access control is provided e.g. on actions, then what else do we need to do?
12:44:30 <mjkoster> mccool: OK, please continue the discussion in comments and issues
12:45:28 <mjkoster> mccool: we need to align the current practices with security mechanisms for the plugfest
12:45:57 <mjkoster> ... suggest we look at protocol binding priorities
12:46:35 <mjkoster> elena: we should build the scenarios and examples based on concrete protocols
12:47:03 <mjkoster> mccool: the statement about wot security includes statements about target protocols
12:47:35 <mjkoster> ... if we can cover security through a good comprehensive set of bindings
12:48:22 <mjkoster> ... created an issue for tracking
12:48:59 <mjkoster> mccool: topic: workshop proposal for NDSS
12:49:14 <kaz> s/mccool: topic:/topic:/
12:49:57 <mjkoster> ... good response so far
12:50:15 <mjkoster> ... most accepted
12:51:30 <mjkoster> ... update on IEEE S&P progress
12:51:38 <mjkoster> mccool: AOB
12:51:47 <mjkoster> elena: on holiday next week
12:52:26 <mjkoster> elena: will queue up some material on PR and issues
12:54:24 <mjkoster> mccool: would zkis start discussion on the scripting section?
12:54:41 <mjkoster> zkis: OK
12:55:11 <mjkoster> mccool: adjourn
12:55:27 <kaz> rrsagent, make log public
12:55:30 <kaz> rrsagent, draft minutes
12:55:30 <RRSAgent> I have made the request to generate http://www.w3.org/2017/09/25-wot-sec-minutes.html kaz