12:02:25 <RRSAgent> RRSAgent has joined #wot-sec
12:02:25 <RRSAgent> logging to http://www.w3.org/2017/10/09-wot-sec-irc
12:03:05 <kaz> meeting: WoT IG - Security
12:03:33 <kaz> present+ Kaz_Ashimura, Michael_McCool, Dave_Raggett, Elena_Reshetova, Zoltan_Kis
12:03:48 <kaz> Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
12:04:41 <kaz> https://www.w3.org/WoT/IG/wiki/WG_WoT_Thing_Description_WebConf#Agenda
12:05:40 <kaz> FP Notes
12:05:46 <kaz> s/Notes/Note/
12:05:53 <kaz> and updated Notes
12:06:45 <kaz> topic: Release Timeline (as a W3C WG Note)
12:06:51 <kaz> s/WG //
12:07:12 <kaz> present+ Soumya_Kanti_Datta
12:08:01 <Soumya> Soumya has joined #wot-sec
12:08:04 <kaz> mm: publication schedule
12:08:11 <kaz> ... this is a Note
12:08:30 <kaz> ... distinction on the state of the doc
12:08:33 <Mizushima> Mizushima has joined #wot-sec
12:09:14 <kaz> ... working version and release version
12:09:32 <kaz> kaz: clarification
12:09:42 <kaz> mm: would like to publish a first one before TPAC
12:10:00 <kaz> er: when is TPAC?
12:10:06 <kaz> kaz: the week of Nov. 6
12:10:40 <kaz> mm: would like to prepare the release candidate within 2 weeks
12:11:05 <kaz> ... first draft for the FP Note in 2 weeks from now
12:11:13 <kaz> ... Oct. 24
12:11:22 <kaz> ... working -> master
12:12:29 <kaz> ... and W3C Note: Oct 31 roughly - ready for TPAC Nov. 6
12:13:08 <kaz> ... (mm checks Elena's availability)
12:13:29 <kaz> ... 2nd draft: end of Dec
12:13:33 <kaz> s/Nov. 6/Nov 6/
12:14:45 <kaz> ... Dec 19 (Tue)
12:14:51 <kaz> ... tentatively
12:15:09 <kaz> ... after that: roughly every 2 months
12:16:01 <kaz> ... FYI, NDSS deadline Nov 14
12:16:43 <kaz> ... and the NDSS workshop Feb 18
12:17:03 <kaz> ... IEEE proposal was rejected
12:17:33 <kaz> ... I'll be making presentation and need your input for NDSS workshop
12:17:50 <kaz> ... (going back to the publication schedule)
12:18:00 <kaz> ... 3rd draft: early Feb
12:18:05 <kaz> er: might be problematic to m
12:18:11 <kaz> s/to m/to me/
12:19:15 <kaz> mm: 3rd draft: early Feb (e.g., Feb 15 for NDSS; Elena may not be available)
12:19:32 <kaz> ... (records the above in the wiki)
12:19:35 <McCool> Release Timeline (W3C Note) First Draft - 2wks from now, Oct 24 (working -> master) W3C Note: FP Note (Oct 31 roughly) - ready for TPAC Nov 6 Second draft: Dec 19 (Tues) Third draft: early Feb (eg Feb 15 for NDSS; Elena may not be available) After that: roughly every two months update
12:19:59 <kaz> i/after that/kaz: note on the automatic publication system/
12:20:07 <kaz> topic: Issues
12:20:46 <kaz> s/Issues/Pull requests/
12:20:47 <kaz> https://github.com/w3c/wot-security/pull/30
12:20:51 <kaz> topic: Issues
12:20:59 <kaz> https://github.com/w3c/wot-security/issues
12:21:11 <kaz> er: submitted proposal for section 5
12:21:19 <kaz> ... agreement?
12:21:36 <kaz> ... seems there is some difference
12:21:46 <kaz> ... need to change the basic assumption?
12:22:14 <kaz> -> https://rawgit.com/w3c/wot-security/working/index.html#examples-of-wot-security-configurations Section 5
12:22:31 <kaz> er: ok with this approach?
12:23:34 <kaz> mm: as long as you're clear with the example, should be ok
12:24:14 <kaz> er: referring to a couple of RFCs
12:24:59 <kaz> ... don't want to repeat the descriptions already done by others
12:25:00 <kaz> ... e.g., OCF
12:25:35 <kaz> mm: architecture documents include similar things
12:25:42 <kaz> ... bunch of use cases
12:27:10 <kaz> ... maybe you could add links referring to the architecture document
12:27:31 <kaz> er: might be a bit different set
12:27:59 <kaz> mm: another point you mentioned is OCF
12:28:39 <kaz> ... WoT client can talk with an OCF device
12:29:30 <kaz> ... is there a case in which the device doesn't handle WoT TD?
12:30:37 <kaz> ... one possibility is a Thing itself provides TD
12:31:01 <kaz> ... or another Thing could provide the TD for the Thing
12:31:30 <kaz> er: can add some description
12:31:59 <McCool> q?
12:32:01 <kaz> q+
12:32:26 <kaz> mm: OK with this Editor's Note (Fill in the protocols"
12:32:34 <kaz> s/protocols"/protocols)/
12:33:20 <kaz> present+ Tomoaki_Mizushima
12:33:47 <kaz> er: any configuration different is important and to be described from security viewpoint
12:34:00 <kaz> ... would people to submit ideas
12:34:11 <kaz> mm: we should proceed with some obvious scenarios
12:34:18 <kaz> ... not too much stuff
12:34:52 <kaz> ... in this scenario (Fig 3)
12:35:02 <kaz> ... what if we have a gateway
12:35:23 <kaz> ... there might be some additional security issue with, e.g., caching
12:35:43 <kaz> ... need to expand the example to include other possible scenarios
12:36:31 <kaz> er: btw, the cloud is cut off in Fig 5
12:36:49 <kaz> ... will work with section 5 tomorrow
12:36:53 <kaz> q?
12:37:07 <kaz> mm: we should fix the figure references
12:37:59 <kaz> ... once you add links to the threats, take a look at the definition
12:39:28 <kaz> kaz: will we add links to the architecture doc from section 5?
12:39:32 <kaz> mm: we should do so
12:40:02 <kaz> ... 1-to-1 link
12:40:15 <kaz> kaz: do you want to add an Editor's note on that?
12:40:46 <kaz> mm: (looks at the draft)
12:40:59 <kaz> ... starting with the section "1. Introduction"
12:41:09 <kaz> ... will add a link to the WoT Architecture document
12:41:30 <kaz> ... terminology section also should refer to the Architecture document
12:41:40 <kaz> i/mm:/mm: as appropriate/
12:42:20 <kaz> ack k
12:43:03 <kaz> mm: still missing content for several sections
12:43:06 <kaz> er: e.g., 4.2
12:43:17 <kaz> mm: ok with those sections at the moment
12:43:36 <kaz> ... should add several abstract sentences, though
12:43:49 <kaz> ... OK for the first public Note
12:44:28 <kaz> ... might be going to fix up the formatting for the table
12:44:38 <kaz> ... to make it consistence
12:44:44 <kaz> s/consistence/consistent/
12:45:29 <kaz> ... let's go back to the issues
12:45:40 <kaz> topic: Issues
12:45:43 <kaz> -> https://github.com/w3c/wot-security/issues Issues
12:46:08 <kaz> mm: Elena has done some edits
12:46:17 <kaz> https://github.com/w3c/wot-security/issues/29
12:47:33 <kaz> mm: we have bunch of things with the scenarios
12:47:50 <kaz> mm: we've done the abstract
12:47:57 <kaz> https://github.com/w3c/wot-security/issues/17
12:48:46 <kaz> -> https://rawgit.com/w3c/wot-security/working/index.html#abstract abstract
12:50:05 <kaz> mm: the abstract is clean enough
12:50:22 <kaz> kaz: you'll add a link to the Architecture document. right?
12:50:24 <kaz> mm: yes
12:51:05 <kaz> ... closes issue 17
12:51:35 <kaz> ... and create another issue "Align with Architecture document"
12:52:07 <kaz> https://github.com/w3c/wot-security/issues/35
12:52:42 <kaz> mm: would like to clean up the document for the first publication within 2 weeks
12:53:12 <kaz> topic: issue 34
12:53:15 <kaz> -> https://github.com/w3c/wot-security/issues/34 issue 34
12:53:38 <kaz> dsr: using WebSocket for Eventing
12:54:00 <kaz> mm: do you agree with Elena?
12:54:02 <kaz> dsr: yes
12:54:27 <kaz> i|Should we have a case for this explained in the "Examples of WoT security configurations" section of the security doc? Seems like a good logical place to describe this case and also talk about the measures
12:54:35 <kaz> i|yes|Should we have a case for this explained in the "Examples of WoT security configurations" section of the security doc? Seems like a good logical place to describe this case and also talk about the measures|
12:54:53 <kaz> er: need to clarify concrete mechanism
12:55:18 <kaz> ... please add description and pictures if possible
12:55:25 <kaz> ... actual security mitigation, etc.
12:55:38 <kaz> dsr: wanted to stimulate the discussion
12:56:19 <kaz> mm: willing to provide concrete text?
12:56:50 <kaz> s/text/Pullrequest/
12:56:53 <kaz> dsr: yes
12:57:03 <kaz> er: possible new section 5.5
12:57:25 <kaz> mm: what kind of figure? SVG?
12:57:45 <kaz> er: please follow the examples from Matthias
12:59:24 <kaz> mm: good to follow align with existing practices in this space
13:00:00 <kaz> s|Matthias|Matthias (wot-security/images)|
13:00:28 <kaz> topic: Issue on privacy
13:00:36 <kaz> mm: would like to add another issue on privacy
13:00:48 <kaz> er: we can add a separate section
13:01:09 <kaz> ... but still need to update the threat model section
13:02:12 <kaz> ... should add links to the points we need to consider
13:02:19 <kaz> q+
13:03:33 <kaz> kaz: possibly a guy from DAS WG who attended TPAC in Lisbon?
13:03:40 <kaz> sk: can hep as well
13:03:59 <kaz> ack k
13:05:18 <kaz> mm: (can't find Soumya on the list)
13:06:01 <kaz> mm: who is the guy from DAS?
13:06:03 <kaz> kaz: @@@
13:06:48 <kaz> mm: updates the issue
13:07:17 <kaz> sk: question on NDSS paper
13:07:50 <kaz> ... can join the effort as well
13:07:51 <kaz> mm: tx
13:08:24 <kaz> i|-> https://github.com/w3c/wot-security/issues/36 Issue 36|
13:08:44 <kaz> sk: we should have some template
13:08:59 <kaz> mm: let's have discussion next week
13:09:19 <kaz> ... (adds a topic on that for the next meeting)
13:09:28 <kaz> [adjourned]
13:09:42 <kaz> rrsagent, make log public
13:09:46 <kaz> rrsagent, draft minutes
13:09:46 <RRSAgent> I have made the request to generate http://www.w3.org/2017/10/09-wot-sec-minutes.html kaz
13:19:12 <elena> elena has joined #wot-sec
13:29:21 <zkis> zkis has joined #wot-sec
15:09:53 <Zakim> Zakim has left #wot-sec
16:50:43 <elena> elena has joined #wot-sec
18:46:39 <zkis> zkis has joined #wot-sec
18:51:56 <elena> elena has joined #wot-sec