13:06:09 <RRSAgent> RRSAgent has joined #wot-sec
13:06:09 <RRSAgent> logging to http://www.w3.org/2017/10/30-wot-sec-irc
13:07:05 <McCool> McCool has joined #wot-sec
13:07:16 <McCool> everyone, webex link for meeting was missing from email
13:07:33 <McCool> kaz, if you are on, can you please email it around ASAP?
13:07:48 <kaz> https://mit.webex.com/mit/j.php?MTID=m07ff415438cb61e39f740c6ca81d2b5d
13:10:50 <kaz> Meeting: WoT IG - Security
13:11:05 <kaz> present+ Kaz_Ashimura, Michael_McCool, Michael_Koster
13:12:26 <elena> elena has joined #wot-sec
13:13:22 <kaz> -> https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda Agenda
13:13:27 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
13:13:49 <elena> sorry I am trying to get audio working
13:14:08 <kaz> present+ Elena_Reshetova
13:15:07 <kaz> present+ Tomoaki_Mizushima
13:16:33 <kaz> scribenick: kaz
13:16:56 <kaz> topic: agenda
13:16:59 <mjkoster> mjkoster has joined #wot-sec
13:17:22 <kaz> mm: review of prev minutes, draft publication, schedule, issues, workshop
13:17:32 <kaz> ... TPAC agenda and PlugFest objectives
13:17:44 <kaz> er: next week?
13:17:47 <kaz> mm: yes
13:18:06 <kaz> ... so no meeting on Nov. 6
13:18:24 <kaz> topic: minutes
13:18:36 <kaz> -> https://www.w3.org/2017/10/23-wot-sec-minutes.html prev minutes
13:19:11 <kaz> mm: goes through the minutes
13:19:14 <kaz> ... various issues
13:19:21 <kaz> ... one clarification
13:19:28 <kaz> ... working branch was deleted
13:19:34 <kaz> ... merged into the main master branch
13:19:52 <kaz> er: and started new work on the working branch
13:19:54 <kaz> mm: ok
13:20:18 <kaz> ... master branch staying clean is important for TPAC discussion
13:20:31 <kaz> ... goes through issues
13:20:46 <kaz> ... I'm ok with the minutes
13:20:51 <kaz> er: fine by me as well
13:20:58 <kaz> resolution: prev minutes accepted
13:21:15 <kaz> mm: working branch is not gone but merged
13:21:24 <kaz> kaz: will fix that point
13:21:35 <kaz> topic: schedule
13:21:50 <kaz> -> https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Schedule Schedule
13:22:58 <kaz> mm: we've done the preparation
13:23:07 <kaz> ... kaz, can you work for the publication?
13:23:20 <kaz> kaz: will send a transition request to the project manager
13:23:32 <kaz> ... and check the document using check tools
13:23:37 <kaz> ... and then talk with the Webmaster
13:23:51 <kaz> mm: possible pub date on Nov. 16?
13:23:57 <kaz> kaz: yes, let's aim that
13:24:06 <kaz> ... if there is any problem, I'll get back to you
13:24:26 <kaz> mm: updates the schedule
13:25:05 <kaz> topic: draft publication
13:25:05 <Mizushima> Mizushima has joined #wot-sec
13:25:14 <kaz> mm: master is updated version for TPAC
13:25:21 <zkis> present+ Zoltan_Kis
13:25:31 <kaz> ... feel free to provide pull requests but the master branch should be clean
13:25:41 <kaz> er: Matthias's comments?
13:26:01 <kaz> mm: he's busy so maybe difficult
13:26:08 <kaz> ... during TPAC, there are three things
13:26:20 <kaz> ... plugfest, security features as part of my contribution
13:26:33 <kaz> ... trying to work with HTTPS
13:26:44 <kaz> ... authentication using OAuth
13:26:58 <kaz> ... in conjunction with Amazon Alexa as well
13:27:15 <kaz> ... any prototype of implementations for TPAC?
13:27:44 <kaz> er: thinking about practical implementations
13:27:55 <kaz> ... example use cases for section 5
13:28:28 <kaz> ... not sure how to collect information at the moment, though
13:28:52 <kaz> mm: add topics for "TODO: Security Features" from his slides
13:29:05 <kaz> ... (WoT0McCoolPOC(007).pptx
13:29:14 <kaz> s/(W/W/
13:29:23 <kaz> er: now we have a very basic one
13:29:55 <kaz> mm: Use Cases from PlugFest
13:30:17 <kaz> ... additional lower-level "patterns" or "system configurations"
13:30:34 <kaz> ... some information at: https://github.com/w3c/wot/tree/master/plugfest/2017-burlingame
13:30:50 <kaz> ... we can discuss the document
13:31:05 <kaz> ... you'd do a presentation on the current status?
13:31:23 <kaz> ... you can add people about possible additional system configuration
13:31:35 <kaz> er: section 5 is good to go
13:31:44 <kaz> ... examples of security mechanisms
13:32:04 <kaz> mm: want a document
13:32:57 <kaz> ... e.g., Intel POC includes HTTPS, SSH tunnel for NAT traversal, OAuth, CoAPS locally
13:33:14 <kaz> ... shows the current configuration
13:33:21 <kaz> ... [1.5 Metadata Bridging]
13:33:32 <kaz> ... metadata bridge
13:33:41 <kaz> ... and HTTPS bridge
13:34:02 <kaz> ... relays the NAT tunnel
13:34:25 <kaz> ... good HTTPS access to the system here (at the local network)
13:34:39 <kaz> ... correct setup for remote access
13:34:43 <kaz> ... and also local access
13:35:08 <kaz> ... HTTP connection is not so nice
13:35:17 <kaz> ... would try HTTPS end point
13:35:33 <kaz> ... thing directory is a SPARQL end point
13:35:55 <kaz> ... global HTTP endpoint and local HTTP endpoint
13:36:25 <kaz> ... that's my configuration
13:36:33 <kaz> er: local HTTP
13:36:40 <kaz> ... local network is not so secure
13:36:53 <kaz> ... may be some acceptable scenario, though
13:37:01 <kaz> mm: right
13:37:19 <kaz> ... IP address not visible globally
13:37:37 <kaz> ... how to set up a local HTTPS bridge?
13:38:16 <kaz> ... now working with Edison
13:38:30 <kaz> ... not fully OCF 1.1 compliant
13:38:45 <kaz> ... may be able to use CoAPS, though
13:39:14 <kaz> ... not fantastically secure yet
13:39:33 <kaz> er: lack of setting up a local HTTPS server
13:39:52 <kaz> ... question of protocols
13:40:16 <kaz> mm: many possible ways
13:40:28 <kaz> ... issues: local certs for HTTPS?
13:40:53 <kaz> ... let's Encrypt/certbot does not work; cert renewal (need certibot)
13:41:04 <kaz> ... there is a CG working on local HTTPS
13:41:41 <kaz> kaz: we can talk with them during TPAC
13:41:45 <kaz> mm: yeah
13:41:58 <kaz> ... AVS server needs to talk with these guys
13:42:25 <kaz> ... (showing [2. Semantic Voice Control])
13:42:47 <kaz> ... any other certificate issues?
13:43:04 <kaz> ... look into "HTTPS Local CG"
13:43:31 <kaz> ... authenticated, encrypted, securely identified endpoints
13:43:39 <kaz> ... HTTPS + OAuth
13:44:09 <kaz> ... the connection is encrypted
13:44:28 <kaz> ... probably not locally...
13:45:17 <kaz> topic: TPAC agenda
13:45:22 <kaz> -> https://www.w3.org/WoT/IG/wiki/F2F_meeting,_4-10_November_2017,_Burlingame,_CA,_USA#Agenda TPAC Agenda wiki
13:45:39 <kaz> mm: regarding security
13:45:47 <kaz> ... should mention...
13:46:01 <kaz> ... Wednesday, in addition to the regular topics
13:46:31 <kaz> ... we'll have a joint session with Payments/Security
13:46:44 <kaz> ... also joint meeting on Thursday with Web Commerce
13:47:18 <kaz> er: wondering about the timezone
13:47:26 <kaz> mm: California time
13:48:17 <kaz> ... asking a speakerphone
13:48:24 <kaz> ... morning should be better for you
13:49:08 <kaz> er: Monday is fine
13:49:19 <kaz> ... but something on Tuesday
13:49:41 <kaz> mm: you're listed here on Monday in the morning (in California)
13:50:03 <kaz> ... also summary of security work in the afternoon on Monday
13:50:09 <kaz> ... feedback on section 5
13:50:31 <kaz> ... I can do it if not good for you
13:51:05 <kaz> ... Tuesday morning, 1.5 hours for security
13:53:35 <McCool> please delete the above line before email is published
13:54:43 <kaz> mm: and Wednesday
13:54:53 <kaz> ... introduction to WoT for Security guys
13:55:16 <kaz> ... will generate some short presentation for that purpose
13:55:43 <kaz> topic: issues
13:55:45 <kaz> skipping
13:55:52 <kaz> topic: workshop
13:55:58 <kaz> mm: busy with POC work
13:56:07 <kaz> ... you input welcome
13:56:25 <kaz> ... will write the paper after TPAC
13:56:34 <kaz> topic: AOB
13:56:39 <kaz> mm: anything else?
13:56:51 <kaz> (none)
13:56:56 <kaz> mm: no meeting on Nov. 6
13:57:18 <McCool> but there will be one the week after that
13:57:27 <McCool> Nov 13
13:57:40 <kaz> mm: next meeting on Nov. 13
13:58:06 <kaz> [adjourned]
13:58:14 <kaz> rrsagent, make log public
13:58:17 <kaz> rrsagent, draft minutes
13:58:17 <RRSAgent> I have made the request to generate http://www.w3.org/2017/10/30-wot-sec-minutes.html kaz
15:39:14 <Zakim> Zakim has left #wot-sec