16:06:05 <RRSAgent> RRSAgent has joined #wot-sp
16:06:05 <RRSAgent> logging to http://www.w3.org/2015/07/02-wot-sp-irc
16:06:21 <dromasca> dromasca has joined #wot-sp
16:06:21 <Edoardo_Pignotti_> Edoardo_Pignotti_ has left #wot-sp
16:06:30 <dsr> rrsagent, set logs public
16:06:47 <dsr> meeting Web of Things IG Security task force
16:06:53 <dsr> chair: Oliver
16:07:04 <dsr> scribenick: dsr
16:07:05 <EdoardoPignotti> EdoardoPignotti has joined #wot-sp
16:07:27 <dsr> Present: Oliver, Dave, Dan, Edoardo
16:07:52 <Oliver> Oliver has joined #wot-sp
16:09:02 <dsr> Present+ Kathy
16:10:36 <dsr> We introduce ourselves
16:12:10 <dsr> Present+ J_Lyn
16:13:17 <dsr> s/J_Lyn/J_Lynn/
16:14:12 <jlynn> jlynn has joined #wot-sp
16:15:46 <dsr> Dan: have you adopted a threat model?
16:16:37 <dsr> Oliver: we haven’t talked yet about threat models, and have rather discussed objectes. Threat model would fit into the elaboration of the landscape.
16:16:54 <dsr> s/objectes/objectives/
16:18:42 <dsr> Oliver shows us the wiki page for the Security, Privacy and Resilience task force
16:19:34 <dsr> https://www.w3.org/WoT/IG/wiki/Security,_Privacy_and_Resilience
16:19:47 <dsr> We aim to provide a report within a few months.
16:22:08 <dsr> James Lynn suggested some dimensions we could adopt for our study.
16:22:24 <dsr> s/J_Lynn/James/
16:24:54 <dsr> Oliver asks if we’re comfortable with the proposed direction.
16:26:29 <dsr> Oliver asks about the wording “creation time” and “execution time” mechanisms
16:27:10 <dsr> James: What do you mean by creation time? This could be interpreted as either design time or when the service is created.
16:27:28 <dsr> Oliver: I am happy with the term “design time”.
16:27:55 <dsr> James: perhaps “run time” rather than “execution time”
16:28:05 <dsr> Oliver I am happy with that too.
16:28:31 <dsr> Oliver: I would like us to be as interactive as possible
16:33:18 <dsr> Oliver introduces the section on Thing Authentication.
16:34:50 <dsr> Are there missing criteria we should add?
16:35:00 <dsr> [no one answers]
16:36:09 <dsr> May be we should have a “benefits” section?
16:37:12 <dsr> Oliver: it would be nice to have a consistent set of criteria across the sections
16:37:50 <dsr> James: I will see how practical that is.
16:38:01 <dsr> Topic: Landscape analysis
16:38:35 <dsr> Oliver points to the wiki page on security and privacy mechanism candidates
16:39:03 <dsr> If you have anything we need to cover please let us know via email
16:40:10 <dsr> Perhaps we can now have a quick brainstorming session? What other points on the landscape should be considered?
16:40:34 <dsr> [no suggestions]
16:41:22 <dsr> Oliver: the IETF ACE working group is studying mechanisms for constrained devices.
16:41:35 <dsr> There are NIST documents which offer a couple of mechanisms
16:42:04 <dsr> Dave sent out a document on the IIC reference architecture with some ideas on security at a high level.
16:42:52 <dsr> My suggestion is that we also cover traditional security mechanisms, and reckon that we will have something like 20-30 items
16:43:30 <dsr> Oliver volunteers to draw a draft list of mechanisms for us to consider.
16:43:37 <dsr> s/20-30/10-20/
16:45:50 <dsr> For  a couple of mechanisms we should discuss them in detail on a future call
16:47:17 <dsr> Oliver asks if James can prepare something for our next call.
16:47:32 <dsr> James: yes, I can certainly try
16:48:47 <dsr> Oliver: any further ideas for the technology landscape?
16:49:08 <dsr> Edoardo: should we consider guidance documents, such as those from the IETF?
16:49:32 <dsr> Oliver: yes, that would apply to the section on design time criteria
16:50:03 <dsr> Edoardo: I agree with that
16:51:30 <dsr> Edoardo volunteers to make a start on that
16:52:24 <dsr> Topic: Requirements
16:52:38 <dsr> Oliver: I drafted a very early version for this section
16:54:11 <dsr> We can elaborate this over the next few weeks
16:54:39 <dsr> Edoardo: how much should the requirements here be aligned with the use case studies
16:54:57 <dsr> Oliver: eventually 100%
16:55:31 <dsr> Right now, we are in a bootstrap phase
16:56:07 <dsr> We can then iterate to reflect the use cases as they evolve
16:56:41 <dsr> Topic: Joint workshop with IRTF in Prague
16:57:17 <dsr> This is a join W3C/IRTF workshop with a half day track on security and privacy,
16:57:32 <dsr> We have a draft in the wiki for the meeting page.
16:58:20 <dsr> If you would like to give a presentation, please contact Oliver or Carsten Bormann.
16:58:52 <dsr> At the end of this month the WoT IG is having a face to face in Sunnyvale California.
16:59:07 <dsr> Perhaps we can discuss agenda items for that meeting in next week’s call.
17:00:19 <dsr> Oliver brings the meeting to a close.
17:00:29 <dsr> rrsagent, make minutes
17:00:29 <RRSAgent> I have made the request to generate http://www.w3.org/2015/07/02-wot-sp-minutes.html dsr
18:54:25 <dsr> dsr has joined #wot-sp
20:10:33 <dsr> dsr has joined #wot-sp
22:11:17 <dsr> dsr has joined #wot-sp