See also: IRC log
(brain storming)
kaz: TV Control API CG has
started their phase 2 work
... and interested in security/privacy
... so far they're thinking about collaboration with the
Automotive group
... but collaboration with this WoT-SP would also make
sense
oliver: ok. let me know about
their opinions, etc.
... we should be able to respond to them
... there is already public information
... so we can show it to them
-> http://w3c.github.io/wot/landscape.html Landscape document on GitHub
oliver: sharing the document on
the webex
... not updating for awhile
-> http://w3c.github.io/wot/current-practices/wot-practices.html#security-considerations-1 Security consideration for AP from the Current Practice document
oliver: question to Sebastian
sebastian: updating the TD
section
... what kind of security portion should be considered?
... to get access for resources
... what kind of security token for server?
... discussion using email
... first idea
... will talk during the TD call next week as well
... one part is how would the security information be
provided?
... how to interact with services?
... how we can protect TD itself?
... interesting issues to consider
oliver: the second one is more
important
... it's design work
... protect TD
... my recommendation is accessing things should be the
priority
... wrapper for things
... would suggest prioritize that
... and could think about other topics later
... skimming the document
... explaining the problems
... not yet have information from the email exchanges
... showing "Protecting TD Objects" section
... the second part is more important
... "Describing prerequistes for accessing things"
... would be the fundamental work
sebastian: ok. will do.
oliver: 3.2.3 Security
Considerations
... not giving the answer yet
... need more coverage
... maybe need to talk with Johannes
sebastian: will do that too.
oliver: we've been taking care of
security as well for our plugfest
... e.g., in Nice
... would have same features in Montreal as well
... plan to offer an extension
... probably could provide something in June
sebastian: in Nice we already had
security scenario
... but security description was not used within the Thing
Description
... we need security description within TD
... the point is small change in TD
... additional features
... how about that?
oliver: could be done
... 2 issues
... we have server-side component
... don't require to change that part
... how to document?
... timing issue
... the other thing is
... error response from the server
... natural approach would be rewrite the description
... client should understand the security token
... the second step is putting that into TD
... but not enough time to do really fundamental things
... but would be welcome if you try
... for Montreal, could display security
... not as abstract but concrete Thing Description
sebastian: not involved in the
security plugfest so far
... panasonic made much effort
... security and communication
... maybe I should check that beforehand
oliver: light-weight way for
prototype in non-normative way
... prototype object as a part
... next discussion would be how to create automatic
sessions
... would make a display object
... logic by a state management engine
... can be done by the Montreal meeting
... BTW, I can't make my travel for the Montreal
meeting...
... I could prepare for those topics including the state
engine
... and could offer information to TD and AP
sebastian: sounds like a good idea
oliver: we should try to
define
... that's all from my side for the Montreal meeting
-> https://github.com/w3c/wot/blob/master/WG/wot-wg-items.md Charter items
<dsr> draft charter (viewable in browser) https://w3c.github.io/charter-drafts/wot-wg-2016.html
kaz: Dave has created an HTML version above
oliver: two sections for
security
... 1.1 Thing Descriptions
... the second bullet is on security
... and 1.2 Scripting APIs
... the second bullet again is on security
... where to add security portion?
dsr: we have to define
deliverables
... and put more details
... mentioned during the AP call yesterday as well
... need information on prototype implementations
... also proof-of-concepts
... to justify the need for this work
... and convince corporate managers
... we have architecture document and current practice
document
oliver: it would make more sense
to extend the best practice document?
... what should be the starting point?
... also would be difficult to work for the following weeks due
to vacation...
dsr: explains the importance of additional information
oliver: was in contact with
vendors
... solid foundation than having paper only
... would go into the best practice document
... there are technologies there
... would suggest we update the best practice document
... elaborate the text
dsr: we have focus on some
specific technology
... not sure in terms of text for the charter
... we have references
... on the GitHub site
... could add links to the architecture/current practice
documents
oliver: alright
dsr: there is a bullet point
mentioning privacy poicies, access control, etc.
... linked data vocabulary might be too ambitious for
short-term
... we need to clarify
... we have to explain that
oliver: alright
... don't think "trust assertions" are too far away
... but we need to have components for security
... we have had some of them during plugfest demos
... would suggest we continue discussion using emails
dsr: ok
oliver: action item on trust
assertions
... that's all for today from my viewpoint
... anything else to talk today?
(none)
oliver: a couple of follow-ups to
do
... next call will be April 7th
... meaning no call on March 24th
[ adjourned ]