WoT IG - Security

23 Aug 2017

See also: IRC log


Kaz_Ashimura, Elena_Reshetova, Michael_Koster, Soumya_Kanti_Datta, Tomoaki_Mizushima, Zoltan_Kis, Michael_McCool, Barry_Leiba, Katsuyoshi_Naka


<kaz> scribenick: elena


McCool: agenda, change security task force meeting to Monday 3pm finland time?

no objections, meeting time changed

Documents status

McCool: next agenda item, first draft for overall arch. and TD document security sections
... next wednesday, Aug. 30, is fist deadline
... monday is a final time for changes, after goes to review
... another item overal direction, general things go to architecture document, td doc only to have specifics

<zkis> elena: yes, PR was made to mccool's repo with the TD

next we are discussing PR that elena did with changes in TD security section

pr would be accepted to mccool repo, he would cleanup etc

elena: it would be nice to cross reference to threat model
... when writing security sections in different docs

McCool: insert link to threat model in TD security section

elena: use of secure transport should move to general architecture doc section

<McCool> https://github.com/mmccool/wot-architecture/tree/security

McCool: what pieces from generic practice document should be moved to the security architecture or TD sections?
... will do a first pass on generic arch. document security section, elena will take second pass

<kaz> https://github.com/w3c/wotwg/pull/5#issuecomment-32374263

kaz: what is procedure from url above?

<kaz> https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fw3c.github.io%2Fwot-scripting-api%2F&doc2=https%3A%2F%2Fraw.githubusercontent.com%2Fdanielpeintner%2Fwot-scripting-api%2Fmaster%2Findex.html htmldiff

we will do html diff according to above

zkis, could McCool merge the PR above from Zoltan?

<kaz> kaz: Zoltan was proposing a procedure (pullrequest 5) and everybody is encouraged to use htmldiff

<kaz> https://github.com/w3c/wotwg/pull/5

RESOLUTION: will be merged

McCool: access token currently for entire TD and not for individual entries

elena: this is not good and won't scale in general

McCool: we will need to double check this and discuss further
... minimize application functionality should go to general architecture

<kaz> pullrequest for wot-thing-description on McCool's repo

McCool: testing should also be moved into general document
... WoT API needs to be added to terminology list for further discussion

question: what should be extracted from the WoT Current Practices document security section?

elena: will take a pass on thinking and moving stuff

<kaz> WoT Best Practices document

McCool will create first PR, elena will do a next pass

everyone should read it and say their objections if any or recommendations

McCool: what are the best available practices and reference to them?

McCool will update the list of references from set that people recommended over email

IEEE Workshop

McCool: we need to submit proposal for workshop for S&P IEEE workshop by 20 of september

anyone wants to volunteer?

<kaz> IEEE workshop page

McCool will try to do the first pass on it

others need to review

we should discuss it during next meeting

McCool: will ask around who else wants to participate in workshop/share costs
... workshop probably is one day and asking people to submit short papers

kaz: we will need to talk about it during next chairs meeting

another option to consider is NDSS workshop in February

but deadline is august 31st, so very soon

next meeting is next monday

Summary of Action Items

Summary of Resolutions

  1. will be merged
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/08/24 18:13:22 $