See also: IRC log
<kaz> scribenick: uday
McCool: Discusses issues and next steps
... starting with the discussion on pull request 349
<kaz> https://github.com/w3c/wot/pull/349 pull request 349 has just been merged
Elena: TD privacy and TD local
storage updated
... Security consideration section: goal is to use this to
adopt security scenario and build one's own security
objects
McCool: might get a conflict issue
<kaz> Kaz: a quick question
<kaz> ... do you want to commit this by Wednesday (=finalizing the whole group review)?
<kaz> Elena: this is not ready for commit and need more discussion
Kaz: can we include this in architecture doc
McCool: no time till the first public
draft
... need security repo
Elena: can have a single big document or sub documents
McCool: lengthy document might
overshadow topics
... threat model and security consideration can be put into one
doc
... privacy is missing in the doc, need to add this
Elena: started to add privacy
related threats in threat model itself
... explains privacy with examples
<kaz> McCool: would try a vote. anybody object to have a separate document for "WoT Security and Privacy Consideration"?
McCool: do anyone objects separate deliverable for WoT security considerations
Elena: need to highlight important parts
McCool: agree
... need to separate implementation details
... we should create new doc under WoT repo and have a security
repo in parallel
Kaz: can create a separate repo if needed
<kaz> ... "wot-security"?
McCool: wot-security would be a good name
Kaz: need to use repo manager to publish
<kaz> Kaz: as part of the normative WG deliverables? if so we need to use the repository manager as well
<kaz> McCool: should be an informative deliverable, e.g., a WG Note
McCool: normative and informative parts of security
smilar to WoT architecture repo
how do we publish security?
shall we make security as a separate doc instead of merging in architecture doc
<kaz> because the description would become long
McCool: how do people handle this in another groups
Kaz: maybe with separate normative doc
McCool: don't want to ember all security stuff in architecture doc
Kaz: makes sense to start with informative note and decide with the chairs call
McCool: will also create hyperlink between docs
<McCool> McCool: we will aim for a separate security document, "WoT Security and Privacy Considerations"
<McCool> we'll talk to the editors/chairs to confirm this
<McCool> the document will be informative, but published in such a way (note) that we can hyperlink to sections from the other documents
<McCool> ideally, we would have it in its own repo, parallel to the wot-architecture
<McCool> proposed name: wot-security
McCool: security in architecture doc clan up
<kaz> https://w3c.github.io/wot-architecture/#security-considerations
<zkis> https://zolkis.github.io/wot-scripting-api/
ZK: already made a PR, can see on my gitthub page
<kaz> https://w3c.github.io/wot-scripting-api/#security
<kaz> McCool: should read "The security section is under development and will be completed later."
<kaz> ... on the other hand, there is a link to the threat model in the TD draft
<kaz> https://w3c.github.io/wot-thing-description/#threat-model
<kaz> Kaz: do we want to update the Architecture/Scripting API as well with the detailed description?
<kaz> ... or ok to publish them asis?
<kaz> McCool: publishing them with the minimum description now is ok
thanks for the filling kaz
<kaz> ... but would like to remove "More general discussion of overall security of a Thing (for example, best practices for WoT Interface design) can be found in the WoT Architecture document. " from the "7. Security Consideration" section of the TD draft
<kaz> https://w3c.github.io/wot-thing-description/#security-consideration
<kaz> McCool: and also for the architecture document
<kaz> ... the Editor's note at "8. Security Considerations"
<kaz> ... Security and privacy considerations are under development
<kaz> ... and remove "For now, only the sub-section headings are included to indicate the roadmap for the WoT Architecture security considerations."
<kaz> rsagent, make log public
<kaz> https://github.com/w3c/wot-architecture/issues
<kaz> github issues for architecture above
<kaz> McCool: add "Please see work in progress at WoT Security and Privacy."
<kaz> ... linking to: https://github.com/w3c/wot/tree/master/security-privacy
<kaz> ... (creates a pull request on his own repo; and will create a pull request on the main repo)
<kaz> ... next
<kaz> ... Elena, if you can take out an overview on W3C WoT security and privacy
<kaz> ... copy the framework from the WoT Architecture document
McCool: next steps: ER to create new doc under WoT Security and privacy and start general documentation
MM to make sure the draft is clean
<kaz> Elena: regrets for the next call (Sp. 11)
<kaz> McCool: if you can send a link to your repo, I can make a pull request
<kaz> McCool: worked on the proposal
McCool: proposal submitted to NDSS
<kaz> McCool: deadlines:
<kaz> ... cfp 25 sep 2017
<kaz> ... now done and in the pipe
<kaz> ... focused on standards
<kaz> ... review of existing standards
<kaz> ... including but not limited to W3C standards
<kaz> ... will be held in February
<kaz> Elena: paper deadline too close?
<kaz> McCool: we should discuss that
<kaz> ... notice to authors: 15 Jan 2018
<kaz> ... not expecting a big paper, just 1-3 pages
<kaz> ... publication-ready papers: 1 Feb. 2018
<kaz> [ adjourned ]