See also: IRC log
<kaz> scribenick: mjkoster
mccool: document progress
update
... outstanding PR
... created an action for mccool
... review the changes in the PR
<kaz> Issues
* Issue on "Current practices alignment"
* Issue on "Table formatting and definition highlighting"
* Issue on "Existing best practices"
<kaz> Pull Requests
mccool: ( elena's branch)
elena: recommended practices
section
... example security configuration section
mccool: need to add content for specific security practices e.g. scripting API
<kaz> Elena's updates
<kaz> McCool's Working branch
<kaz> mccool: would propose we merge Elena's changes to the above Working branch
mccool: merging elena's PR into the working branch now (no objections)
<kaz> PR 12 has been merged
<kaz> https://rawgit.com/w3c/wot-security/working/index.html is updated now
elena: will work on examples (section 5) next
mccool: created issue for tracking additions to the examples section
Issue on "Examples of security configurations"
mccool: need to add vocabulary
definitions
... created issue to track additions to the scenarios section
"business/corporate"
Issue on "Business/corporate scenarios"
mccool: added issue to track additions to "industrial/commercial" scenarios
Issue on "Industrial/critical scenarios"
mccool: added issue to track scripting API additions
mccool: issue to track "validation "
Issue on "Security validation"
mccool: discuss whether security provisioning is in scope
elena: we need to make a defined
set of assumptions about what is done
... but can't specify how it's done
mccool: OK
... please add comments to the issue
... review the discussion on exposed vs. discoverable
things
... are they separate ?
<kaz> discussion during the Scripting call (Member-only)
elena: what is the specific difference?
mccool: different kinds of discovery?
mjkoster: expose means interaction is available, discoverable means TD is available
elena: when would a thing be exposed but not discoverable?
mccool: enumerantes types of
discovery
... 4 ways to find a thing
... may already have a TD or know how to make a URL to get the
TD
... or maybe there is a scan function
mjkoster: consider the difference in security model between TD and the Interactions
elena: how can we define the exact difference between TD and interaction?
mccool: there are different calls in the scripting API
elena: how does the system get into a state where the interactions are exposed but not discoverable?
mccool: things can't be discoverable but not exposed
mjkoster: it's about different layers of security for exposure vs. discoverability
elena: OK, that is allowed for in
the model
... if the proper access control is provided e.g. on actions,
then what else do we need to do?
mccool: OK, please continue the
discussion in comments and issues
... we need to align the current practices with security
mechanisms for the plugfest
... suggest we look at protocol binding priorities
elena: we should build the scenarios and examples based on concrete protocols
mccool: the statement about wot
security includes statements about target protocols
... if we can cover security through a good comprehensive set
of bindings
... created an issue for tracking
mccool: good response so
far
... most accepted
... update on IEEE S&P progress
... AOB?
elena: on holiday next week
... will queue up some material on PR and issues
mccool: would zkis start discussion on the scripting section?
zkis: OK
mccool: adjourn