See also: IRC log
mccool: publication schedule
... this is a Note
... distinction on the state of the doc
... working version and release version
kaz: add some clarification
... Sebastian clarified TD schedule at: https://www.w3.org/WoT/IG/wiki/WG_WoT_Thing_Description_WebConf#Agendamccool: would like to publish a first one before TPAC
elena: when is TPAC?
kaz: the week of Nov. 6
mccool: would like to prepare the
release candidate within 2 weeks
... first draft for the FP Note in 2 weeks from now
... Oct. 24
... working -> master
... and W3C Note: Oct 31 roughly - ready for TPAC Nov 6
... (mm checks Elena's availability)
... 2nd draft: end of Dec
... Dec 19 (Tue)
... tentatively
<inserted> kaz: note on the automatic publication system
mccool: after that: roughly every 2
months
... FYI, NDSS deadline Nov 14
... and the NDSS workshop Feb 18
... IEEE proposal was rejected
... I'll be making presentation and need your input for NDSS
workshop
... (going back to the publication schedule)
... 3rd draft: early Feb
elena: might be problematic to me
mccool: 3rd draft: early Feb (e.g.,
Feb 15 for NDSS; Elena may not be available)
... (records the above in the wiki)
<McCool> Release Timeline (W3C Note) First Draft - 2wks from now, Oct 24 (working -> master) W3C Note: FP Note (Oct 31 roughly) - ready for TPAC Nov 6 Second draft: Dec 19 (Tues) Third draft: early Feb (eg Feb 15 for NDSS; Elena may not be available) After that: roughly every two months update
https://github.com/w3c/wot-security/pull/30
https://github.com/w3c/wot-security/issues
elena: submitted proposal for
section 5
... agreement?
... seems there is some difference
... need to change the basic assumption?
elena: ok with this approach?
mccool: as long as you're clear with the example, should be ok
elena: referring to a couple of
RFCs
... don't want to repeat the descriptions already done by
others
... e.g., OCF
mccool: architecture documents
include similar things
... bunch of use cases
... maybe you could add links referring to the architecture
document
elena: might be a bit different set
mccool: another point you mentioned
is OCF
... WoT client can talk with an OCF device
... is there a case in which the device doesn't handle WoT
TD?
... one possibility is a Thing itself provides TD
... or another Thing could provide the TD for the Thing
elena: can add some description
mccool: OK with this Editor's Note (Fill in the protocols)
elena: any configuration different
is important and to be described from security viewpoint
... would people to submit ideas
mccool: we should proceed with some
obvious scenarios
... not too much stuff
... in this scenario (Fig 3)
... what if we have a gateway
... there might be some additional security issue with, e.g.,
caching
... need to expand the example to include other possible
scenarios
elena: btw, the cloud is cut off in
Fig 5
... will work with section 5 tomorrow
mccool: we should fix the figure
references
... once you add links to the threats, take a look at the
definition
kaz: will we add links to the architecture doc from section 5?
mccool: we should do so
... 1-to-1 link
kaz: do you want to add an Editor's note on that?
mccool: as appropriate
... (looks at the draft)
... starting with the section "1. Introduction"
... will add a link to the WoT Architecture document
... terminology section also should refer to the Architecture
document
... still missing content for several sections
elena: e.g., 4.2
mccool: ok with those sections at the
moment
... should add several abstract sentences, though
... OK for the first public Note
... might be going to fix up the formatting for the table
... to make it consistent
... let's go back to the issues
mccool: Elena has done some edits
https://github.com/w3c/wot-security/issues/29
mccool: we have bunch of things with
the scenarios
... we've done the abstract
https://github.com/w3c/wot-security/issues/17
mccool: the abstract is clean enough
kaz: you'll add a link to the Architecture document. right?
mccool: yes
... closes issue 17
... and create another issue "Align with Architecture
document"
https://github.com/w3c/wot-security/issues/35
mccool: would like to clean up the document for the first publication within 2 weeks
dsr: using WebSocket for Eventing
mccool: do you agree with Elena?
Elena's question: Should we have a case for this explained in the "Examples of WoT security configurations" section of the security doc? Seems like a good logical place to describe this case and also talk about the measures
dsr: yes
elena: need to clarify concrete
mechanism
... please add description and pictures if possible
... actual security mitigation, etc.
dsr: wanted to stimulate the discussion
mccool: willing to provide concrete Pullrequest?
dsr: yes
elena: possible new section 5.5
mccool: what kind of figure? SVG?
elena: please follow the examples from Matthias (wot-security/images)
mccool: good to follow align with existing practices in this space
mccool: would like to add another issue on privacy
elena: we can add a separate
section
... but still need to update the threat model section
... should add links to the points we need to consider
kaz: possibly a guy from DAS WG who attended TPAC in Lisbon?
soumya: can hep as well
mccool: (can't find Soumya on the
list)
... who is the guy from DAS?
kaz: will check and get back to you later
mccool: updates the issue
soumya: question on NDSS paper
... can join the effort as well
mccool: tx
soumya: we should have some template
mccool: let's have discussion next
week
... (adds a topic on that for the next meeting)
[adjourned]