W3C

- DRAFT -

WoT Security

30 Oct 2017

Agenda

See also: IRC log

Attendees

Present
Kaz_Ashimura, Michael_McCool, Michael_Koster, Elena_Reshetova, Tomoaki_Mizushima, Zoltan_Kis
Regrets
Chair
McCool
Scribe
kaz

Contents

<scribe> scribenick: kaz

agenda

Agenda

mccool: review of prev minutes, draft publication, schedule, issues, workshop
... TPAC agenda and PlugFest objectives

elena: next week?

mccool: yes
... so no meeting on Nov. 6

minutes

prev minutes

mccool: goes through the minutes
... various issues
... one clarification
... working branch was deleted
... merged into the main master branch

elena: and started new work on the working branch

mccool: ok
... master branch staying clean is important for TPAC discussion
... goes through issues
... I'm ok with the minutes

elena: fine by me as well

RESOLUTION: prev minutes accepted

mccool: working branch is not gone but merged

kaz: will fix that point

schedule

Schedule

mccool: we've done the preparation
... kaz, can you work for the publication?

kaz: will send a transition request to the project manager
... and check the document using check tools
... and then talk with the Webmaster

mccool: possible pub date on Nov. 16?

kaz: yes, let's aim that
... if there is any problem, I'll get back to you

mccool: updates the schedule

draft publication

mccool: master is updated version for TPAC
... feel free to provide pull requests but the master branch should be clean

elena: Matthias's comments?

mccool: he's busy so maybe difficult
... during TPAC, there are three things
... plugfest, security features as part of my contribution
... trying to work with HTTPS
... authentication using OAuth
... in conjunction with Amazon Alexa as well
... any prototype of implementations for TPAC?

elena: thinking about practical implementations
... example use cases for section 5
... not sure how to collect information at the moment, though

mccool: add topics for "TODO: Security Features" from his slides
... WoT0McCoolPOC(007).pptx

elena: now we have a very basic one

mccool: Use Cases from PlugFest
... additional lower-level "patterns" or "system configurations"
... some information at: https://github.com/w3c/wot/tree/master/plugfest/2017-burlingame
... we can discuss the document
... you'd do a presentation on the current status?
... you can add people about possible additional system configuration

elena: section 5 is good to go
... examples of security mechanisms

mccool: want a document
... e.g., Intel POC includes HTTPS, SSH tunnel for NAT traversal, OAuth, CoAPS locally
... shows the current configuration
... [1.5 Metadata Bridging]
... metadata bridge
... and HTTPS bridge
... relays the NAT tunnel
... good HTTPS access to the system here (at the local network)
... correct setup for remote access
... and also local access
... HTTP connection is not so nice
... would try HTTPS end point
... thing directory is a SPARQL end point
... global HTTP endpoint and local HTTP endpoint
... that's my configuration

elena: local HTTP
... local network is not so secure
... may be some acceptable scenario, though

mccool: right
... IP address not visible globally
... how to set up a local HTTPS bridge?
... now working with Edison
... not fully OCF 1.1 compliant
... may be able to use CoAPS, though
... not fantastically secure yet

elena: lack of setting up a local HTTPS server
... question of protocols

mccool: many possible ways
... issues: local certs for HTTPS?
... let's Encrypt/certbot does not work; cert renewal (need certibot)
... there is a CG working on local HTTPS

kaz: we can talk with them during TPAC

mccool: yeah
... AVS server needs to talk with these guys
... (showing [2. Semantic Voice Control])
... any other certificate issues?
... look into "HTTPS Local CG"
... authenticated, encrypted, securely identified endpoints
... HTTPS + OAuth
... the connection is encrypted
... probably not locally...

TPAC agenda

TPAC Agenda wiki

mccool: regarding security
... should mention...
... Wednesday, in addition to the regular topics
... we'll have a joint session with Payments/Security
... also joint meeting on Thursday with Web Commerce

elena: wondering about the timezone

mccool: California time
... asking a speakerphone
... morning should be better for you

elena: Monday is fine
... but something on Tuesday

mccool: you're listed here on Monday in the morning (in California)
... also summary of security work in the afternoon on Monday
... feedback on section 5
... I can do it if not good for you
... Tuesday morning, 1.5 hours for security

<McCool> please delete the above line before email is published

mccool: and Wednesday
... introduction to WoT for Security guys
... will generate some short presentation for that purpose

issues

skipping

workshop

mccool: busy with POC work
... you input welcome
... will write the paper after TPAC

AOB

mccool: anything else?

(none)

mccool: no meeting on Nov. 6

<McCool> but there will be one the week after that

<McCool> Nov 13

mccool: next meeting on Nov. 13

[adjourned]

Summary of Action Items

Summary of Resolutions

  1. prev minutes accepted
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/11/21 02:51:52 $