W3C

- DRAFT -

WoT Security

08 Jan 2018

Agenda

Attendees

Present
Kaz_Ashimura, Elena_Reshetova, Michael_McCool, Tomoaki_Mizushima, Michael_Koster, zkis
Regrets
Chair
McCool
Scribe
kaz

Contents


Agenda

previous minutes: https://www.w3.org/2017/12/18-wot-sec-minutes.html

Soumya's message

mccool: one more meeting before Elena leaving
... need to talk about plugfest planning
... and f2f planning

elena: when/where?

mccool: in March in Prague
... OCF meeting (March 19-23)
... WoT PlugFest (March 24-25)
... WoT f2f (March 26-29)
... plugfest call will be held on Wed (Jan 10)
... can show slides
... on possible support for TLS, etc.
... not everyone is aware of security (at the moment)

elena: should take a look from security viewpoint
... e.g., sensor/actuator within some network and application from outside

mccool: right
... TLS and tokens
... among OAuth

elena: how normally PlugFests set up/down?
... can we see the high-level scenario?

mccool: still on planning phase
... personally want to see security aspects
... how to generalize multiple participants
... so far we didn't consider security
... but we have to go beyond that

elena: if we put too much it wouldn't be accomplished

mccool: right
... might want to start with simple provisioning
... there is more specific things to do
... one discussion we had during the scripting call is affection of security information to the metadata
... set up out of bound

zoltan: provisioning is not part of the current scripting api

mccool: how can we prototype?
... need to document it

<zkis> provisioning may be covered by a scripting API with a different entry point than the WoT API

mccool: (shows the 2018-prague area for plugfest)
... (and then 2017-burlingame area)

2017-burlingame area

latest slides

(to be merged with the HTML)

mccool: [p5. Issues for the next]
... issues here
... TD distribution and management should be done in a secure manner
... this week (on Wed) we should have more detailed discussion
... would accomplish voice interface
... all the stuff inside a secure mechanism
... that's my preference

kostelena: we should put all of them together

NDSS workshop

mccool: paper on the queue
... and still under review

IoT semantic interop ws

mccool: another topic on the queue
... negotiating with the NDSS co-Chair for submitting a paper to this ws

[[

*Important Dates*

Paper submission deadline: February 28, 2018

Acceptance Notification: March 31, 2018

Camera-Ready Paper Submission: April 30, 2018

]]

mccool: thinking about security aspects
... semantic tagging for security
... policy information marked up by semantic tagging
... let me know if you have any ideas
... this workshop itself is more about semantic interoperability

WoT Security and Privacy Considerations

mccool: need to see the Editor's notes
... create GitHub issues based on those notes

kaz: maybe I should check the possible difference between the publication version and the Editor's draft just to make sure

mccool: (shows pullrequest 62)

pullrequest 62

files changed

mccool: conversion from "Thing" to "System" seems ok
... (browses some more keywords, e.g., "System Maintainer", "Security Owner")
... have to read through all the changes before merging
... and another pullrequest 37

pullrequest 37

file changed

mccool: need to check with Dave
... (add a comment to the issue 37)
... regarding pullrequest 62, I'll check all the changes including the threat model with IETF IoT RFC #40
... Kaz, can you check the diff between the Editor's draft (master branch) and the published version?

kaz: will quickly do

mccool: will review the PRs
... and accept them (if it's ok)
... we should be thinking about security for plugfest
... also will review the security document

Issues

mccool: got a comment from Wendy

issue 61

mccool: will respond to Wendy
... (goes through other issues)

issue 59

issue 39

mccool: maybe can assign issue 39 to Elena

issue 36

mccool: will check with Dave

prev minutes

prev minutes

mccool: any objections to accept the minutes?

(none)

[adjourned]

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/01/15 14:09:19 $