WoT Security

15 Jan 2018


Kaz_Ashimura, Elena_Reshetova, Michael_McCool, Tomoaki_Mizushima, Michael_Koster


Pull request 63 on lifecycle

elena: wondering about the possible changes for the Architecture

mccool: there is a repo for wot-architecture
... we can create an issue about this pull request

elena: lifecycle should be described in the Architecture

<McCool> https://github.com/w3c/wot-security/issues/65

mccool: have just created the above issue
... pictures would be helpful
... issue 65 on "Consider moving Thing lifecycle discussion to Architecture"

Pull Request 63 initial text for lifecycle

mccool: having a picture would be good

Elena's proposed initial text

mccool: IIC document has lifecycle definition
... normally you need provisioning

elena: depends on what your security provisioning model is like
... might be going back from re-provisioning to operational state
... not sure we need to re-invent lifecycle definition, though
... we should add some stronger statement for the Editor's note here
... we have to make some assumption

mccool: let's state our assumption
... devices in secure/compromise state
... just keep it under control
... we don't really worry about updates
... devices may go down and come back
... or new devices come back

elena: what is available on WoT layer?
... and what is out of scope?

mccool: let's update the Editor's note

elena: will update it

mccool: ok
... btw, can you make the next call?

elena: planning to join it

mccool: will accept it once you're ok

<Zakim> kaz, you wanted to ask if we need some mechanism to identify some specific device from the others

kaz: what kind of picture for this?

mccool: SVG-based one?

kaz: the content is some kind of state transition. right?

mccool: yes

elena: can draw a state transition diagram


mccool: we'll have a PlugFest during the Prague f2f

f2f wiki

mccool: (shows the above f2f wiki)
... adds topics to the agenda input section
... payments moderated by McCool
... and more general discussion
... Elena for PlugFest security postmortem
... McCool for Validation

elena: how is the functional testing?
... issue on compatibility?
... which way to go, validation and/or testing

mccool: (adds comments to "Validation")
... what do we mean by "Validation"
... and how to do it?

elena: useful to try hackathon

mccool: (adds comments to "Validation" again)
... "white-hat hackathon" and penetration testing
... how long do we need for each topic?
... (adds proposed time to each topic)
... PlugFest Security Postmortem - 30m
... Use Cases - 40m
... Payments - 20m
... Validation - 40m

elena: who is most connected with the industrial scenario?

mccool: maybe Siemens and Lemonbeat?

elena: I'll do lifecycle update first

mccool: McCool for lifecycle under Architecture

elena: will try to join the meeting (remotely) but maybe will have difficulty

mccool: ok
... (putting some more topic)
... "Liaisons and other connections" as a new topic
... McCool for OpenFog and OCF

updated agenda proposal

mccool: (mentions his status about travel planning)
... maybe will miss the IETF hackathon
... probably will attend the data modeling part and the security part of the OCF meeting
... can we invite somebody from OCF?

koster: good idea

mccool: we have the PlugFest calls once a week on Wednesday
... will generate some slides and ping you (Elena)

koster: let's discuss that on Wednesday

mccool: reasonable security use case
... could go back to the previous PlugFest and see which part could be modified
... making the old stuff secure would be a good starting point

elena: is our security goal same as the main goal of the PlugFest?
... can we add security portion to the main goal?

mccool: how to secure semantic discovery, etc.

previous minutes

prev minutes

mccool: (goes through the prev minutes)
... accept the minutes?



Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/01/15 14:37:57 $