<McCool> security template--- for the agenda
kaz: while waiting for Koster, I
have something
... we should clarify who will implement which servients for
Prague
... for that purpose, we might want to reuse Fujitsu's proxy
servient for Prague
... and people should clarify the interface between Futjit's
proxy and each application/device servient
matsukura: sounds good
kaz: thought you wanted to do
that for Burlingame
... but maybe we could try that for Prague
<mjkoster> sorry, having trouble connecting with webex
kaz: Matsukura-san, maybe you could extend your document (Burlingame one and/or Prague one) for interface descriptions
<ryuichi> https://github.com/w3c/wot/blob/master/plugfest/2018-prague/preparation.md
kaz: koster, you generated updated slides?
koster: yes, to clarify our
goals
... we have many goals
... what we want is having a common ground
... e.g., for discovery
(Koster joins)
<mjkoster> https://github.com/mjkoster/wot-protocol-binding/blob/master/plugfest-prague.pdf
koster: (goes through his updated
slides)
... [Thing Directory]
... registration lifecycle management
... what TDs will you register as a server
... what client discovery methods will you use?
... [Semantic Annotation]
... some portion here
... what thing types and capabilities will be exposed by your
servers
... what interactions and data types will be exposed for each
capability
... applications/clients/servers
... put it into the questionnaire
... we should bring some kind of client
... what application does your client host
... [Protocol Binding]
... we have CoAP, HTTP, ...
... how tho deal with event handling
... [Proxy]
... what protocols does your proxy consume/expose
... security protocols
... how does your proxy interact with Thing Directories
... [Security]
... strawman questions
... transport security methods, e.g., DTLS
... access control features, HTTP basic auth, Kerberos,
ACLs?
... how to obtain/configure it?
... [Accessibility]
... accessibility scenario
... alternate modes of interaction
... next level of issues?
... also same slide deck
... details about things
... questions?
... would like your input offline
<mkovatsc> https://github.com/thingweb/thingweb-directory
koster: we need whole architecture works together
matthias: Thing Directory online above
<mkovatsc> https://projects.eclipse.org/proposals/eclipse-thingweb
matthias: not yet Eclipse foundation
repository
... you can simply use the thingweb repo for Prague
koster: tx
... we're having a wishi workshop
... 1 week before our f2f
... I'm working on that
... would like to start with discovery
... want to avoid duplicate
... hopefully we can do some complementary work
kaz: so you want to expand these questions to guidlines?
koster: yes
kaz: how to proceed?
... actual questionnaire?
... wiki or MD?
koster: can create an MD or
wiki
... for collaborative work
... can make some template with example
kaz: whichever is fine, wiki or
MD
... W3C wiki or GitHub wiki :)
koster: GitHub wiki would be
better
... we can use pull requests
kaz: ok
koster: let's go for that way
<scribe> ACTION: koster to organize the first shot of questionnaire template
kaz: any other questions?
(none)
mccool: similar to what koster
explained
... eventually we may merge this with his template
... what is in and out our scope
... [Goals]
... hard to define security recommendation
... need to describe concrete scenario
... [Agents and Roles]
... who is using this
... who owns?
... who maintains?
... [Topology]
... what kind of places?
... break down into major sections
... [Confidentiality and Privacy]
... need more use cases
... information management
... [Integrity]
... [Authentication]
... how to identify agents
... [Authorization]
... who has what kind of rights?
... identity of things
... during the operational lifecycle
... authorization may change
... you may simply make it static
... [Validation]
... how would you validate the security
... 2 angles
... what you build for plugfest
... and what would you do for the scenario
... useful to document what would you do
... questions?
... this is available on GitHub
mccool: we need feedback
... discussion continues at the next security call on
Monday
... would like to have an implementation to cover those
points
... everybody has to do that
kaz: do you want to put this on MD to gather opinions?
mccool: need feedback
... markdown is fine
... need to think about where the check list should go
koster: powerpoint should be also acceptable
<mkovatsc> https://www.w3.org/WoT/IG/wiki/F2F_meeting,_24-29_March_2018,_Prague,_Czech_Republic#Preparation
koster: as additional resources,
e.g., diagrams
... we can put all the information into one place
mccool: can convert this to MD and
put it under the wot repo
... under the wot/plugrest/2018-prague
koster: maybe under a subdirectory of "checklist"?
mccool: ok
... maybe we can start with README.md
matthias: directory for multiple checklist?
mccool: Koster is doing a general
checklist
... and mine is for security specifically
matthias: ok
... if people has additional points, they may add them
koster: if people just add lines,
there should not be conflicts
... I'll create some initial checklist
kaz: personally prefer having both on one page with 2 sections
mccool: we can merge them later
kaz: ok
mccool: after plugfest we should merge them
kaz: ok
... any other questions?
matthias: what do we have to do
now?
... there are so many documents
matthias: what documents to read?
... need an overview
<mkovatsc> https://www.w3.org/WoT/IG/wiki/F2F_meeting,_24-29_March_2018,_Prague,_Czech_Republic#Preparation
kaz: that is the starting point on the f2f wiki
mccool: maybe we can add a link to the checklist to the f2f wiki?
matthias: that's fine
mccool: (adds a link to the f2f
wiki)
... and next we need to add actual scenarios to the prep
document
... we can create subdirectories for concrete scenarios
koster: scenarios and system
architecture
... also interoperability across different scenarios
mccool: btw, I see editorial issues with this prep document, and would like to go through it
[adjourned]