W3C

- DRAFT -

WoT Security

12 Feb 2018

Agenda

Attendees

Present
Kaz_Ashimura, Michael_McCool, Barry_Leiba, Daniel_Peintner, Elena_Reshetova, Michael_Koster, Zoltan_Kis, Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
Elena, McCool, kaz

Contents

<kaz> scribenick: elena

Previous minutes

<kaz> prev minutes

McCool: reviewing previous meeting minutes first

reading through the minutes...

McCool: should try to review labels on issues today if we have time
... any objections to accepting the minutes?

minutes accepted

Review NDSS presentation material

McCool: next NDSS presentation slides review

<McCool> https://github.com/mmccool/ndss-wot-sec

<McCool> https://github.com/mmccool/ndss-wot-sec/tree/master/talk

McCool: 20 min talk, 10 min questions
... goals of the presentation to get a feedback instead of presenting new methods/approaches
... main focus is on metadata and TD, slides follow the NDSS paper and we are hoping for a good discussion after that
... are the goals clear enough?

Barry: yes, I think so

McCool: some links on slide 5 might need updates
... slide 7 focus on TD, semantic metadata should be changed to TD on slide 7 also
... slide 8 needs an example update
... do we have an updated examples?

KostElena: not sure we have syntax fixed, so need to wait for it to stabilize

McCool: slide 8 needs to have bubbles for security metadata
... slides 11-15 talk about open issues with WoT and distributed security

<Zakim> kaz, you wanted to ask if you/we want to mention plugfest (and plugfest guideline) as well and to ask if you want to mention existing examples, e.g., digital TVs

Michael adds a new slide: follow-up actions

with plugfest info

Kaz: also should mentioned S&P consideration document
... should really refer to a concrete example in the slides?

McCool: talk is short, audience should understand it

Elena: I think that examples might be important since there are many standards around IoT, so audience might benefit from it

McCool: I will try to put some example for explaining issues and if it doesn't work, it can be removed

Michael explaining following slides

McCool: smth is not discussed as separate issue: protection of metadata

<kaz> Michael's Slides

McCool: maybe we need a new slide for this
... problem 5 is pretty vague in the paper, so I gave some examples in slides
... shows kind of things we can enable with metadata
... please send email to me to provide further comments

changes will be uploaded to github

Scripting review

<zkis> http://rawgit.com/zolkis/wot-scripting-api/master/index.html

<kaz> scribe: McCool

Elena: showing rawgit version of most recent Scripting API draft
... looked at version available Friday
... general feeling: much more concrete
... concrete APIs
... clearer to see what is missing
... currently: doesn't have *anything* about security
... none of the examples discuss it
... start from use cases...
... looking at which of these actions would need security
... and then we can discuss how to plug it in
... for instance, discovery
... an attacker could be visiting a site
... if discovery done using broadcast
... can find out all the things
... could be a privacy threat
... even just knowing what devices are there
... same in an industrial environment
... not clear what the limits are on discovery

Zoltan: mapping of existing functionality onto scripting
... but supported in scripting only if implementation supports it
... might be blocked by implementation

Elena: brings me to another point...
... how are errors reported?

Zoltan: that's right
... coming.
... descriptions of algorithms still coming
... we have to be careful when reporting errors
... to not give away information to an attacker

Elena: should be ok to say it is a security error, just not what kind of security error (eg type of credentials required, etc)

zoltan: ok, sounds good

Elena: there are so many security things that fingerprinting is still hard

zoltan: we used to have a security section
... but it was deleted, didn't contain much anyway

zoltan: but we can at least add security error to error list

Elena: discovery was one security issue
... right now gives the impression that there are not errors, API methods just work...

Zoltan: there should be an algorithm section for each that also described when and how they can fail; not there yet

Elena: what about security metadata... how to be associated with an exposed thing, for instance?

McCool: for instance, how to associated metadata with an exposed thing

Zoltan: you don't... in manifest

Elena: but for example, an Action may be need a token

Zoltan: that should come from the identity
... certain entities will have certain access rights

Elena: but if use token-based access, for instance, how to specify which actions need which tokens?

Zoltan: right now we have no means to associated security metadata with particular actions, just with entire thing
... we need a separate API for provisioning
... in a different security realm
... consider it out of scope from scripting API
... but, you do have a point that it contributes to the TD
... we do have to figure out what security metadata the TD contains
... right now we can generate functional part of TD, but can't do provisioning
... we need a different API spec for provisioning

Elena: how to support different credentials for different actions?

Zoltan: we decided in OCF that in that case it was better to separate actions in different APIs
... in the WoT, that would put interfaces with different security requirements in different Things

Daniel: I think you are right, Zoltan is completely not in the document
... but what I think now should happen
... if certain functions needs certain tokens
... then property struct needs that information
... needs to contain that information

Zoltan: why can't we just pass this data as regular data
... does the runtime need to know?

daniel: in the initialization phase?

zoltan: well, in the case of tokens, I would like to ask Elena if tokens can just be managed as regular objects

Elena: need to get information that action needs token into TD
... has to be some way for API to embed that information

Zoltan: I define an exposed thing, I define an action, I define some parameters

<inserted> scribenick: kaz

McCool: would suggest we don't cancel the call next call...

Zoltan: or I can leave here today for some more time

Elena: need to leave now...

Zoltan: good to have larger people
... better to expose the discussion
... would add some more text
... if you see any more issues, please create additional issues

Elena: can't join the call next week

McCool: we can continue the discussion in 2 weeks
... btw, Zoltan, do you want to review the TD draft from security viewpoint?
... can ask Barry as well

Zoltan: by when?

McCool: once the TD draft is ready

Zoltan: can read the draft anyway

[adjourned]

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/02/12 15:08:48 $