<kaz> scribenick: Soumya
<McCool> https://www.w3.org/2018/03/19-wot-sec-minutes.html
mccool: talks about prev
minutes
... shows the agenda
... accepts the minutes, no objections heard, minutes
accepted.
mccool: note - tomorrow is the
final deadline for NDSS paper
... already uploaded, 24 hour for any last min changes
<McCool> https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-diss-008.pdf
mccool: overview of changes
... identify for things, brought up the issue in the paper,
potential issues for privacy
... asks the participants to review
... discusses new additions to the wot-sec paper in NDSS
workshops
... discussion on tokens for RBAC
<Zakim> kaz, you wanted to wonder about the URLs for WoT drafts
<kaz> ACTION: kaz to provide updated/correct URLs for the WoT drafts
mccool: next topic is two
PRs
... we have choice in order of acceptance
... quickly review the changes in security metadata
... merge as it
elena: main doc will have lifecycle drawing from Matthias
mccool: someone may have committed directly in master branch on lifecycle
<kaz> pullrequest 88
mccool: need a common master,
changes can be done later
... simple changes related to JSON LD 1.1
... discussing PR 88
koster, mccool: discussion on authentication and authorization
koster: kerboros and openAPI
follow diff things, have to be careful
... authorization is the correct term, when authentication
comes - things might get complicated
mccool: shows the changes in TD example regarding security metadata
mccool: token - highlight bearer
or pop
... added that in metadata
... thinking about profile for admin, security
configuration
... diff config for diff protocols
... not sure how to deal with that and scopes in case of
oauth
... could give scope and lookup scope from a listing
... might be complicated
elena: still can implement this, might not need it yet, not do anything about it yet
mccool: syntax change to be
addressed first
... then consider roles (if we need)
elena: not sure how to define
roles
... what types of roles make sense
mccool: current example not ready
for merging
... should be inline with new TD, need some cleaning
... would like to merge the other PR
... showing PR 87
... any objection from anyone?
none heard
mccool: merges it
... other PR is going on working branch
<kaz> pullrequest 87
mccool: asks about any additional topic for 'what next?'
barry gives IETF WG names TEEP, SUIT
mccool: going into
lifecycle
... matthias is creating a general version of lifecycle?
elena: yes, adapt to that
... it was agreed in last f2f
mccool: discuss more on next
IG/WG call
... testing and validation
... created some notes on this
... asks barry to walk us through the ietf wgs
... request a security review from w3c sec group
kaz points out that it is an IG
mccool: need external security
review but not yet there
... need a version ready to review
... need to start planning for next plugfest
... asks barry about IETF WGs
barry: can write and post in the
MLs
... teep is aimed at the idea that execution env in a device is
divided into trusted and untrusted env. driven by ARM and
Intel
... SUIT - keep software updated for IoT
... relationship b/w is - proposed in the same time and have
some overlaps
mccool: capture some writeup in a md file
barry: agrees
mccool: goes to testing and
validation
... shows a github page for this
... penetration testing ...
... pick a suite that makes sense there
... sec review to be included
elena: wot certified test suite?
mccool: markup (must, should,
may) and test suites
... go through normative specs, mark (must, should, may)
... testing ontologies (out of scope)
<McCool> initial testing content
mccool: asks for review
... discuss more on wednesday
mccool: initial content for
industrial infrastructure
... shows an issue
<kaz> issue 21
mccool: try to capture requirements in an industrial use case
mccool, elena discusses if industrial a strict superset of enterprise
koster asks the definition of industrial or enterprise
mccool: looks at issue tracker
elena: complete some pending tasks
mccool: suggests creating a
PR
... next time - retire some issues
<kaz> e.g., issue 65
mccool: AOB?
meeting adjourned ...