McCool: testing vs plugfest?
... doodle for both
... maybe we can use the editor's call slot for this
week?
... and doodle for the next week
... this week plugfest slot for testing discussion
... and next week for plugfest as well based on the doodle
results
McCool: btw, any addition to the
agenda?
... plugfest on Oct 20-21
... TPAC on Oct 22-26
McCool: should be added to the WoT wiki as well
Elena: Lyon should be fine
Kaz: the f2f meeting will be held on Oct 25-26
McCool: skimming the minutes
... ok with this
... any objections?
(none)
McCool: accept Apr 30 minutes
... next one, May 7
... a couple of PRs
... any comments/corrections?
(none)
McCool: accepted - May 7
minutes
... next May 14
... privacy considerations
... this week as well
... no actions captured
Kaz: can copy the remaining ones here
McCool: privacy section still pending
[[
<scribe> ACTION: [ONGOING] elena to work on issue 68 (Thing Provider Data Specification) and issue 69 (Passive Observers Risk)
<scribe> ACTION: [ONGOING] elena/koster to work on terminology
<scribe> ACTION: [ONGOING] mccool to work on issue 70 (Require Not Exposing Immutable Hardware Identifiers?)
<scribe> ACTION: [ONGOING] mccool to talk with security guys about testing/validation timeline
<scribe> ACTION: [ONGOING] mccool to work on tunneling/shadow for the security metadata proposal
<scribe> ACTION: [ONGOING] mccool to work on PR 90
<scribe> ACTION: [ONGOING] zkis to create scripting issue for TD life cycle in scripting api
<scribe> ACTION: [ONGOING] mjkoster/elena to review examples in the security spec
]]
Kaz: which action items are done?
McCool: ongoing last week and we can
close then this week
... let's copy them asis and talk about the status today
Kaz: ok
McCool: except that, the minutes are accepted - May 14
McCool: would close #92 first
McCool: added a diagram
... and caching algorithm
Elena: cache combined with security
McCool: could address it
... question of how to interpret it
Elena: encryption
... good to mention both encryption and authentication
McCool: encryption, authentication
and integrity of confidentiality?
... (goes to his repo)
... referring to a new figure with caching proxy
... have to check if the link is ok
Elena: problem with another link too
McCool: (fixed the links)
Elena: need clarification to [[The cache can either be combined with the security endpoint proxy or can be instantiated as a separate service or "middleware layer".]]
McCool: (add explanation)
... will remove "middleware layer"
... (add comment about the changes)
... let's accept the PR now
... we can add fixes later
... next thing to do is...
... PR 94
Elena: don't see mitigation yet
McCool: why don't we add some text
for mitigation then?
... (create an issue)
... add mitigations to privacy section
... we can discuss mitigation separately
... to follow up on PR 94
... (as issue #99)
Elena: link to my repo?
McCool: possibly a separate
subsection for mitigation
... now any objections to accept PR 94?
(none)
McCool: will merge it then
... (add a note)
... privacy threats now listed
... next PR 95
... (shows "working" branch)
McCool: Elena, did you merge the change with the working branch?
Elena: yes
McCool: any objections to merge PR 95?
(none)
McCool: will merge this
... (and merged PR #95)
... (and then check the master branch)
McCool: would more things to happen
for the next plugfest
... some issues with security metadata
... and created GH issues for them
... security and privacy sections
... (add items to the Bundang f2f wiki)
McCool: Review security
metadata
... security testing/validation plan
... plugfest security recap
... anything else we should add?
(none at the moment)
McCool: regarding plugfest...
... Michael, is it ok if I add something like this...
... goal, objection, etc.
Koster: this is high-level
description
... so would make sense
McCool: (adds topics)
... testing
... security implementations and interop testing
Koster: application scenarios
... proxy configurations
McCool: (adds them)
... 5 items should suffice at the moment
... and then
... (goes back to "Plenary and Breakouts")
... (and add some points to "WoT Testing")
... let's go back to issue reviews
McCool: issue 98 on form-based authentication schemes on digest authentication
https://github.com/w3c/wot-security/issues/96
McCool: issue 98
https://github.com/w3c/wot-security/issues/98
McCool: issue 97 on TLS-SRP authentication scheme/
https://github.com/w3c/wot-security/issues/97
McCool: issue 93 on Thing end of life signaling
https://github.com/w3c/wot-security/issues/93
McCool: security implication
change?
... broader issue on accessing security metadata in TD?
... (shows section 5.1.1 of wot security draft)
5.1.1 Secure Delivery and Storage of Thing Description
McCool: (create an issue on "Discuss Security Implications of TD Change and Deletion Notification" as Issue 100)
Koster: makes sense
McCool: (adds link to issue #114 of
wot-scripting-api)
... this issue supersedes original issue 93
... (and add "superseded by issue 100" to issue 93)
... now we have more general issue
... another issue for today
... issue 83
... would close this
https://github.com/w3c/wot-security/issues/83
McCool: any comments?
(none)
McCool: (and closed issue 83)
... next issue 78
https://github.com/w3c/wot-security/issues/78
McCool: does WoT use cookies?
... think yes
... (add notes)
Koster: share them between clients?
McCool: could be a token or actual data
Koster: use them for session keys?
McCool: related to the issue
#98
... would close issue 78
Koster: ok
McCool: please give comments to the other issues
[adjourned]