<kaz> scribenick: mjkoster
(McCool goes through the draft agenda for today)
<kaz> minutes from last meeting
McCool: last minute change to the
term "none" to "nosec"
... any corrections to the minutes?
... minutes accepted
... please carry the action items to the next agenda
<McCool> https://github.com/mmccool/w3c-permissions-2018
Ryo: focus on user permission of access control and how users decide which data to share
McCool: should mention how this
aligns with the WoT approach of access metadata
... could edit online
<McCool> https://github.com/mmccool/w3c-permissions-2018/blob/sec-edit/README.md
McCool: looks ready to merge
<inserted> PR 108
Elena: PR #108
... review and walk-through the PR
... this is a basic description of scenarios, does anyone have
feedback or comments
McCool: building tenants and
employees may come and go, requiring management of access
rights to users
... when a tenant leaves there is a privacy issue where data
must not be retained
... for example, there may need to be temporary access granted
to an employee for the thermostat in a room while the employee
is in the room
... ideally there should be some access control that doesn't
require use of the device
Elena: threat model characterization
McCool: should emphasize that this is an office environment
Elena: it includes company information as a protected asset
McCool: also access to the premises
Elena: scenario3 is industrial,
focus on safety and availability, privacy is less
important
... another assumption is access would be protected by
partitioning networks
McCool: for example access from
the IT network to the OT network to collect statistics
... but need to make it difficult to access the OT network by
compromising the IT network
... also has the requirement to manage employee access in a
dynamic way
... e.g. when employees transition in and out of the
company
... does anyone else have comments, would anyone else be
willing to review?
... which issues can we close?
Elena: 20 and 21
<kaz> issue 20
<kaz> issue 21
McCool: review other issues
<kaz> issue 44
<kaz> issue 48
<kaz> issue 106
scribenick: kaz
McCool: this is out of the scope for standardization?
Koster: right
McCool: updates the issue and closes it
<inserted> issue 70
Elena: what is the hardware identifier discussed in issue 70?
McCool: there should be a short
paragraph about immutability
... need to create a PR to use appropriate terminology
scribenick: mjkoster
<kaz> TD draft - 5.2.1 Thing
McCool: this has to do with the
identifier of the TD
... create a PR to clarify the immutability of the "id" property in Thing Description
<kaz> ACTION: mccool to create a PR to clarify the immutability of the "id" property in Thing Description
McCool: mccool to edit the W3C permissions document
<kaz> ACTION: mccool to edit the W3C permissions document
McCool: creating a PR for CoAP
DTLS scheme
... any input on what is needed
<scribe> ACTION: mccool to create 2 additional schemes for CoAP DTLS
McCool: also need to discuss MQTT security scheme
[adjourn]