WoT Security

01 Oct 2018


Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Tomoaki_Mizushima


Issue 118: Signing and encrypting body of actual responses of interaction pattern endpoints

issue 118

McCool: (adds comments on the GH issue)

McCool's comment

McCool's 2nd comment

Update from online plugfest

McCool: hard work on setting for gateway and VPN
... fair number of people started to work on security
... e.g., Panasonic working on bearer token
... all the stuff for the online plugfest should be kept for the plugfest in Lyon
... would see node-wot for CoAP, etc.
... still some ambiguity with OAuth setting
... we have digest, bearer and basic, for authentication
... so made progress for security
... had a couple of services for security
... authentication on the proxy side, etc.
... Matthias is also working
... smart home demo for OCF
... hoping the resources are updated
... fortunately succeeded to fork it
... kind of struggling
... in particular about OCF testing
... no open-source implementation which generates OCF credentials
... some issue with Directory service as well
... a lot work to do for TPAC

Elena: do we have a scenario for demonstration?

McCool: PlugFest planning call after the main call
... Lagally, etc., are interested in developing demo scenarios
... different set of effort for demo and testing
... personally think that we should get good application scenarios
... hoping we make steady progress
... good scenario in Lyon
... also dev meetup on Monday
... (checks the schedule during the TPAC week)

Kaz: we need to fix the joint meetings with the other groups (during the WoT Chairs call)

Some discussion on TPAC schedule

McCool: (adds information about "Conflicts and Time constraints" to the f2f wiki)
... (also put possible topics)

Publication plan

McCool: made a PR for TD
... drafted security section

TD PR 207

McCool: what would be the normative content for TD security?
... need to go back again
... would like to finalize this next week
... also need to see what the normative assertions would be
... and then
... we have the best practices document
... to give suggestions
... and then
... security testing plan

testing plan

McCool: much to do before TPAC
... need to read Scripting API as well
... is the draft reasonably stable?

Kaz: think so
... Daniel volunteered to start new work on Typescript
... but that will be done using a separate branch

McCool: testability and requirements
... to see if implementations are WoT compliant
... we should figure out what kind of statements would make sense
... maybe for a homework
... if you could look at the Scripting API draft
... and see what should be normative assertions
... that would be helpful

Elena: ok
... btw, what is the expected level?

McCool: we should continue the discussion during TPAC as well
... do a brain dump first and have discussion
... we should put down whatever in our mind first
... we need to put things on the table

Elena: will people from TD, Scripting, etc., also available on Monday/Tuesday?

McCool: let's continue to discuss the scheduling

Previous minutes

McCool: we don't have enough people today


Summary of Action Items

See the Action wiki.

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2018/10/10 07:09:24 $