WoT Security

15 Oct 2018


Michael_McCool, Elena_Reshetova, Michael_Lagally, Ryo_Kajiwara, Tomoaki_Mizushima, Kaz_Ashimura, Zoltan_Kis


<scribe> scribenick: zolkis

Review of minutes from last meeting

<McCool> minutes from Oct 8 have been approved

<McCool> https://www.w3.org/2018/10/08-wot-sec-minutes.html

Status of W3C Note publication

McCool: any updates on the Notes?

Kaz: not yet

McCool: people see a very old version, so it would be nice to publish

TPAC and PlugFest planning

McCool: TPAC Monday, DAS meeting the whole day - figuring out which topics are interesting there
... on Tuesday there are less relevant topics
... anyway Monday morning is the best to have the Security meeting
... the place needs to be figured out
... by default the lobby of Marriott
... discussing other conflict on Thursday afternoon
... discussing Friday agenda on Security: 45 mins to present the output of the Monday meeting
... should discuss the TD and Scripting API Security sections
... should get decision about accepting them

Elena: for Scripting it is already merged

McCool: discussing Testing topics

Zoltan: can we make reproduceable examples for correct Security setups

McCool: yes it is in the works, started with the proxy work - will be discussed under Testing

Elena: what is the Developer Meetup on Monday evening?

McCool: it is a networking event organized by the Univ. of Lyon, pretty informal
... discussing Friday agenda for Best Practices

MMC has updated the F2F wiki

Best Practices document

Elena: one week left, for Best Practices and Testing; what are the priorities

McCool: the former has priority
... security for Thing Directory should be discussed

Elena: how do we want to describe secure transport

McCool: we should only describe how to use the protocols, not focusing about their vulnerabilities
... (referring to HTTPS, CoAPS, MQTTS)

Elena: so no examples required at the moment, just summaries

McCool: the purpose is to limit testing to certain known combinations
... we test best practices mainly
... we care not about the authentication servers, but the bearer tokens
... we test network interfaces, not really scripts

Elena: status of object security for CoAP?
... expired this year?

McCool: need to figure out; end to end security is most interesting in regards to CoAP/HTTP setups
... we should focus on CoAP
... test plan should focus on known sets
... we should focus on the essentials, perhaps one security setup for each protocol

Elena: will use the week to figure this out

McCool: use the Test Plan document as well
... meeting adjourned

Summary of Action Items

See the Action wiki.

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/10/16 18:08:20 $