<scribe> scribenick: zolkis
<McCool> minutes from Oct 8 have been approved
<McCool> https://www.w3.org/2018/10/08-wot-sec-minutes.html
McCool: any updates on the Notes?
Kaz: not yet
McCool: people see a very old version, so it would be nice to publish
McCool: TPAC Monday, DAS meeting the
whole day - figuring out which topics are interesting there
... on Tuesday there are less relevant topics
... anyway Monday morning is the best to have the Security
meeting
... the place needs to be figured out
... by default the lobby of Marriott
... discussing other conflict on Thursday afternoon
... discussing Friday agenda on Security: 45 mins to present the
output of the Monday meeting
... should discuss the TD and Scripting API Security sections
... should get decision about accepting them
Elena: for Scripting it is already merged
McCool: discussing Testing topics
Zoltan: can we make reproduceable examples for correct Security setups
McCool: yes it is in the works, started with the proxy work - will be discussed under Testing
Elena: what is the Developer Meetup on Monday evening?
McCool: it is a networking event
organized by the Univ. of Lyon, pretty informal
... discussing Friday agenda for Best Practices
MMC has updated the F2F wiki
Elena: one week left, for Best Practices and Testing; what are the priorities
McCool: the former has priority
... security for Thing Directory should be discussed
Elena: how do we want to describe secure transport
McCool: we should only describe how to
use the protocols, not focusing about their vulnerabilities
... (referring to HTTPS, CoAPS, MQTTS)
Elena: so no examples required at the moment, just summaries
McCool: the purpose is to limit testing
to certain known combinations
... we test best practices mainly
... we care not about the authentication servers, but the bearer
tokens
... we test network interfaces, not really scripts
Elena: status of object security for
CoAP?
... expired this year?
McCool: need to figure out; end to end
security is most interesting in regards to CoAP/HTTP setups
... we should focus on CoAP
... test plan should focus on known sets
... we should focus on the essentials, perhaps one security setup
for each protocol
Elena: will use the week to figure this out
McCool: use the Test Plan document as
well
... meeting adjourned
See the Action wiki.