WoT Security

19 Nov 2018


Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Yosuke_Nakamura, Tomoaki_Mizushima, Zoltan_Kis


<kaz> scribenick: zolkis

Publication status

Kaz: after publication of Scripting API will deal with the Security Note
... question about (sub)directory structure on how to arrange versions

McCool: send an email, will check

Kaz: the Changes section needs updating, include link to the auto-generated diff

<inserted> Kaz's message on publication preparation

McCool: will check

PR #155 for Scripting API


Zoltan: Runtime would need a separate Note because it has network facing API and also an optional Scripting runtime

McCool: it should contain Scripting related stuff
... management API is out of scope for Scripting
... provisioning is also out of scope
... we consider Scripting in secure operational state

Elena: about half of the recommendations are generic Runtime stuff
... Scripting is optional so the generic Runtime considerations maybe should be elsewhere
... maybe the Architecture document

McCool: let's keep it with a changed context: scripting runtime considerations, not generic runtime considerations

Zoltan: there should be place also for the generic Runtime considerations, including how to get to the secure operational state

Elena: could return to separate runtime vs scripting runtime threats

McCool: maybe we partition it so that runtime is separate so that we could remove it

Elena: should we discuss with the group

McCool: let's re-structure this PR in two parts: generic and scripting specific security considerations, and later move out the generic part elsewhere

Zoltan: fine with that
... argues for the need of making a Runtime Note including how to set up WoT (secure operating environment) including provisioning

McCool: let's finish this PR now and deal with this later. Let's discuss in the main call. Could add an Editor's Note about this
... added it as a topic for the main call


past minutes

<McCool> https://github.com/w3c/wot-scripting-api/pull/155

<kaz> previous minutes

McCool walks through security related TD PR's

scribe: linked from the last minutes

McCool: any change suggestions for the past minutes?
... no: accept it


McCool walking through the action points

<kaz> Security Actions

in the WoT wiki, on the IG Security WebConf page

McCool updating the Actions section

scribe: created the PR for security definitions, not done yet
... it was merged as work in progress, so needs updating
... the technical problem was that security definitions are objects but one cannot use security schemes inside those; wanted to allow both names and security definitions, but was not sure how ontology allowed that

McCool: asks for suggestions how to get around the problem above

no other issues to bring up

issue #98 (closed)

<kaz> issue 98

URI templates

McCool: don't think we can put URI templates in security definitions
... any comments about the issue?
... no, the issue stays closed

issue #120

this was PR'd into TD spec, so closing it

<kaz> issue 120

McCool: creating a new issue to track the remaining problem

new issue 122


<scribe> closed it with a comment


has been merged in TD spec



McCool: some of this has been done and merged in the TD spec
... looks like sufficient to close the issue


has been addressed, so closing it







closing because the one raising it has not commented, and the issue has been addressed


<scribe> closed

will create new issue for the next plugfest


has been addressed in the TD spec, closing

McCool: continued working on Testing and Validation
... particularly penetration testing
... maybe next week will write a draft and then discuss it during the next call

see PR 290 on TD spec


McCool: closed the meeting

Elena: will prepare the Runtime issue for discussion on the main call this week

McCool: meeting adjourned

Summary of Action Items

See the Action wiki.

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2018/12/06 02:10:58 $