<kaz> scribenick: zolkis
Kaz: after publication of
Scripting API will deal with the Security Note
... question about (sub)directory structure on how to arrange
versions
McCool: send an email, will check
Kaz: the Changes section needs updating, include link to the auto-generated diff
<inserted> Kaz's message on publication preparation
McCool: will check
https://github.com/w3c/wot-scripting-api/pull/155/files
Zoltan: Runtime would need a separate Note because it has network facing API and also an optional Scripting runtime
McCool: it should contain
Scripting related stuff
... management API is out of scope for Scripting
... provisioning is also out of scope
... we consider Scripting in secure operational state
Elena: about half of the
recommendations are generic Runtime stuff
... Scripting is optional so the generic Runtime considerations
maybe should be elsewhere
... maybe the Architecture document
McCool: let's keep it with a changed context: scripting runtime considerations, not generic runtime considerations
Zoltan: there should be place also for the generic Runtime considerations, including how to get to the secure operational state
Elena: could return to separate runtime vs scripting runtime threats
McCool: maybe we partition it so that runtime is separate so that we could remove it
Elena: should we discuss with the group
McCool: let's re-structure this PR in two parts: generic and scripting specific security considerations, and later move out the generic part elsewhere
Zoltan: fine with that
... argues for the need of making a Runtime Note including how
to set up WoT (secure operating environment) including
provisioning
McCool: let's finish this PR now
and deal with this later. Let's discuss in the main call. Could
add an Editor's Note about this
... added it as a topic for the main call
<McCool> https://github.com/w3c/wot-scripting-api/pull/155
<kaz> previous minutes
McCool walks through security related TD PR's
scribe: linked from the last minutes
McCool: any change suggestions
for the past minutes?
... no: accept it
McCool walking through the action points
<kaz> Security Actions
in the WoT wiki, on the IG Security WebConf page
McCool updating the Actions section
scribe: created the PR for
security definitions, not done yet
... it was merged as work in progress, so needs updating
... the technical problem was that security definitions are
objects but one cannot use security schemes inside those;
wanted to allow both names and security definitions, but was
not sure how ontology allowed that
McCool: asks for suggestions how to get around the problem above
no other issues to bring up
<kaz> issue 98
URI templates
McCool: don't think we can put
URI templates in security definitions
... any comments about the issue?
... no, the issue stays closed
this was PR'd into TD spec, so closing it
<kaz> issue 120
McCool: creating a new issue to track the remaining problem
<scribe> closed it with a comment
has been merged in TD spec
closing
McCool: some of this has been
done and merged in the TD spec
... looks like sufficient to close the issue
has been addressed, so closing it
closing
closing
closing because the one raising it has not commented, and the issue has been addressed
<scribe> closed
will create new issue for the next plugfest
has been addressed in the TD spec, closing
McCool: continued working on
Testing and Validation
... particularly penetration testing
... maybe next week will write a draft and then discuss it
during the next call
see PR 290 on TD spec
https://github.com/w3c/wot-thing-description/pull/290
McCool: closed the meeting
Elena: will prepare the Runtime issue for discussion on the main call this week
McCool: meeting adjourned
See the Action wiki.