W3C

- DRAFT -

WoT Security

26 Nov 2018

Attendees

Present
Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
kaz, McCool

Contents

<inserted> scribenick: kaz

Prev minutes

<McCool> https://www.w3.org/2018/11/19-wot-sec-minutes.html

McCool: skip it and will review the previous minutes next week

Publication status

Kaz: will handle it right after the scripting api
... hopefully this week

Testing criteria

<McCool> https://github.com/w3c/wot/blob/master/testing/criteria.md

<McCool> Note point 4 under "charter requirements"

<McCool> (Under "Other Deliverables") WoT Test Cases: This document is part of the W3C CR process test suite and defines test cases corresponding to technical issues addressed by the WG. They also help to evaluate the interoperability among the test suite implementations as well as external implementations, e.g., open source projects.

McCool: the WG Charter mentions the above

<McCool> and point 1

<McCool> In order to enhance the security of WoT systems, we will also generate and implement a security testing plan which will include both functional and adversarial testing of the proposed standards and their implementations. We will only recommend an implementation of the proposed standards for use in production once it has passed such testing.

<inserted> scribenick: McCool

McCool: functional security testing will be included in normal testing of other assertions
... but we need adversarial testing plan
... do we want a separate document for security testing?

Kaz: separate document for security testing would be better

https://github.com/w3c/wot-security/issues/122

Security issues

scribenick: kaz

<kaz> wot-security issues

<kaz> issue 61

McCool: added a comment to check with Wendy

<kaz> issue 50

McCool: closed

<kaz> issue 23

McCool: added a comment
... could be where we satisfy the need for a security testing plan

scribenick: McCool

McCool: in particular, perhaps the right place for the "security testing plan" (to satisfy the charter) is in a validation section of the security and privacy considerations document

scribenick: kaz

McCool: need to talk with Elena about 21 and 20

TestFest doodle?

McCool: maybe we could replace all the WoT calls with TestFest

Kaz: we can include Tuesday again. right?

McCool: right

Kaz: shall I create a doodle for that now?

McCool: maybe we can wait until Wednesday and ask people

Kaz: ok

McCool: we could have a specific version of TD as the basis of the tests in December
... but the final version to be generated by the end of Jan

[adjourned]

Summary of Action Items

See the Action wiki.

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2018/11/26 22:48:54 $