<kaz> https://www.w3.org/2018/11/19-wot-sec-minutes.html
<kaz> https://www.w3.org/2018/11/26-wot-sec-minutes.html
<zolkis> scribenick zolkis
McCool: reviewing past minutes
... discussing testfest from Dec 10.
... security testing should be discussed
... any comments on the past minutes?
past minutes approved
McCool: discussing past minutes from
Nov. 19
... approved
Kaz: still pending; some checker
issues still
... but will publish today
McCool: for each publication we need separate repo?
Kaz: yes (Echidna policy)
... separate documents such as Best practices will need a
separate repo, not only separate directory
... different versions of the same document are in separate
directories
McCool: short update on TD
implementation report
... added security section
<McCool> https://github.com/mmccool/wot-thing-description/tree/updated-test-results/testing
<McCool> https://github.com/w3c/wot-thing-description/pull/314
McCool: new documents are Security
Best Practices and Security Test Plan
... the question is how to publish them as Notes
Kaz: group Notes would be nice
McCool: considering to have them as IG Notes, not WG Notes
Kaz: not big difference between a WG Note and an IG Note. (the question is rather that the current WG Charter mentions the security testing instead of the current IG Charter.)
McCool: if WG charter not renewed,
the IG would still host it
... would like to maintain the documents for a longer
term
... other opinions?
... we will need separate repositories anyway; we can decide
later
https://github.com/w3c/wot-architecture/pull/63
ER: walking through the PR (is
part of the Scripting PR)
... someone needs to check it against the terms used in WoT
Architecture doc
McCool: added reference to Security doc; perhaps update the date
Zoltan: what about removing the date, it's the latest anyway
McCool: also check the reference in
the other docs: TD and Scripting
... checking references of
Security doc in the other specs
<kaz> scribenick: kaz
McCool: will check the TD document and fix it
Elena: will fix the Scripting API document
McCool: will fix both the references to the wot-security and wot-bestpractices from the TD draft
McCool: will poke Matthias during the Chairs call
Zoltan: also made some comments
McCool: will poke Matthias and
Matsukura-san
... and Kajimoto-san
Kaz: Matsukura-san and
Kawaguchi-san had started to work on this
... so they also should add their names to the Editors list
Elena: wondering what to do for the next week given there will be the TestFest
McCool: people will have
implementations to be tested
... testfest for arbitrary testing
... we'll gain experience for our actual testfest in
January
Elena: VPN setting would take long...
McCool: trying to back up my previous
setting
... can give you access to my repo
... would like to improve the setup so that you can use it
easier
... another option might be "node-wot"
... you can go to
eclipse/thingweb.node-wot/examples/scripts
... it's open source and you can copy them
... would suggest you use a Linux systm with Python, etc.
... we can discuss the setting on Wednesday
Elena: I have a Linux machine :)
McCool: we still have 26 remaining issues...
McCool: adds comments
... on the idea of publishing the Security Best Practices
document as a group Note
McCool: helpful to have some use
cases when we need to modify the default CORS behavor.
... updates the "Actions" section on the WoT wiki
... 1. update references to WoT Security and Privacy
Considerations (McCool for TD; Elena for Architecture; Zoltan
for Scripting)
... 2. decide whether or not to publish the best practices and
security testing as Notes (McCool to ask group and Chairs)
[adjourned]
See the Action wiki.