McCool: still travelling for
IIC
... Taki and Matsuda-san are also here
... still have problem with the WoT Chairs call time
... need to reschedule that
McCool: list of topics to do
[[
Security section of Arch and Scripting document
TD Implementation Report
Security Best Practices document
Document reviews
Testing experience
Security section of Scripting API
]]
McCool: one issue of the length
... text within the architecture should be more abstract
... kind of resolution to be recorded
... mccool to write up an introduction section
... rationale for architecture and scripting
... architecture is higher priority
... 2nd thing is doing sample implementations
... Intel has 3 implementations
... before TD's CR transition
... open documents like BP but not higher priority than the
above #1/#2
... regarding external reviews
... need to contact W3C security group for review
... what would be the procedure?
Kaz: we can simply ask them for
horizontal reviews
... not only security but usually accessibility as well
Kaz: the current co-Chairs of the Web Security WG are
... Daniel Veditz, Mozilla Foundation
... Mike West, Google, Inc.
McCool: ok
... will reach out them
... ans would ask Elena to talk with Terri Oda from Intel
Elena: what would be our focus?
McCool: W3C security group should
focus on the deliverable
... so probably we should clean up the deliverable document
first
Elena: should I ask Terri to take a look on the notes?
McCool: focus on REC documents (Arch,
TD)
... for Valerie and security wg
... focus on security and privacy note, testing and best
practices for Terri
... scripting if it's ready and if time
... s/Arch, TD/TD then Arch/
... bunch of stuff done here
... (visits "Actions" section)
McCool: this is done (Elena is
updating security&privacy consideration for
Scripting)
... adds some more actions
... McCool to talk W3C Web Security IG about formal security
validation
Kaz: note it seems the IG has
been closed
... though the Web Application Security WG is still active
McCool: ok
... in that case, please talk with Wendy about how to
proceed
Kaz: ok
McCool: we have bunch of stuff about
"at-risk" features for TD
... we have volunteers to work on them
... Siemens working on node-wot
... I myself will also work on that
... also would ask Hitachi about their implementation
... regarding Security Best Practices document
... much stuff within the security/privacy note
... thinking about the outline
... 10-min discussion next week
... make a list of best practices
... need to flesh out the background, etc.
... next
... testing experience
... including penetration testing
... I can give you access permission for that purpose,
Elena
... we have 3 implementations already
... need to showcase and describe the results
... however, busy this week
... would like to do this within one month
Elena: will get a vacation from 18th evening
McCool: should aim March then?
... 2nd week of March
... next security call on 18th
... let's talk about the Chairs call on the ML
[adjourned]