<scribe> scribenick: kaz
McCool: found 3 people for external
reviews
... victoria fenwick from Intel
... willing to review
... and
... IoT security Chair
... good to understand what kind of template/process for
security reviews
Kaz: don't think usually W3C
groups require any specific template/procedure for review
... Chairs can simply ask them by email
McCool: Taki and Matsuda-san were at
IIC
... OpenFog related to edge computing
... need to write up something to make presentation
... also would like to be consistent with IoT vocabulary
standards
... updated the document to be consistent with ITU
standards
McCool: will check emails but I
myself don't have enough bandwidth to attend
... we should announce it to the whole group to see people's
interest
McCool: made a PR
... vulnerability issues
Elena: people should understand the point
McCool: we can merge this PR itself
but we need to see the consistency in general
... being consistent is important
related wot-security issue 124
McCool: no objections to merge the
PR
... and merges it
<zolkis> https://github.com/w3c/wot-scripting-api/pull/160
McCool: need to do another
review
... some confusion with what "runtime" is
... runtime security discussion within scripting
... specifically, scripting runtime
... need to brick into pieces
... security considerations for protocol binding to be included
in the binding note, etc.
Zoltan: container content to be
included in the architecture document
... scripting-specific content to be included in the scripting
document
McCool: issue on the level of
details
... kind of want to modularize the things
Zoltan: the approach is
understandable
... but need runtime description and api definition?
... basic HTTP words from client
... what the network interface is like, etc.
McCool: very common pattern there
Elena: don't think we have time to create another new document
McCool: we should do is summarizing
main points in the architecture document
... right now too much content for the architecture
document
Zoltan: would merge this PR 160
itself
... and then think about terminology separately
McCool: goes through the issues on wot-architecture repo
McCool: let me create another issue
here
... "Refine Terminology for WoT Runtime"
<McCool> https://github.com/w3c/wot-architecture/issues/83
McCool: we need more time for
review
... it's too long for the architecture document
Elena: we had some PR about that, didn't we?
McCool: need to check
Zoltan: have added a link from
scripting PR 160 to architecture issue 83
... and merged PR 160
McCool: will create a PR for
architecture about security
... when will be the next architecture call?
Kaz: Wednesday, Feb. 20
McCool: have overlap for that
call...
... will work on GitHub anyway
McCool: still need to work on the
best practices doc
... will look into IIC security document as well
... we need to see what should be included in the best
practices document
<McCool> https://w3c.github.io/wot-security-best-practices/
McCool: "4. Thing Directories"
... still to-be-added topics here
... we should include proxies
... protected authentication
... don't make it naked on Web servers
Elena: can work with some of the
sections
... after coming back from vacation
McCool: don't worry. can work on
that
... pretty short section
... cleaning up the "4. Thing Directories"
... and add content on proxies?
... and update "5. Object Security"
... would create a PR and then have review by the security tf
later
Elena: sounds good
McCool: any other business?
... we've not discussed penetration testing yet
... planning to have some test with my implementations
... to demonstrate concrete plan
... abstract plan framework
... and then concrete plan
... any information about browser testing?
Kaz: maybe something on the Web Platform Testing site
McCool: ok
... that's just a heads-up
[adjourned]