<scribe> scribenick: kaz
McCool: minutes review later
McCool: the security self-review
questionnaire has been updated
... threat model, etc.
... not looked into the details. can discuss it next time
McCool: currently aiming the CR
transition on Friday this week
... will get back to reviewers inside Intel
... regarding non-normative sections, we have some more
time
... would ask IIC for review as well
... more or less the TAG is reviewing security portions
... this updated security questionnaire look more complete than
the old one
https://www.w3.org/2019/01/14-wot-sec-minutes.html
https://www.w3.org/2019/02/11-wot-sec-minutes.html
https://www.w3.org/2019/02/18-wot-sec-minutes.html
https://www.w3.org/2019/02/25-wot-sec-minutes.html
https://www.w3.org/2019/03/04-wot-sec-minutes.html
https://www.w3.org/2019/03/18-wot-sec-minutes.html
https://www.w3.org/2019/03/25-wot-sec-minutes.html
https://www.w3.org/2019/04/01-wot-sec-minutes.html
McCool: starting with Jan 14
... (going through the minutes)
... penetration security plan, etc.
... a typo there
... ah, privilege preferred but priviledge is ok
Kaz: can fix it
McCool: other than that, we accept
the minutes
... next Feb. 11
... (going through the minutes)
... don't see any problems and would accept this
... any objections?
(none)
McCool: accepted
... next Feb. 18
Kaz: chairs name is missing, will add it
<McCool> victoria fenwick
McCool: Victoria's correct name above
Kaz: will fix it
McCool: move to accept it?
(no objections)
McCool: accepted
... next, Feb. 25
... Chair's name?
Kaz: will fix it
<McCool> Ben Schecker should be Sven Schrecker
Kaz: also Victoria's name again
McCool: and Blanca's name?
Elena: should be ok
McCool: and another person
... let me check
<McCool> also Pulido, Rodrigo
McCool: and accepted
... next, Mar. 4
... this is correct
... Blanca and Rodrigo are doing test
... another person working on review?
<McCool> change her contacts, say "Terri Oda"
Kaz: will do
McCool: other than that, we accept the minutes
(no objections)
McCool next, Mar. 18
<McCool> change "BPs" to "Best Practices"
McCool: happy with this other than
that
... no objections, so accept this
... next, Mar. 25
... don't see anything to change
... move to accept
... next, Apr. 1
... chair should be myself
Kaz: will fix it
McCool: other than that would move and accept
McCool: need a document
... will run the system again
... the earliest would be next week
... reasonable to do penetration test next month?
Elena: want to ping them
McCool: ok, let me set up the system
first
... need to do security description as well
... update various things for TD again
... let me do my part
... and then look it back next Monday
Elena: after that I can talk with my
team guys again
... note that I'll be travelling mid May
McCool: we can start to ask people
before that and see the result after you're available?
... let me do my homework first
McCool: checks the actions
... wide review?
Kaz: we're already asking the TAG
for review
... will send a concrete review request to a11y and i18n
McCool: what about Web Application
Security WG?
... can send a message to the Chairs
Kaz: you can mention that we're already getting the TAG review
<McCool> closed https://github.com/w3c/wot-security/pull/37
comment added to https://github.com/w3c/wot-security/issues/123
deferred https://github.com/w3c/wot-security/issues/122
support for CORS https://github.com/w3c/wot-security/issues/121
McCool: related to one the questions
from the security questionnaire
... in general, IoT devices should be allowed to get connected
with cross-origin services
... let me think about some note
... what i'm wondering about is whether this is something that
should be in the protocol binding for HTTP
... should IoT devices always allow connections to devices from
other origins?
... what are the exact use cases?
... see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
[adjourned]