WoT Security

06 May 2019


Kaz_Ashimura, Elena_Reshetova, Michael_McCool, Tomoaki_Mizushima



McCool: short agenda: prev minutes, updates to TD/Arch, Issues/PRs

<inserted> mm: adds CTA/NIST for workshop to quick updates

Review of minutes


McCool: (goes through the minutes)
... publication schedule change, still ongoing
... also need to work on demos
... any issues?

(no objections)

McCool: accepting the minutes

Quick updates

McCool: talked with Mike Bergman from CTA to invite them to the WoT workshop
... but unfortunately he can't come

Review progress

McCool: joined the IIC security call
... but just myself and the Chair there
... have not heard back from the others either
... so far we have got no feedback from TAG either

Updates to TD/Arch

McCool: one of the issues
... best practices document and testing document don't have proper style yet
... so for the moment, we should remove the refs to them from the spec docs
... when we get to PR, we can add links back again

Kaz: those references are non-normative. right?

McCool: right



Elena: maybe better to start with the oldest one?

McCool: yeah, but maybe we can look at issue 122 first

Issue 122

McCool: (reopens the related TD issue 300)

TD issue 300

McCool: now we can refer to the above TD issue 300
... and security issue 122 itself can be closed
... (closes issue 122)

Issue 84

McCool: add a comment
... need to review before the Cork IIC meeting in May 2019.

Elena: after that, we should check the old issues

McCool: ok

Issue 13

McCool: current practices document has gone away and turned into the Architecture document
... so would propose we close this issue itself (13) and create a smaller issues related to particular things in the Architecture document.
... (also adds some more comment to the TD issue 300)

McCool's updated comment on TD issue 300

McCool: (goes back to the security issue 13)
... change the title to "Align with Architecture document"
... and keep it

Issue 14

McCool: discovery and expose
... since we don't consider discovery any more
... also discovery is out of scope from our current Charter
... if there was a service supporting discovery, and that service was described with a TD, that TD could specify the access rights and requirements for discovery
... TDs alone specify the interaction rights but say nothing about discovery, and this is fine, since that is the scope of the TD
... we already state the security properties that any TD discovery mechanism should have, e.g., provide TDs only to "authorized users". However, we are vague as to how that is accomplished we state the goal, not the mechanism, which is intentionally undefined
... my reading of what Zoltan was saying above is that is not really an issue for the Scripting API. Or rather, access rights are handled outside of the Scripting API.
... (and close it; issue 14)

Issue 21

McCool: done
... and closed

Issue 13

McCool: (goes back to issue 13, and close it as well)
... because we already have an issue with the updated title

Next call

McCool: would cancel the call next week

Kaz: so the next call will occur on Monday, May 20?

McCool: will be traveling for the IIC meeting on that day as well
... but still may be able to join


Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/05/21 14:26:59 $