WoT Security

20 May 2019



Kaz_Ashimura, Elena_Reshetova, Tomoaki_Mizushima, Michael_McCool


<McCool> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#May_20.2C_2019

Review of Minutes from earlier meetings

previous minutes

<scribe> scribenick: kaz


Kaz: during the Architecture call, Matthias suggested we rename the "Security and Privacy Considerations" WG Note to "Security and Privacy Guideline"

McCool: good point, let's talk about that as well

Review of Minutes from earlier meetings

previous minutes

McCool: reviewed the minutes
... didn't see anything problematic
... other than a minor typo "nothig" (should be "nothing")
... propose we accept the minutes

(no objections)

McCool: let's accept the minutes then

Quick update

McCool: I'm at IIC now
... making a presentation
... the schedule is pretty tight for the security review
... during the 3 upcoming weeks

Elena: will send a reminder to my assigned reviewers
... when is the deadline?

<McCool> https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf

McCool: we'll have an online plugfest
... so think the last moment for PR transition will be June 19
... we have to make our resolution for PR transition
... also workshop on June 3-5, and f2f on June 6-7
... should have some presentation there
... so we should add extra security considerations by June 10 or so
... we can do that as part of this round
... considerations as part of the TD spec as well
... June 12 would be the absolute deadline
... let's copy the timeline from the PlugFest wiki to the Security wiki, and add some edit
... (adds edit on "Key Dates")
... June 6-7 - F2F: initial security review results, proposed update to TD and Arch docs
... June 12 - target for security revidw results
... June 13 - pullrequests to update Arch
... June 14 - pullrequests to update TD
... June 19 - PR transition resolution
... June 20 - PR transition request
... TAG review still outstanding

Kaz: we can send a reminder to Daniel

McCool: right

Name change

McCool: "Security and Privacy Considerations" to "Security and Privacy Guidelines"
... personally don't care
... ok with the change

Kaz: if we really want, I can talk with the Webmaster about the change
... we should be able to change it

McCool: fortunately, we don't need to change the URL
... any objections to change the text title?

Elena: should be careful about cross-references

McCool: ok
... the conclusion of the security tf itself is OK with changing the title

Elena: think "Guideline" implies something more like our best practices document including what to do
... I personally think "Considerations" would fit the current document

McCool: I'm OK with "Guidelines"
... we've listed issues already

(some more discussion)

<McCool> proposal: the security TF will not oppose a name change to "Security and Privacy Guidelines".

<McCool> here say "not oppose" rather than "support"

<McCool> but I will talk to the chairs at the main call

<McCool> we can dicuss then and make the final decision there

RESOLUTION: the security TF will not oppose a name change to "Security and Privacy Guidelines".

Issues and PRs

Issue 34

McCool: all about websockets
... deferred

Issue 35

McCool: align with architecture doc

CR version of the WoT Architecture doc

Section 10. Security and Privacy Considerations

McCool: now should be "align with security and privacy considerations section of architecture CR"
... how about putting this as an agenda item for the next week?

Elena: next week I won't be able to join
... is the architecture document finalized now?

McCool: yes, it's in the Candidate Recommendation stage now
... so we should see if it's aligned with the latest "Security and Privacy Guidelines" document

Elena: can take a first pass then

McCool: ok, so would assign this issue (35) to you
... (also changes the title to "Align with Architecture CR")
... (also creates another issue 125: Align with Thing Description CR)
... (and assign it as well to Elena)
... we should make sure the documents are consistent
... (adds a note to Issue 125)
... please look for inconsistencies. the Security Privacy Considerations section of the TD spec dowsn not have to list everything in the wot-security doc, just the most important points.
... another point is if the wot-security doc is consistent with the terminology defined by the wot-architecture doc
... related to issue 123

Issue 123

Elena: related to the issue 35 which is already assigned to me, isn't it?

McCool: a bit different
... (adds clarification to the title of issue 35)
... "Align Security and Privacy Considerations section of Architecture CR with wot-security"

Issue 35

scribe: (also adds clarification to the issue 125 as well)
... "Align Security and Privacy Considerations section of Architecture CR with wot-security"

Issue 125

Issue 45

McCool: (adds some notes)
... as part of our review of terminology alignment with the architecture CR (issue 126), we should make a list of terms and put them in a terminology section.
... as a separate step we can worry about tracking an external reference (e.g., ITU, NIST).

Issue 126

Next call

Elena: not available next week

McCool: we can cancel the call next week
... I'll be also very busy for the demo preparation
... so let's cancel the call next week, May 27


Summary of Action Items

Summary of Resolutions

  1. the security TF will not oppose a name change to "Security and Privacy Guidelines".
[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/05/21 14:28:31 $