<McCool> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#May_20.2C_2019
<scribe> scribenick: kaz
Kaz: during the Architecture call, Matthias suggested we rename the "Security and Privacy Considerations" WG Note to "Security and Privacy Guideline"
McCool: good point, let's talk about that as well
McCool: reviewed the minutes
... didn't see anything problematic
... other than a minor typo "nothig" (should be
"nothing")
... propose we accept the minutes
(no objections)
McCool: let's accept the minutes then
McCool: I'm at IIC now
... making a presentation
... the schedule is pretty tight for the security review
... during the 3 upcoming weeks
Elena: will send a reminder to my
assigned reviewers
... when is the deadline?
<McCool> https://www.w3.org/WoT/IG/wiki/PlugFest_WebConf
McCool: we'll have an online
plugfest
... so think the last moment for PR transition will be June
19
... we have to make our resolution for PR transition
... also workshop on June 3-5, and f2f on June 6-7
... should have some presentation there
... so we should add extra security considerations by June 10
or so
... we can do that as part of this round
... considerations as part of the TD spec as well
... June 12 would be the absolute deadline
... let's copy the timeline from the PlugFest wiki to the
Security wiki, and add some edit
... (adds edit on "Key Dates")
... June 6-7 - F2F: initial security review results, proposed
update to TD and Arch docs
... June 12 - target for security revidw results
... June 13 - pullrequests to update Arch
... June 14 - pullrequests to update TD
... June 19 - PR transition resolution
... June 20 - PR transition request
... TAG review still outstanding
Kaz: we can send a reminder to Daniel
McCool: right
McCool: "Security and Privacy
Considerations" to "Security and Privacy Guidelines"
... personally don't care
... ok with the change
Kaz: if we really want, I can
talk with the Webmaster about the change
... we should be able to change it
McCool: fortunately, we don't need to
change the URL
... any objections to change the text title?
Elena: should be careful about cross-references
McCool: ok
... the conclusion of the security tf itself is OK with
changing the title
Elena: think "Guideline" implies
something more like our best practices document including what
to do
... I personally think "Considerations" would fit the current
document
McCool: I'm OK with
"Guidelines"
... we've listed issues already
(some more discussion)
<McCool> proposal: the security TF will not oppose a name change to "Security and Privacy Guidelines".
<McCool> here say "not oppose" rather than "support"
<McCool> but I will talk to the chairs at the main call
<McCool> we can dicuss then and make the final decision there
RESOLUTION: the security TF will not oppose a name change to "Security and Privacy Guidelines".
McCool: all about websockets
... deferred
McCool: align with architecture doc
CR version of the WoT Architecture doc
Section 10. Security and Privacy Considerations
McCool: now should be "align with
security and privacy considerations section of architecture
CR"
... how about putting this as an agenda item for the next
week?
Elena: next week I won't be able to
join
... is the architecture document finalized now?
McCool: yes, it's in the Candidate
Recommendation stage now
... so we should see if it's aligned with the latest "Security
and Privacy Guidelines" document
Elena: can take a first pass then
McCool: ok, so would assign this
issue (35) to you
... (also changes the title to "Align with Architecture CR")
... (also creates another issue 125: Align with Thing Description CR)
... (and assign it as well to Elena)
... we should make sure the documents are consistent
... (adds a note to Issue 125)
... please look for inconsistencies. the Security Privacy
Considerations section of the TD spec dowsn not have to list
everything in the wot-security doc, just the most important
points.
... another point is if the wot-security doc is consistent with
the terminology defined by the wot-architecture doc
... related to issue 123
Elena: related to the issue 35 which is already assigned to me, isn't it?
McCool: a bit different
... (adds clarification to the title of issue 35)
... "Align Security and Privacy Considerations section of
Architecture CR with wot-security"
scribe: (also adds clarification
to the issue 125 as well)
... "Align Security and Privacy Considerations section of
Architecture CR with wot-security"
McCool: (adds some notes)
... as part of our review of terminology alignment with the
architecture CR (issue 126), we should make a list of terms and
put them in a terminology section.
... as a separate step we can worry about tracking an external
reference (e.g., ITU, NIST).
Elena: not available next week
McCool: we can cancel the call next
week
... I'll be also very busy for the demo preparation
... so let's cancel the call next week, May 27
[adjourned]