McCool: we need to identify what to
do
... some feedback from David Baron so far
... but that's not an official TAG review yet
... I re-read the comments and also the Architecture
draft
... but think there is some misunderstanding and
confusion
... need some clarification
Kaz: maybe we can create an issue
on our repo?
... anyway, I'll talk with PLH about the next steps today
Elena: fix SVG diagrams directly?
McCool: yes, please do so
... using Inkscape, etc.
... should we merge this PR itself?
... using PowerPoint is OK but using some free software would
be better
Kaz: would agree :)
McCool: let's merge this for now but if we have time, let's convert the diagrams to SVG
(no objections)
McCool: (merges PR 133)
McCool: close Issue 132
McCool: close Issue 130
McCool: skims the WoT Architecture
at: https://w3c.github.io/wot-architecture/
... can close Issue 129
... (and close Issue 129)
McCool: done?
Elena: yes
McCool: (close Issue 126)
McCool: should review terminology separately later
Elena: general term is "intermidiary"
McCool: probably still open
... let's leave it
... simplest resolution is removing the extra definitions of
security and privacy within the Architecture document
... (creates a new issue)
McCool: (looking at the following block)
[[
Also a few thoughts on the security and privacy considerations which I've reviewed somewhat quickly:
* The idea that thing descriptions shouldn't carry identifying information seems over-optimistic to me. It seems like (at least from the perspective of smart home use cases) thing descriptions are likely to have a significant amount of sensitive and identifiable information (although it might not be initially obvious how the information is sensitive), and systems need to be designed appropriately.
* The opening sentences of the section on software update (before the "Mitigation:") appear to suggest that avoiding having a software update system at all would be the best mitigation. While it's absolutely true that designing a secure software update system must be done carefully, experience has shown that having prompt software update to mitigate security vulnerabilities is essential for internet-connected devices, and (see The evergreen Web finding)
essential for the progress of the Web.
]]
McCool: we can create an issue on our repo
Kaz: note that the TAG guys are
looking at the old version we provided in March
... so we can mention the latest version is available on GitHub
at: https://w3c.github.io/wot-architecture/
McCool: some changes
... anyway, we need clarification for the first comment
... regarding the second comment, maybe we can add some
clarification on our side
Elena: when/how to respond?
McCool: we're still waiting for the official conclusion from TAG
McCool: we can read through this
(and read through the PING minutes)
McCool: (and creates an issue on wot-security repo)
McCool: let's review the previous minutes next time
McCool: publication of the Note?
Kaz: we can check the document using the Checkers and publish it using Echidna once it's ready for publication
McCool: ok
... think the terminology issue 123 is blocking
... we should try to address this asas we can push out an
update
Kaz: +1
McCool: might be fixed already, and may want to use "intermediary" to be consistent with the Architecture doc
[adjourned]