W3C

- DRAFT -

WoT Security

09 Sep 2019

Agenda

Attendees

Present
Michael_McCool, Elena_Reshetova, Tomoaki_Mizushima, Kaz_Ashimura
Regrets
Chair
McCool
Scribe
kaz

Contents

Quick updates

(none)

Previous minutes

Prev minutes

McCool: any objections to accept the minutes?

(none)

McCool: accept the previous minutes

Definition PR in Architecture

PR 384

McCool: created a PR based on ISO standard definition
... ISO/IEC 2382 and ISO/IEC 27000
... put some explanatory text

<McCool> https://github.com/w3c/wot-architecture/pull/384/files

Kaz: seems the link for 2382 is wrong (same as 27000)

McCool: will fix it
... we'll make decision during the Architecture call on Thursday
... there is a note on PII here
... added description on information privacy as well
... ISO 2382 and ISO 29100
... and then
... security
... confidentiality, integrity and availability of information
... and then add a note "please refer to this document (ISO 27000)"
... also add a note saying " it is desirable that these properties be maintained both in normal operation and when the system is subject to attack"
... also definition of "private life"
... any other comments?
... (fixes the wrong link for "ISO 2382")
... wondering if we need to add an entry to the ReSpec reference DB

WG Charter

WG Charter PR (round 2)

Changes

McCool: (goes through the changes)
... how to allow access to metadata?
... changed "parties" to "users" ...

Profiles

<McCool> https://github.com/w3c/wot-profile/issues/6

Elena: don't really understand which profiles are for what

McCool: would be fixed within TD
... we're generating a document on "Requirements from WG participants for the profile"

Requirements

McCool: it's just outline
... we'll discuss this during TPAC
... there is a proposal to make TD less complicated
... human readability vs machine-to-machine communication

Elena: what about security?
... we have security best practice document
... how does things relate to each other?

McCool: some of the combinations would make sense

Elena: any plan to merge the best practice with this?

McCool: not really
... we have limitation
... but there is a relationship and we should not duplicate

Elena: ok

McCool: we need to figure out developer status
... there should be a mechanism to allow "nosec" but only in a developer context

Elena: e.g., people working within a local network

McCool: we have to have discussion at TPAC
... also need to find use cases

Elena: btw, we needed to update the Architecture document with updated definition?

McCool: working on the original issue and newly generated definition based on the CR version of the Architecture draft
... let's discuss the detail at TPAC
... if you have any ideas, please put that on the TPAC f2f wiki

Elena: Asian time?

McCool: TPAC will be held in Fukuoka, so JST
... would make sure you can make the f2f remotely
... let's meet (or talk on webex) at TPAC next week!

[adjourned]

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/09/11 15:12:53 $