WoT Security

27 Jan 2020



Kaz_Ashimura, Michael_McCool, Oliver_Pfaff, Tomoaki_Mizushima
Oliver, kaz


<kaz> scribenick: Oliver

Michael: Issue#152 assigned to Elena, Issue#153 to Michael

<kaz> Issue 152

Michael: Issue#151 assigned to Elena - continues

<kaz> Issue 153

<kaz> Issue 151

<inserted> scribenick: kaz

Michael: add labels of "PR Available" and "WIP" to Issue#149

Issue 149

Michael: adds comments for Zoltan for Issue#151

Issue 151

Issue 148

Oliver: question on which actor to be addressed
... maybe discussion for Architecture
... mapping is unclear

McCool: need a clear description in definition?
... in the security document?
... if so, someone should provide a pullrequest
... should elaborate in the security document
... (adds comment to Issue 148)
... it's not clear who the actors are for authentication
... it needs a clearer definition and discussion

Oliver: yes
... but not only related to security guidelines
... but also TD and Architecture

McCool: (adds comments)
... this is true in the TD and Architecture docs as well as in the security guidelines.
... a lot of the definitions in Architecture are based on other standards, which however may be based on client-server arcihtecture./server-based
... propose a clearer definition in the Architecture document for "authentication" that references existing standards but builds upon them as necessary
... will create an issue in Architecture repo

Oliver: sounds like a good plan

McCool: (creates an issue for wot-architecture)
... issue title should be [[More clearly define "Thing Authentication"]]

new wot-architecture issue 429 corresponding wot-security issue 148

Issue 147

McCool: Missing reference for IETFAnima
... (adds labels of "PR Available" and "WIP")

Issue 146

McCool: need to create a pullrequest
... Oliver, do you have a branch for that purpose?
... can you show us the branch?

Issue 145

McCool: client/server vs publish/subscribe patterns
... we'll be looking at protocols that support publish/subscribe patterns, e.g., MQTT, HTTP with event/subscribe interactions, OPC-UA
... so we do need to look at this
... any resources to refer?
... for MQTT, OPC-UA, HTTP
... would like to assign this issue 145 to Oliver
... not for a pullrequest at this point, but only to come up with a more concrete plan

Oliver: fine by me
... will look into that
... but will take vacation till Feb 24

McCool: not critical to do by next week

Oliver: can work on it but discussion to be done on Feb 24

McCool: ok. we need to collect references first

Issue 144

McCool: next, end-to-end security
... summary is we need a clearer definition
... can apply to multiple levels of the network stack
... seems more security-specific topic

Oliver: we need some description about different levels of security

McCool: end-to-end security is related to protocols
... so related to protocol binding
... basic definition to be included in the Architecture document
... and elaborated within the Security Guidelines document
... actions:
... 1. create a pullrequest for basic definition in Architecture
... 2. create a pullrequest for discussion in Security Guidelines
... let me create another issue for Architecture

new Architecture issue 430

McCool: any other input for the next call?
... (updates the agenda wiki for Jan-27 call)
... AOB?



Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2020/02/04 03:41:02 $