<scribe> scribenick: kaz
David: specifically working on apis
Clerley: tx!
McCool: we're capturing use cases
now
... very useful to have you to get requirements
... we have a number of TFs
... this one is working on security/privacy guidelines
... also components for the other TF's work
... also we have another TF on discovery which is related to
security
(discovery call in 1h 45m :)
McCool: we have the WoT main call on Wednesday
Clerley: trying to understand how the group is working
McCool: if you have a question, you
can raise your hand by "q+" command on IRC
... but we just have 5 people or so for this security call, so
feel free to jump in as well
... generally we rotate for the scribe roll
McCool: (explains how we take
minutes, etc.)
... we review the previous minutes and make decision whether to
publish them or not
McCool: typo for "Issues and
PRs"
... objections for publishing the minutes?
(none)
McCool: approved
McCool: Oliver, any updates?
Oliver: no, sorry
McCool: ok
... we'll wait for Oliver's new changes
Oliver: there was something unclear
McCool: you're now editing the target
file, index.html
... OK with merging the PR
Oliver: if you can create the old PR 164, I can create a new one
McCool: ok
... please do so
Oliver: will do
<scribe> ACTION: Oliver to generate a new PR for end-to-end security
McCool: would like to look into Issues here
Oliver: please assign me if my review is needed
McCool: we want to have a section about end-to-end security within the guidelines document
McCool: we should open this issue 144
itself
... and then should ask some of the other participants to join
the discussion, e.g., Elena
Oliver: ok
McCool: (adds comments on the
issue)
... first draft has been done
... but there are some pending wording changes requested
... and it needs further review
... so we'll leave this issue open
... and I'll re-assign Oliver to do the requested edits
... then will also assign Elena to do a review
<McCool> https://github.com/w3c/wot-security/issues/148
McCool: new issue on thing
authentication
... created an issue on architecture repo
McCool: related to the lifecycle discussion
Oliver: lifecycle is one aspect
... and authentication is another
... would have clear picture for onboarding
... if we could get good response from another expert (within
Siemens), could close it sooner
... need clear expectation for the mechanism
McCool: basically, in certain
situation authentication expects validation
... (adds comments to issue 148)
... key is lifecycle discussion and definition of states/actors
where authentication plays a role
... this is a relevant issue...
McCool: what to do next?
Oliver: leave this issue open and clarify those points
McCool: (adds comments to issue 148
again)
... ok
... let's leave this issue open
... when the above issue is resolved review it to enure that
authentication is properly addressed
McCool: (and adds comments to Architecture issue 476 as well)
McCool's comments for wot-architecture issue 476
McCool: since we have Clerley and
David here, would talk about use cases and requirements
... e.g., for the Singapore ones
... review all the use cases on the wot-architecture repo
Use case on public health monitoring
McCool: based on the discussion with
Singapore govtech
... bunch of cameras in the public spaces
... face recognition is not necessary
... but would see if people have fever
... identify them but not necessarily with names
McCool: what do you think?
... may be additional requirements from the retail
viewpoints
... target of advertisement, etc.
... two issues here, I think
... identifying people
... and opt-in
... many requirements for security as well
Clerley: absolutely
McCool: for example, OAuth came
up
... to manage access rights
... we have this issue tracker here
... David did create an issue
... for retail use case
David: wanted to point out there are
3 different topics
... how to make sure people able to hack it
... and caching security scenario
... then access to services
... all playing in retail
... do you agree?
McCool: yeah
... would like to have security/privacy consideration section
for each use case
... you need to protect cached data
... proposing here is generate that section
... that's something we should do
... (creates a new issue)
... add "security and privacy considerations" section to all
the use cases
... should add that to the requirements template too
McCool: for example, for the retail use cases
David: let's talk about the details later (need to leave for another meeting)
[adjourned]