<kaz> scribenick: cris
<kaz> Aug-31
McCool: by the way it is labor day in
the U.S.
... by looking into the minutes it is not clear what Cristiano
is agreeing to .. please kaz could you fix this?
... aside from that issue I am ok with the minutes
Kaz: Ok the plan you mentioned has been added
McCool: any other comments? should we
make this public?
... ok published.
<inserted> wot-thing-description PR945
<inserted> wot-thing-description PR944
McCool: TD group provided some
feedback on the PR about security
... the main concern was about the fact that we still does not
have an implementation of the proposed changes in the PR
... however we do not really define new functionalities in the
PR. Infact both of them propose feature that can be easily
translated back to the old TD model
... like inline definition can be prepocessed back to a
securityDefinition
... anyway the two PRs right now are still on hold... we still
have to implement a pre-processor to test them
Elena: do we have existing use cases for combination schema?
McCool: yes we have an example in the
TD document (Example 11). There a proxy is described using a
TD
... on the other hand, example 15 shows the problem of
redundancy for multiple or security schemas. This is solved by
the combination scheme (see Example 16)
... it is an improved syntax for "and" and "or" security
constraints
Elena: it looks good. Also the inline feature is fine.
McCool: we need implementation, for example node-wot still does not support "and" combination (even the old version with the array is not supported)
<kaz> Issue 169
McCool: Oliver was confused about
roles and entities. I suggested to add the word "role" at the
end of some terms to make it clearer
... if have any comments please use the issue comment
section.
McCool: we still have to really
discuss in depth the issue
... for example what should it be the default method?
... any other topics to add to the agenda for today? otherwise
I'd rather try to close some open issues
... ok
<kaz> Issue 169
McCool: I'd propose to close #169 since we already did the review
Elena: we probably need a new issue to track additional review work on the lifecycle
McCool: I suggest to do additional
reviews when the Arch document goes to CR
... ok closed
<kaz> Issue 173
McCool: #173 we already completed the task described there. So I'm closing it
... any objection?
... ok closed.
<kaz> Issue 177
McCool: #177 still has some open points
Cristiano: I think the review is done. We may open a new issue to track the left points
McCool: yes, let's create an issue in
the use-case repository
... I'll assign cristiano to this new issue
<McCool> https://github.com/w3c/wot-usecases/issues/49
McCool: ok now let's close #177
... closed.
<kaz> Issue 170
Elena: I am not sure how to update the Threat Model.
McCool: I think we can discuss this in a issue
Elena: if we decide that the modification is trivial I can just add two lines there however if we plan to create a new section it is better to have a discussion
McCool: I think a new issue is the
best place to decide this.
... I'm creating a new one in the wot-security repository
<kaz> New Issue 183
McCool: Elena any other issue that we should add here?
Elena: not really
<kaz> Issue 170 on Conexxus security and privacy threat model
McCool: I added a Consider closing
label to #170
... we still have open points and issues to create
... EdgeX have their own internal system for
authentication.
<kaz> Issue 180 on EdgeX
McCool: I'd prefer to see a more
extensible support
... so I'll the issue open to track the discussion
... I think that a solution for #168 is to create an issue for
each use case that still miss security/privacy section.
<kaz> Issue 168 - security and privacy considerations for all the use cases (or requirements)
<kaz> Issue 166 - integrity protection
McCool: any final things?
... Ok let's close the meeting
<kaz> [adjourned]