<kaz> scribenick: elena
<kaz> Sep-7
McCool: any objections publishing the minutes?
no objections, minutes approved
McCool: any updates from
anyone?
... we might need two producers and two consumers for
implementation to be approved. This can be a problem for Oauth
implementations.
... does anyone know about wot-node and oauth?
Cristiano: difference in implementations between producers and consumers can be very minimal for node-wot
McCool: need to bring it up with
node-wot, could Cristiano create an issue about this and test
cases for node-wot?
... let me do issue creation now
McCool creates a new issue in wot-testing
Cristiano: I am afraid that LinkSmart wont implement consumer side
McCool: we need then another
consumer
... node-gen or node-RED might be an option for that
... we need to have two tests per flow
Cristiano: code is not implemented in node-wot, might be a problem
McCool: node-wot also assumes that security configuration is the same, another thing that needs review
<McCool> https://github.com/w3c/wot-testing/issues/51
McCool: we need to review security implementation of node-wot
McCool creates a new issue under wot-security on this
https://github.com/w3c/wot-security/issues/184
McCool: Cristiano, could you walk us through node-wot implementation since you know it well?
Cristiano agrees
McCool: we should also dig into
node-gen also
... are we doing something special for plugfest? I have not seen any
security focus there
... does anyone have any thoughts on this?
... oauth is something we should do but we dont have enough time for
this plugfest. Maybe next plugfest that is in
February/March?
... if we want to be safe to get things done in time, we need
to finalize test cases by the end of the year
Kaz: a bit off topic but I attended the Singapore Geospatial Week's Smart Cities session this afternoon and some of the presenters mentioned end-to-end security would be important for IoT purposes. so I'm wondering how to deal with end-to-end security in wot.
Oliver: that depends on definition of the ends
McCool: should we have security schemes for object security?
Oliver: we have to double check first how to express object security in order not to redo this in TD
McCool: we don't have any
existing issues about object security and how to deal with
it
... we need to decide how we support object security
McCool creates a new issue for this
https://github.com/w3c/wot-security/issues/185
Kaz: this issue 185 could include a definition of end-to-end security. right?
McCool: we need to make a list of object security alternatives
McCool adds some initial options to the issue 185
Oliver proposes more schemes that McCool adds to the issue 185
McCool: next let's look into issue tracker
McCool looks into issue https://github.com/w3c/wot-security/issues/183
<kaz> Issue 183
McCool: should we also add monitoring into this issue?
elena: IMO it should go into separate issue
McCool creates a new issue https://github.com/w3c/wot-security/issues/186 on monitoring
<kaz> related issue on IETF MUD
McCool: next issue https://github.com/w3c/wot-security/issues/180
McCool adds some todos to the issue
McCool: should we also be looking
into mozilla hub or other hubs?
... what about open Hab?
McCool creates a new issue on OpenHab https://github.com/w3c/wot-security/issues/187
<criis> https://github.com/iobridge/thingspeak
McCool creates another issue on mozilla WebThings gateway https://github.com/w3c/wot-security/issues/188
McCool creates an issue on ThingSpeak https://github.com/w3c/wot-security/issues/189
McCool: we don't have wot
integrated in projects like the above
... we need to talk to these groups
... and we need to look into their security architecture to
make sure we are compatible
McCool: let's look into issue
https://github.com/w3c/wot-security/issues/170
... last time we created issues for follow up work, should we
close this issue?
... or do we still have some missing actions?
elena: i don't see anything else from my side
McCool: let's create an issue about trust levels of actors and then we can close the issue 170
McCool creates a new issue https://github.com/w3c/wot-security/issues/190 on this
McCool: any objections to close 170?
no objections, closed
<kaz> [adjourned]