W3C

– DRAFT –
WoT Security

17 October 2022

Attendees

Present
Jan_Romann, Jiye_Park, Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
-
Scribe
kaz

Meeting minutes

Minutes

Oct-10

McCool: (goes through the minutes)
… will write up the at-risk section
… should remove the acronyms of the WoT products since not really sure

(approved)

Implementation Report

McCool: this week, we'll have Discovery call, TD call and Architecture call
… should clarify how to deal with the security section as well

Discovery

wot-discovery PR 427 - Update Oct 2022 impl report

latest draft implementation report

McCool: (updates the SoTD section of the CR draft of the WoT Discovery spec with the information of "features at risk")
… what do you think?

Kaz: given the test results, it makes sense

McCool: currently 18 features
… at-risk assertions are marked with a yellow highlight within the spec

McCool: (fixed the CSS for the at-risk features)
… (then adds a note "several assertions in the following are at risk" to the Privacy Considerations section)

Kaz: and the at-risk features in that section are also highlighted by yellow. right?

McCool: yes
… should we change the fonts as well?

Kaz: the assertions include RFC2119 keywords, which are rendered in bold
… so would be confusing to use bold fonts for the at-risk assertions, so I think yellow highlights should be fine at the moment.

Jan: maybe can use ARIA features to identify the assertions?

McCool: can dig into it

<JKRhb> Maybe this could work? https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-description

McCool: Jiye, any updates?

Jiye: can ask Sebastian and Ege

McCool: both Netzo and Desigo

Jiye: will ask them today or tomorrow

PRs

<McCool> https://github.com/w3c/wot-discovery/pull/427

PR 427 PR 427 - Update Oct 2022 impl report

McCool: will talk about the PR during the Discovery call today

Cancellations

McCool: look at the calendar

Cancellations (on the main wiki)

McCool: Security cancelled on Nov 7 and 14
… also Dec 26
… then Jan 2
… OK with restarting on Jan 9?

Jiye: fine

AOB

McCool: AOB?
… feel free to give comments to the Implementation Reports

e.g., Discovery PR 427

Jiye: question about security and privacy guidelines
… the document itself is kind of old
… will we update it?

McCool: yes
… need to update it too
… it is a WG Note
… when the WG Charter expires?

Kaz: January, 2023

McCool: people can read the Editor's draft of the Security Guidelines Note

Editors Draft - Web of Things (WoT) Security and Privacy Guidelines

McCool: we need to update the references
… after looking at the best practice document
… don't think it's in a bad shape
… Jiye, you can take your time to look into it

Jiye: OK

Kaz: just to make sure, the priority is still the normative specs

McCool: yeah, that's true
… but we can still work on easy fixes

[adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 192 (Tue Jun 28 16:55:30 2022 UTC).