Meeting minutes
Minutes
<kaz> Oct-17
Implementation Reports
McCool: resolution on Wednesday, Oct 26
McCool: I will spend some time to plan next step
McCool: I have three PRs
<McCool> https://
<McCool> https://
<McCool> https://
Discovery PR
<kaz> wot-discovery PR 430 - CR publication prep and IR finalization
McCool: It's not related security directly, but just small updates on CoAP, there is no progress on security based assertions
… still many parts about security are at risk
TD PR
<kaz> wot-thing-description PR 1730 - Prep for CR
Architecture PR
<kaz> wot-architecture PR 858 - Prep for CR, finalize IR and document at-risk items
McCool: it's not security related
… at least the TLS related topics are not at risk anymore
Jan: the implementation I support we don't support DTLS v1.3
McCool: some of them remained are related to policy, probably we can get some statement from people
McCool: anybody has idea that some certain things should be normative?
McCool: DTLS is used only for CoAP and we don't have any implementation
<kaz> [[ arch-security-consideration-avoid-direct Security N The WoT Runtime SHOULD NOT directly expose native device interfaces to the script developers. ]]
<kaz> kaz: I agree we need that kind of discussion, but what's more important from my viewpoint is we need to add some more clarification to the assertions, because when I asked the ECHONET guys to submit their report, they were not sure what this assertion meant (and I had to agree)..
McCool: if things are at risk and we end up informative text, we could convert to informative text in advance
<kaz> s/I agree we need that kind of discussion, but what's more important from my viewpoint is we need to add some more clarification to the assertions./
Kaz: might want to add clarification only to asserssion?
McCool: this could be helpful
… we can create an issue when you bring up
Kaz: if it's possible, we should describe our expectation.
McCool: consumers won't be affected by this
… I don't intend to make PR right now.
<kaz> s/... :/... /g
Kaz: if I get any more feedback, I will let you know
aria-description
McCool: we can look at this again
Cancellations
<kaz> mm: Security call will be cancelled on Oct 31 since Kaz (and the JP Members) can't make it.
Commercial Implementations
Sebastian: currently we have two official commercial implementations
… one is for building automation use case, the other one is sayWoT which is more generic purpose.
Kaz: I have contacted other companies as well, and would be able to get the feedback as well. The question is the timing. If it's OK for us to get their reports after CR transition, maybe we can get some results from them.
McCool: my assumption is all the assertions in privacy and security parts are new. Some are hard to validate. So if it is needed, we need to change to informative text
… feedback is a bit slow from commercial implementation side, so we can consider change to informative text
Sebastian: we definitely can ask Bosch
McCool: already did
Kaz: technically we should make those features are at risk, and see the results when we transition to PR.
Sebastian: this week we have a meeting with telecom people, and we can ask them to give implementation result input
Kaz: that will be very welcome
S&P guildelines update
McCool: we might need internal review
… what is the currently charter time line?
Kaz: 31 January 2023
<kaz> extended WoT WG Charter
McCool: my proposal is finishing working on this document before christmas holiday
<sebastian_> https://
security testing
McCool: this is related to pentesting implementation
… the question is how to do this pen or security testing
… I have looked some tools, and seems it's not so difficult
… for example, time out from discovery document can be tested
… at least we need an update how we do the testing. it will be very useful
<kaz> [adjourned]