13:02:31 <RRSAgent> RRSAgent has joined #wot-sec
13:02:31 <RRSAgent> logging to https://www.w3.org/2022/11/21-wot-sec-irc
13:02:35 <Zakim> Zakim has joined #wot-sec
13:06:14 <kaz> meeting: WoT Security
13:06:26 <kaz> present+ Kaz_Ashimura, Michael_McCool,Jan_Romann
13:06:54 <kaz> scribenick: kaz
13:07:00 <McCool> McCool has joined #wot-sec
13:07:12 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#21_November_2022
13:07:52 <kaz> present+ Tomoaki_Mizushima
13:09:50 <kaz> topic: Minutes
13:10:02 <kaz> -> https://www.w3.org/2022/10/24-wot-sec-minutes.html Oct-24
13:12:48 <kaz> approved
13:13:15 <McCool> topic: Trusted Environment
13:13:46 <kaz> i/topic:/topic: Architecture Transition Request/
13:13:49 <McCool> three PRs: 686, 747, and 781
13:14:09 <kaz> s/topic: Tr/subtopic: Tr/
13:14:16 <kaz> rrsagent, make log public
13:14:20 <kaz> rrsagent, draft minutes
13:14:20 <RRSAgent> I have made the request to generate https://www.w3.org/2022/11/21-wot-sec-minutes.html kaz
13:15:48 <kaz> i|Trusted Env|-> https://github.com/w3c/transitions/issues/474 transitions issue 474 - CR Request for Web of Things (WoT) Architecture 1.1|
13:16:23 <kaz> i|Trusted Env|mm: got comments on Wide Reviews from Ralph|
13:17:34 <kaz> mm: how long would it take for an additional review?
13:17:39 <kaz> kaz: not sure
13:17:46 <kaz> ... it depends on their availability
13:18:06 <kaz> ... but we can ask them to review the additional part quickly if the change is limited
13:18:15 <kaz> q+
13:19:04 <kaz> ... from my view point, what we should do is:
13:19:31 <kaz> ... 1. see whether there is any content added after the wide review conclusion or not
13:19:56 <kaz> ... 2. if there really is any addition, we need to see if it's really needed
13:20:19 <kaz> ... 3. if we can remove it, that's fine
13:20:43 <kaz> ... 4. or if we really need the addition, we need to ask them for an additional review for that part
13:21:03 <kaz> mm: regarding #1, I've checked the timing
13:21:47 <kaz> ... the PR on Trusted Environment was really added one month later the wide review conclusion
13:22:27 <kaz> kaz: which PR?
13:22:38 <McCool> https://github.com/w3c/wot-architecture/pull/781/files
13:23:20 <kaz> s/https/-> https/
13:23:39 <kaz> s|781/files|781 PR 781 - Define Trusted Environment|
13:24:03 <kaz> mm: that is just a definition of a term, "Trusted Environment"
13:28:56 <kaz> kaz: in that case, we need to think about whether we really need this definition or not as #2
13:29:02 <kaz> s/#2/#2 above/
13:30:21 <kaz> mm: don't think we really need this definition
13:31:55 <McCool> https://github.com/w3c/transitions/issues/474#issuecomment-1320565680
13:33:24 <kaz> kaz: would suggest you check with Ralph by sending an email about our proposal before responding on the GitHub Issue directly
13:33:31 <kaz> mm: ok
13:38:31 <kaz> kaz: also, we should check with Lagally as well first
13:38:34 <kaz> mm: yeah
13:48:11 <kaz> topic: Updates to Security and Privacy Guidelines
13:48:56 <kaz> -> https://w3c.github.io/wot-security/ WoT Security and Privacy Guidelines
13:49:23 <kaz> mm: public Note was published on 6 Nov 2019
13:49:50 <kaz> ... we need thorough review
13:50:02 <kaz> ... updated definitions, references, etc.
13:51:36 <kaz> ... should remove the reference to the Best Practices
13:52:30 <McCool> https://github.com/w3c/wot-security-best-practices
13:52:32 <kaz> kaz: meaning not the "6. References to Existing Security Best Practices" section but the reference to our own WoT Security Best Practices document. Right?
13:52:35 <kaz> mm: right
13:53:11 <kaz> -> https://w3c.github.io/wot-security/#references-to-existing-security-best-practices section 6 - References to Existing Security Best Practices
13:53:21 <kaz> s|https://github.com/w3c/wot-security-best-practices||
13:53:30 <kaz> -> https://github.com/w3c/wot-security-best-practices WoT Security Best Practices document
13:53:42 <kaz> mm: it has not been published yet
13:55:08 <kaz> ... (goes through the WoT Security and Privacy Guidelines Note)
13:55:29 <kaz> ... we need to have a plan
13:55:37 <kaz> ... discussion on testing procedure, etc.
13:56:07 <kaz> ... my own general feeling is the document has good content
13:56:20 <McCool> https://github.com/w3c/wot-security/issues/209
13:56:55 <kaz> s/https/-> https/
13:57:18 <kaz> s/209/209 wot-security issue 209 - Update "Security and Privacy Guidelines" prior to 2022 PR transitions
13:57:36 <kaz> mm: the issue was generated in August
13:57:51 <kaz> ... didn't have bandwidth to update the Note
13:58:51 <kaz> ... note that all the normative/necessary information has been included in the normative specs themselves
13:59:46 <kaz> topic: Testing
14:00:04 <kaz> mm: what is the situation for the December Testfest?
14:00:11 <kaz> kaz: preparing for it
14:00:32 <kaz> ... think we should see the implementation status for WoT Architecture and WoT Profile
14:01:08 <kaz> ... but for that purpose, we need to sort the assertion table again based on the appearance order rather than the ID name
14:01:17 <kaz> ... so that people can tell the context easily
14:01:22 <kaz> [adjourned]
14:01:26 <kaz> rrsagent, make log public
14:01:30 <kaz> rrsagent, draft minutes
14:01:30 <RRSAgent> I have made the request to generate https://www.w3.org/2022/11/21-wot-sec-minutes.html kaz
15:37:55 <Zakim> Zakim has left #wot-sec