W3C

– DRAFT –
WoT Security

21 November 2022

Attendees

Present
Jan_Romann, Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
kaz

Meeting minutes

Minutes

Oct-24

approved

Architecture Transition Request

transitions issue 474 - CR Request for Web of Things (WoT) Architecture 1.1

McCool: got comments on Wide Reviews from Ralph

Trusted Environment

<McCool> three PRs: 686, 747, and 781

McCool: how long would it take for an additional review?

Kaz: not sure
… it depends on their availability
… but we can ask them to review the additional part quickly if the change is limited
… from my view point, what we should do is:
… 1. see whether there is any content added after the wide review conclusion or not
… 2. if there really is any addition, we need to see if it's really needed
… 3. if we can remove it, that's fine
… 4. or if we really need the addition, we need to ask them for an additional review for that part

McCool: regarding #1, I've checked the timing
… the PR on Trusted Environment was really added one month later the wide review conclusion

Kaz: which PR?

<McCool> PR 781 - Define Trusted Environment

McCool: that is just a definition of a term, "Trusted Environment"

Kaz: in that case, we need to think about whether we really need this definition or not as #2 above

McCool: don't think we really need this definition

<McCool> https://github.com/w3c/transitions/issues/474#issuecomment-1320565680

Kaz: would suggest you check with Ralph by sending an email about our proposal before responding on the GitHub Issue directly

McCool: ok

Kaz: also, we should check with Lagally as well first

McCool: yeah

Updates to Security and Privacy Guidelines

WoT Security and Privacy Guidelines

McCool: public Note was published on 6 Nov 2019
… we need thorough review
… updated definitions, references, etc.
… should remove the reference to the Best Practices

Kaz: meaning not the "6. References to Existing Security Best Practices" section but the reference to our own WoT Security Best Practices document. Right?

McCool: right

section 6 - References to Existing Security Best Practices

WoT Security Best Practices document

McCool: it has not been published yet
… (goes through the WoT Security and Privacy Guidelines Note)
… we need to have a plan
… discussion on testing procedure, etc.
… my own general feeling is the document has good content

<McCool> wot-security issue 209 - Update "Security and Privacy Guidelines" prior to 2022 PR transitions

McCool: the issue was generated in August
… didn't have bandwidth to update the Note
… note that all the normative/necessary information has been included in the normative specs themselves

Testing

McCool: what is the situation for the December Testfest?

Kaz: preparing for it
… think we should see the implementation status for WoT Architecture and WoT Profile
… but for that purpose, we need to sort the assertion table again based on the appearance order rather than the ID name
… so that people can tell the context easily

[adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 196 (Thu Oct 27 17:06:44 2022 UTC).