14:01:24 <RRSAgent> RRSAgent has joined #wot-sec
14:01:28 <RRSAgent> logging to https://www.w3.org/2024/02/26-wot-sec-irc
14:01:29 <McCool_> McCool_ has joined #wot-sec
14:01:29 <JKRhb_> JKRhb_ has joined #wot-sec
14:01:30 <kaz> meeting: WoT Security
14:01:49 <kaz> chair: McCool
14:01:53 <kaz> rrsagent, make log public
14:01:57 <kaz> rrsagent, draft minutes
14:01:58 <RRSAgent> I have made the request to generate https://www.w3.org/2024/02/26-wot-sec-minutes.html kaz
14:02:20 <kaz> present+ Kaz_Ashimura, Michael_McCool, Jan_Romann
14:04:31 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#26_February_2024
14:06:32 <kaz> present+ Tomoaki_Mizushima
14:08:23 <kaz> scribenick: kaz
14:08:26 <kaz> topic: Minutes
14:08:57 <kaz> -> https://www.w3.org/2024/01/15-wot-sec-minutes.html Jan-15
14:08:59 <kaz> approved
14:09:19 <kaz> topic: Logistics
14:09:49 <kaz> mm: Security calls will be cancelled on April 1 and 8
14:11:22 <kaz> -> https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf#Cancellations Cancellations section on the main wiki
14:11:41 <kaz> topic: Publication schedule
14:14:10 <kaz> -> https://github.com/w3c/wot/blob/main/planning/schedule.md schedule.md
14:14:25 <kaz> mm: when to publish an updated Security/Privacy Note?
14:14:40 <kaz> kaz: some time similar to the UC Note, e.g., Sep?
14:15:14 <kaz> q+
14:15:50 <kaz> mm: would propose September, 2025
14:16:33 <kaz> kaz: would be better to have it a bit earlier given Security/Privacy consideration is a basis of the other specs
14:18:06 <kaz> ... also we should think about which content to be dealt with the Security/Privacy Note side, and which to be dealt with the spec side
14:18:13 <kaz> mm: right
14:19:34 <kaz> topic: Use Cases and Requirements
14:20:56 <kaz> -> https://github.com/w3c/wot-usecases/blob/main/USE-CASES/security-categories.csv wot-usecases/USE-CASES/security-categories.csv
14:21:13 <kaz> mm: we've been discussing how to deal with the security categories
14:22:21 <kaz> -> https://w3c.github.io/wot-usecases/#security Use Cases/Requirements Note (ED)
14:22:54 <kaz> mm: (shows security description within the Use Cases/Requirements Note)
14:23:06 <kaz> ... the question is how to proceed
14:23:29 <kaz> ... should we wait until the template is ready?
14:23:30 <kaz> q+
14:23:55 <Mizushima> q+
14:23:58 <kaz> ... this table (security-categories.csv) shows the general categories
14:25:19 <kaz> ack k
14:25:49 <kaz> kaz: would suggest we (Sec TF) wait until the UC TF clarifies the procedure
14:26:11 <kaz> ... specifically, what/how to describe the Functional Requirements and the Technical Requirements
14:26:24 <kaz> ... I believe Mizushima-san is working on that for the discussion tomorrow
14:26:45 <kaz> ... and we can revisit this CSV table on security categories at that time
14:27:20 <kaz> ... maybe we can start with Mizushima-san's example on smart home
14:27:25 <kaz> mm: ok
14:27:31 <kaz> mizu: agree with Kaz
14:27:52 <kaz> ... we need concrete template for requirements description as well
14:28:23 <kaz> ... otherwise people tend to get confused
14:28:28 <kaz> mm: agree
14:29:11 <kaz> ... note that I think each requirement following the template and clarify what kind of threat to be mitigated for which category
14:29:27 <kaz> ... let's see how the new updated template would fit
14:29:38 <kaz> ack m
14:30:43 <kaz> topic: Issues
14:31:03 <kaz> subtopic: Issue 231
14:31:14 <kaz> -> https://github.com/w3c/wot-security/issues/231 Issue 231 - Wot-sec ontology
14:31:29 <JKRhb_> q+
14:31:42 <kaz> mm: would be better to get Mahda's participation for this
14:32:17 <kaz> ... splitting security terms into a smaller ontology
14:33:12 <kaz> ... should this issue be moved to the wot-thing-description repo?
14:33:22 <kaz> q+
14:33:28 <kaz> ack j
14:34:00 <JKRhb_> q+
14:34:36 <kaz> kaz: we need to think about the whole ontology design first
14:35:20 <kaz> mm: that's true but this proposal itself is part of the TD ontology
14:36:06 <kaz> q-
14:36:59 <kaz> jr: maybe we could consider to create a project around security to collect security issues from all the related repos
14:37:10 <kaz> mm: think we already have that mechanism
14:37:57 <kaz> i|maybe|-> https://github.com/w3c/wot-thing-description/blob/main/ontology/wotsec.ttl wot-thing-description/ontology/wotsec.ttl
14:37:58 <kaz> q+
14:38:11 <kaz> ack j
14:38:52 <kaz> kaz: given the resource is currently handled within the wot-thing-description repo, I'm OK to move this issue itself to the wot-thing-description repo
14:40:22 <kaz> -> https://github.com/w3c/wot-thing-description/issues/1978 transferred to wot-thing-description Issue 1978 - Wot-sec ontology
14:40:59 <McCool_> https://github.com/w3c/wot-thing-description/issues/1978
14:41:23 <kaz> i|-> https|McCool: (moved the issue to wot-thing-repository repo)|
14:42:04 <kaz> i|https|kaz: you might want to add a label on "security" to this issue too.|
14:42:08 <kaz> mm: yes
14:42:25 <kaz> ... (adds "Security" label to wot-thing-description Issue 1978)
14:42:28 <kaz> [adjourned]
14:42:33 <kaz> rrsagent, make log public
14:42:39 <kaz> rrsagent, draft minutes
14:42:40 <RRSAgent> I have made the request to generate https://www.w3.org/2024/02/26-wot-sec-minutes.html kaz