IG Security WebConf

From Web of Things Interest Group
Jump to: navigation, search

WebConf Information

Mondays at 8am US Eastern / 2pm Europe / 9pm Japan

WebEx

IRC

The IRC is used for the minutes, speaker queue, and sharing links etc.

Schedule

  • Next release of "WoT Security and Privacy Considerations"
    • Soon after Bundang Plugfest (mid-July)
  • First draft for review:
    • End of August 2018.
  • External review:
    • September-October 2018 (first external review)
    • if 3mo, can be as far out as December 2018 - January 2019 (second external review)
  • Finalization:
    • November 2018 (should at least be a good first draft)
    • if 3mo ext, moves out to February 2019; do "second round"

Agenda

June 25, 2018

  • Review of minutes from last meeting(s)
  • Plugfest and F2F Prep
  • Next release
  • External validation
    • IIC
    • W3C Web Security IG
  • Review other issues and PRs
  • Other business

June 11, 2018

June 4, 2018

May 28, 2018

  • Review of minutes from last meeting(s)
  • Review PRs
  • Plugfest/F2F/TPAC Preparation
    • Conflicts w/ TPAC: Linux Security Summit Europe (Oct 25-26)
  • Review issues
  • Other business

May 21, 2018

  • Review of minutes from last meeting(s)
  • Review PRs
  • Plugfest/F2F/TPAC Preparation
  • Review issues
  • Other business

May 14, 2018

  • (X) Review of minutes from last meeting(s)
  • Review PRs
    • Privacy
    • Tunneling
  • TD Security Vocabulary
  • Online Test System - Intel
  • Review issues
  • Other business

May 7, 2018

  • (X) Review of minutes from last meeting(s)
  • Review PRs
  • Review issues
  • Other business

Apr 30, 2018

  • Review of minutes from last meeting(s)
  • Events for signaling lifecycle transitions, eg destroying an object
  • Review PRs
  • Review issues
  • Other business

Apr 23, 2018

Apr 16, 2018

  • Review of minutes from last meeting(s)
  • Review topology of plugfest scenarios
  • Review updated security metadata proposal
    • merge PR if appropriate
  • Review issues and other PRs
    • Especially Jason Novak's issues

Apr 9, 2018

  • Review of minutes from last meeting(s)
  • NDSS DISS workshop paper: updates to publication version
  • Updated "security metadata" PR
  • Update master with working
  • Planning: What Next?
    • Lifecycle: overall vs. security-specific
    • Testing and validation: https://github.com/w3c/wot/pull/439
    • Industrial and enterprise use case discussion (ACLs? Roles and profiles? Root of trust? TPMs?)
    • More updates to security metadata: roles, profiles, scopes, other schemes
    • Related IETF WGs:
      • TEEP: Trusted Execution Environments Provisioning
      • SUIT: Software updates for the IoT
    • Requesting security review from W3C Security group
    • Goals for next F2F and plugfest
    • Security review of the scripting API, including metadata and errors
  • Other topics
    • Review issues and other PRs
      • Next time make sure to review Jason Novak's issues

Pending Agenda Items (with Deadlines)

  • Review requirements from prioritized list of IoT systems/protocols
    • OCF, oneM2M, LwM2M, ZWave, AWS IoT/GG, etc

Future Agenda Items

  • New Use Cases
  • Review of IETF-ACE, IIC-SF, CoAP and other security models
  • Discuss use of semantic annotations for security
  • Review existing threat models eg from IIC Security Framework
  • Review of existing security models and mechanisms in target protocols
      • Get that up somewhere for people to provide input
      • Some of the threats depend on the vulnerability of the protocols
    • Review COSE (although still in draft)
    • Use main call to synchronize this activity and gather feedback
    • Create a template so we can consolidate the information
    • Identify people or groups that can look at individual target protocols and mechanisms
  • Review issues and feedback on draft documents
    • Via github issues

Resources

Meeting Minutes

2017

Security and Privacy Questionnaires, Review Forms