IG Security WebConf

From Web of Things Interest Group
Jump to: navigation, search

WebConf Information

Mondays at 8am US Eastern / 2pm Europe / 9pm Japan

WebEx

IRC

The IRC is used for the minutes, speaker queue, and sharing links etc.

Schedule

  • Second draft: ?
    • Would like to have something new to discuss at Prague 2018 plugfest.

Agenda

Apr 23, 2018

Apr 16, 2018

  • Review of minutes from last meeting(s)
  • Review topology of plugfest scenarios
  • Review updated security metadata proposal
    • merge PR if appropriate
  • Review issues and other PRs
    • Especially Jason Novak's issues

Apr 9, 2018

  • Review of minutes from last meeting(s)
  • NDSS DISS workshop paper: updates to publication version
  • Updated "security metadata" PR
  • Update master with working
  • Planning: What Next?
    • Lifecycle: overall vs. security-specific
    • Testing and validation: https://github.com/w3c/wot/pull/439
    • Industrial and enterprise use case discussion (ACLs? Roles and profiles? Root of trust? TPMs?)
    • More updates to security metadata: roles, profiles, scopes, other schemes
    • Related IETF WGs:
      • TEEP: Trusted Execution Environments Provisioning
      • SUIT: Software updates for the IoT
    • Requesting security review from W3C Security group
    • Goals for next F2F and plugfest
    • Security review of the scripting API, including metadata and errors
  • Other topics
    • Review issues and other PRs
      • Next time make sure to review Jason Novak's issues

Pending Agenda Items (with Deadlines)

  • Review requirements from prioritized list of IoT systems/protocols
    • OCF, oneM2M, LwM2M, ZWave, AWS IoT/GG, etc

Future Agenda Items

  • New Use Cases
  • Review of IETF-ACE, IIC-SF, CoAP and other security models
  • Discuss use of semantic annotations for security
  • Review existing threat models eg from IIC Security Framework
  • Review of existing security models and mechanisms in target protocols
      • Get that up somewhere for people to provide input
      • Some of the threats depend on the vulnerability of the protocols
    • Review COSE (although still in draft)
    • Use main call to synchronize this activity and gather feedback
    • Create a template so we can consolidate the information
    • Identify people or groups that can look at individual target protocols and mechanisms
  • Review issues and feedback on draft documents
    • Via github issues

Resources

Meeting Minutes

2017

Security and Privacy Questionnaires, Review Forms