IG Security WebConf/2018
From Web of Things Interest Group
Agendas for the WoT Security TF from 2018.
Contents
- 1 Dec 31, 2018 (New Year's Eve)
- 2 Dec 24, 2018 (Christmas Eve)
- 3 Dec 17, 2018
- 4 Dec 3, 2018
- 5 Nov 26, 2018
- 6 Nov 19, 2018
- 7 Nov 12, 2018
- 8 Nov 5, 2018
- 9 Oct 29, 2018
- 10 Oct 22, 2018
- 11 Oct 15, 2018
- 12 Oct 8, 2018
- 13 Sept 17, 2018
- 14 Sept 10, 2018
- 15 Sept 3, 2018
- 16 Aug 27, 2018
- 17 Aug 20, 2018
- 18 Aug 13, 2018
- 19 Aug 6, 2018
- 20 July 30, 2018
- 21 July 23, 2018
- 22 June 25, 2018
- 23 June 11, 2018
- 24 June 4, 2018
- 25 May 28, 2018
- 26 May 21, 2018
- 27 May 14, 2018
- 28 May 7, 2018
- 29 Apr 30, 2018
- 30 Apr 23, 2018
- 31 Apr 16, 2018
- 32 Apr 9, 2018
Dec 31, 2018 (New Year's Eve)
No meeting
Dec 24, 2018 (Christmas Eve)
No meeting
Dec 17, 2018
- Review of minutes from previous meetings
- Publication Status
- Security and Privacy Considerations - published Dec 3
- New Security and Privacy Considerations section not in published TD spec
- Is PR for Arch document security considerations section
- Runtime considerations
- https://github.com/w3c/wot-architecture/pull/63
- Scripting API PR outstanding
- https://github.com/w3c/wot-scripting-api/pull/155
- Runtime considerations to be taken out (IF added to arch...)
- Documentation planning
- Best practices: w3c/wot-security-best-practices
- Testing plan: w3c/wot-security-testing-plan
- Implementation Report
- Security gaps
- Schedule review
- External reviews?
- Other Issues and PRs
Dec 3, 2018
- Review of minutes from previous meetings
- Publication status
- Implementation Report
- New documents
- Security Best practices
- Security Test plan
- Scripting API Considerations
- Runtime Considerations
- Other Issues and PRs
Nov 26, 2018
- Review of minutes from previous meetings
- Publication status
- Testing and Validation
- Security plan (required deliverable)
- Issues
Nov 19, 2018
- Review of minutes from previous meetings
- Publication status
- Scripting API Security and Privacy Considerations PR (Elena)
- Testing and Validation
- Issues
Nov 12, 2018
- Review of minutes from previous meetings
- Update on publication status
- New meeting time: discuss
- Update on pending PRs
- Security definitions got merged... but not done...
- Still a problem with strings vs. objects in "security"
- Other PRs that were ready... did not get merged due to conflicts (fixed)
- Scopes example updated: regular -> limited
- Security definitions got merged... but not done...
- Candidate for Scripting API security considerations section (Elena)
- Testing
Nov 5, 2018
- Review of minutes from previous meetings
- Update on publication status
- Meeting time
- Do we have a doodle to see if there is a better time?
- Review of summary presentation at TPAC
- New PRs and Issues:
- TD security considerations
- new clause for privacy and @context dereferences
- https://github.com/w3c/wot-thing-description/pull/207
- cleanup: https://github.com/w3c/wot-thing-description/pull/265
- Includes making top-level "security" mandatory which somehow never got merged...
- securityDefinitions: https://github.com/w3c/wot-security/issues/120 and https://github.com/w3c/wot-thing-description/pull/277
- removal of Url postfixes: https://github.com/w3c/wot-security/issues/119 and https://github.com/w3c/wot-thing-description/pull/268
- scopes example: https://github.com/w3c/wot-thing-description/issues/217 and https://github.com/w3c/wot-thing-description/pull/269
- TD security considerations
- CR/PR Requirements
- Testing
- Functional testing
- Adversarial testing
- Other topics
Oct 29, 2018
- Cancelled, post-TPAC recovery
Oct 22, 2018
- Online meeting cancelled, at TPAC
Oct 15, 2018
- Review of minutes from last meeting
- Status of W3C Note publication
- TPAC and plugfest planning
- Best practices document
- Object security
- COSE, JOSE, and OSCORE (Koster)
- Security consideration sections
- Thing Description (McCool)
- Scripting API (Reshetova)
- Action item review
- Issue and PR review
- Other issues
Oct 8, 2018
- Review of minutes from last meeting
- Status of W3C Note publication
- Object security
- COSE, JOSE, and OSCORE (Koster)
- Secure multicast
- Security consideration sections
- Thing Description (McCool)
- Scripting API (Reshetova)
- Action item review
- Issue and PR review
- Other issues
Sept 17, 2018
- Review of minutes from last meeting
- Online plugfest
- Review of test plan and implementations
- Best practices document review and testing
- Action item review
- Issue and PR review
- Other issues
Sept 10, 2018
- Review of minutes from last meeting
- Security and Privacy Considerations: to resolve if ready to publish
- TD Security and Privacy Considerations
- Rough draft: TD PR207
- Online plugfest
- Security call will be held that week as normal; before plugfest starts, technically
- Best practices document review and testing
- Action item review
- Issue and PR review
- Other issues
Sept 3, 2018
- Review of minutes from last meeting
- Final review of updated Security and Privacy Considerations
- Small fixes: Sec PR116
- TD Security and Privacy Considerations
- Rough draft: TD PR207
- Best practice document review
- Issue and PR review
- Other issues
Aug 27, 2018
- Review of minutes from last meeting
- W3C Permissions update: https://github.com/mmccool/w3c-permissions-2018
- English cleanup PR112: https://github.com/w3c/wot-security/pull/112
- Best practices: https://github.com/w3c/wot-security/blob/master/wot-security-best-practices.md
- Other issues
Aug 20, 2018
- Guest: Xiaoru Li, Baidu
- Reviewed IG patent policy for the record...
- Review of minutes from last meeting
- Extra meetings at TPAC early in the week?
- New DTLS schemes: cert, public
- MQTT Security (wrt DTLS security schemes)
- W3C Permissions: application submitted
- Other issues
Aug 13, 2018
- Review of minutes from last meeting
- Review W3C Permissions application
- PR108 Security Scenarios
- DTLS Security
- Best practices
- Other issues and PRs
- Other business
Aug 6, 2018
- Review of minutes from last meeting
- W3C Permissions Workshop
- TD Update Review
- Testing (Fuzz testing, DTLS)
- Best practices (brainstorming)
- Planning: next steps
- Other issues and PRs
- Other business
July 30, 2018
- Review of minutes from last meeting
- PR 107: Document Restructuring
- Testing plan: security section
- TD Updates (psk and none schemes)
- Making "security" mandatory
- Planning: next steps
- Other issues and PRs
- Other business
July 23, 2018
- Review of minutes from last meeting
- Plugfest and F2F Recap (if necessary)
- Security Definitions Proposal
- PR 107: Document Restructuring
- Review other issues and PRs
- Other business
June 25, 2018
- Review of minutes from last meeting(s)
- Plugfest and F2F Prep
- Next release
- External validation
- IIC
- W3C Web Security IG
- Review other issues and PRs
- Other business
June 11, 2018
- Review of minutes from last meeting(s)
- Privacy
- Review Privacy threat mitigations
- Plugfest/F2F/TPAC Preparation
- Planning
- Action items
- Next release
- Review other issues and PRs
- Other business
June 4, 2018
- Review of minutes from last meeting(s)
- Review Security Metadata PR for Thing Description
- Clarify purpose of security metadata
- Discuss criteria for inclusion of scheme in core vocabulary
- Privacy
- Review Privacy threat mitigations
- Plugfest/F2F/TPAC Preparation
- Review other issues and PRs
- Other business
May 28, 2018
- Review of minutes from last meeting(s)
- Review PRs
- Plugfest/F2F/TPAC Preparation
- Conflicts w/ TPAC: Linux Security Summit Europe (Oct 25-26)
- Review issues
- Other business
May 21, 2018
- Review of minutes from last meeting(s)
- Review PRs
- Plugfest/F2F/TPAC Preparation
- Review issues
- Other business
May 14, 2018
- (X) Review of minutes from last meeting(s)
- Review PRs
- Privacy
- Tunneling
- TD Security Vocabulary
- Online Test System - Intel
- Review issues
- Other business
May 7, 2018
- (X) Review of minutes from last meeting(s)
- Review PRs
- Review issues
- Other business
Apr 30, 2018
- Review of minutes from last meeting(s)
- Events for signaling lifecycle transitions, eg destroying an object
- Review PRs
- Review issues
- Other business
Apr 23, 2018
- Review of minutes from last meeting(s)
- PR89: Improving section 6 based on F2F discussions and scenarios
- PR88: Updates to Security Metadata Proposal
- Review other issues
- Other business
Apr 16, 2018
- Review of minutes from last meeting(s)
- Review topology of plugfest scenarios
- Review updated security metadata proposal
- merge PR if appropriate
- Review issues and other PRs
- Especially Jason Novak's issues
Apr 9, 2018
- Review of minutes from last meeting(s)
- NDSS DISS workshop paper: updates to publication version
- Final camera-ready version due April 10 (tomorrow)
- https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-diss-008.pdf
- Already uploaded, but have (tiny) window left to make corrections
- Updated "security metadata" PR
- Simple JSON-LD 1.1 changes
- Changes to as/ts/rs keywords
- https://github.com/w3c/wot-security/pull/88
- Update master with working
- Planning: What Next?
- Lifecycle: overall vs. security-specific
- Testing and validation: https://github.com/w3c/wot/pull/439
- Industrial and enterprise use case discussion (ACLs? Roles and profiles? Root of trust? TPMs?)
- More updates to security metadata: roles, profiles, scopes, other schemes
- Related IETF WGs:
- TEEP: Trusted Execution Environments Provisioning
- SUIT: Software updates for the IoT
- Requesting security review from W3C Security group
- Goals for next F2F and plugfest
- Security review of the scripting API, including metadata and errors
- Other topics
- Review issues and other PRs
- Next time make sure to review Jason Novak's issues
- Review issues and other PRs
