IG Security WebConf/2020

Agendas from WoT Security TF in 2020

7 December 2020

Scribe: Oliver

• Minutes
  • 30 November 2020
• Quick Updates
• Schedule updates
• Issues and PRs
• AOB

30 November 2020

Regrets: Elena

Scribe: Kaz

• Minutes
  • 23 November 2020
• Quick Updates
• Schedule updates
• Issues and PRs
• AOB

23 November 2020

Scribe: Elena

• Minutes
  • 16 November 2020
• Quick Updates
• Publication updates
• Signing
  • https://github.com/w3c/wot-thing-description/issues/940
  • https://github.com/w3c/wot-security/issues/166
  • https://github.com/w3c/wot-profile/issues/55
• Issues and PRs
• Planning and Schedule
• AOB

16 November 2020

Scribe: Kaz

• Minutes
  • 9 November 2020
• Quick Updates
• Issues and PRs
• Planning
• AOB

9 November 2020

Scribe: Oliver

• Minutes
  • 21 September 2020
  • TPAC 2020
• Updates
• Planning
  • Next steps
  • New issues: 193 and 194
  • finalize deferred topics: LD-PROOFS, inline schemes, etc.
  • update security and privacy guidelines: oauth, lifecycles
  • consider specific guidelines for particular contexts, eg smart home, smart city (https://github.com/w3c/wot-security/issues/195)
• Issues and PRs
• AOB

28 September 2020

Cancelled due to plugfest

21 September 2020

Scribe: Oliver

• Minutes
  • 14 September 2020
• Updates
  • Minutes publishing policy - must be public for reasons
  • Lifecycle (see arch issue)
• Planning
  • Next steps, publications/updates, etc.
  • F2F agenda
  • Testing
  • Joint call topics
• Issues and PRs
• AOB

14 September 2020

Scribe: Elena

• Minutes
  • 7 September 2020
• Updates
• Issues and PRs
• AOB

7 September 2020

Scribe: Cristiano

• Minutes
  • 31 August 2020
• Updates
  • TD PRs and feedback
  • Arch lifecycle
• Directory Security
• Security Issues and PRs
• AOB

31 August 2020

Scribe: Clerley

• Minutes
  • 24 August 2020
• TD Security PRs and Issues
  • PRs
  • Issues
• Discussion topics
  • OAuth2 mandatory items - necessary or not?
  • Directory Security
  • Lifecycle Review
• Other Security Issues and PRs
• AOB

24 August 2020

Scribe: Cristiano

• Minutes
  • 17 August 2020
• Conexxus Security/Privacy Template Review
• TD PRs
  • Combination security scheme (Any/All)
  • Inline defs
  • LD-Proofs
• Discussion topics
  • OAuth2 mandatory items - necessary or not?
  • Directory Security
  • Lifecycle Review
• Other Security Issues and PRs
• AOB

17 August 2020

Scribe: Clerley

• Minutes
  • 10 August 2020
• TD Security PRs
  • OAuth2 - merged
  • LD-Proofs
  • Combination security scheme (Any/All)
  • Inline defs
• Directory Security
• Lifecycle
• Conexxus Security/Privacy
• News
  • San Diego Street Light Controversy
• AOB

10 August 2020

Scribe: Oliver

Regrets: Elena

• Minutes
  • 3 August 2020
• OAuth2 update
• Document updates
• Issue and PRs
• AOB

3 August 2020

Scribe: Clerley

• Minutes
  • 27 July 2020
• OAuth2 update
• Document updates
• Issue and PRs
• AOB

27 July 2020

Regrets: Elena

Scribe: Farshid

• Minutes
  • 20 July 2020
• OAuth2 TD update
  • review PR
• Updates to documents
  • Best practices
    • OAuth2 usage - implicit, password deprecated
  • Others?
• Deliverables
  • Documents
  • Standard vocab? Extension vocab? OAuth2 for deprecated flows
• Issue and PRs
  • TD Issue 929
• Use Case review
  • Add Security and Privacy sections to existing UCs
  • But pending conversion to HTML
• AOB

20 July 2020

Scribe: Cristiano

Regrets: Elena

• Minutes
  • 13 July 2020
• Review OAuth2 PR against TD
  • Update OAuth2 section
• Multiple OAuth2 flows
  • Issue #929 Multiple OAuth 2.0 flows in security definitions
  • Note this relates to TD issue #901
• Security issues raised in TD call July 15

1. • Issue #926 Add OAuth2 client and device flows
   • Issue #901 Clarifying use of multiple security schemes in the security term
   • Issue #922 How to describe apikey in query
   • Issue #923 How to describe Philips Hue security scheme
   • Issue #899 Managing Dynamically Created Resources in TDs
2. Binding Templates

• TD Signing
• AOB

13 July 2020

• Minutes
  • 6 July 2020
• Use cases
  • Geolocation Security and Privacy section review
• Requirements
  • Review OAuth2 flows and generate use case details and requirements
  • new PR
• AOB

6 July 2020

• Review Minutes
  • 1 June 2020
  • 22 June 2020 - F2F Security Session
• Requirements
  • Review OAuth2 flows and generate use case details and requirements
  • PR
• AOB

29 June 2020

No meeting post F2F.

22 June 2020

No regular meeting, but security session held during F2F.

15 June 2020

Cancelled due to plugfest.

8 June 2020

Cancelled due to overlap with T2TRG/WoT Workshop.

1 June 2020

Note: Today is a public holiday in Germany.

• Guests
  • Cristiano Aguzzi is now an Invited Expert
• Review Minutes
  • 25 May 2020
• Use case review
  • OAuth2 use case
  • PR: https://github.com/w3c/wot-architecture/pull/515
• Conexxus Security Document review
• F2F and Workshop preparation
• PRs
• Time permitting: review issues
• AOB

25 May 2020

• Review Minutes
  • 18 May 2020
  • 04 May 2020
• PRs
  • https://github.com/w3c/wot-security/pull/175
  • https://github.com/w3c/wot-security/pull/176
• OAuth2 Issues and flows
  • https://github.com/w3c/wot-scripting-api/issues/214
• F2F Planning
• Use case review
• Issue review
• AOB

18 May 2020

• Review Minutes
  • 11 May 2020
• End-to-end security PR #172
• Conexxus S&P review
  • https://github.com/w3c/wot-architecture/pull/500 - pending
  • https://github.com/w3c/wot-architecture/pull/501 - merged
• F2F Planning
• Use case review
• AOB

11 May 2020

• Review Minutes
  • 04 May 2020 (note: deferred to May 25)
• OAuth Requirements for Scripting
• Use case review
  • Security and Privacy considerations sections
• Lifecycle review and input
  • State definitions
• AOB

4 May 2020

• Review Minutes
  • 27 Apr 2020
• Lifecycle review and input
  • continue discussion from last week after recent updates
• Requirements template and use-case review
  • see https://github.com/w3c/wot-architecture/issues/472
    • confirm PR for 1 and 2
    • maybe start looking at steps 3 and 4
• Security Ontology Document
  • Any updates needed to security ontology?
• Issue review
  • Issue #166 - Integrity protection
    • related to LD-Proofs proposal
    • related to Issue #61
    • consider supporting DID public key references as well
  • Issue #151 - Stakeholder terminology
  • Issue #149 - SDO Reference
  • Issue #147 - Anima Reference
  • Issue #144 - E2E Security
  • Issue #135 - Maintenance/Updates in Arch
  • Issue #65 - Lifecycle to Arch
• AOB

27 Apr 2020

• Review Minutes
  • 20 Apr 2020
• Lifecycle review and input
  • Actors, authentication requirements for state changes, etc.
  • Related to Issue #148 - Fuzzy authentication
• Requirements template and use-case review
  • wot-architecture Issue #472: Request for a "security checklist"
  • Related to use-case review brought up 2020-04-20 and wot-security Issue #168
  • Need to also include any privacy considerations; look again at PING Privacy Threat Model
  • Compare with W3C Self-Review Security Questionnaire
• AOB

20 Apr 2020

• Introductions
  • Clerley Silveira from Conexxus
• Review Minutes
  • 06 Apr 2020
• Issues and PRs
  • End-to-end PR (already merged, pending edits requested): https://github.com/w3c/wot-security/pull/164
• AOB

13 Apr 2020

• No meeting - Easter Monday

6 Apr 2020

• Review Minutes
  • 30 Mar 2020
• Easter holidays...
• Scripting Review
  • Does scripting API need features to specify schemes, scopes, etc?
• Lifecycle
• Issues and PRs
  • End-to-end PR: https://github.com/w3c/wot-security/pull/164
• AOB

30 Mar 2020

• Review Minutes
  • 23 Mar 2020
• Lifecycle
  • Anima mapping
• Issues and PRs
• AOB

23 Mar 2020

• Review Minutes
  • 9 Mar 2020
• F2F Minutes - Security Session
  • 16 Mar 2020
• PING issue for feedback on privacy threat model
  • https://github.com/w3cping/privacy-threat-model/issues/17
• PRs
• Issues
• AOB

9 Mar 2020

• Review Minutes
  • 2 Mar 2020
• PING issue for feedback on privacy threat model
  • https://github.com/w3cping/privacy-threat-model/issues/17
  • Still no comments on this issue
• DID
  • Joint call proposed - to confirm timeslot in virtual F2F
  • Issue for public key references in TDs: https://github.com/w3c/wot-security/issues/161
• Review F2F plans
  • https://www.w3.org/WoT/IG/wiki/F2F_meeting,_16-19_March_2020,_Online
• PRs
• Issues
• AOB

2 Mar 2020

• Review Minutes
  • 24 Feb 2020
• Repo cleanup
  • Review changes in https://github.com/w3c/wot-security/pull/162
• PING issue for feedback on privacy threat model
  • https://github.com/w3cping/privacy-threat-model/issues/17
• DID
  • Joint call proposed - to confirm timeslot in virtual F2F
  • Issue for public key references in TDs: https://github.com/w3c/wot-security/issues/161
• Virtual F2F planning: March 16-18
  • https://www.w3.org/WoT/IG/wiki/F2F_meeting,_16-19_March_2020,_Online
• PRs
• Issues
• AOB

24 Feb 2020

• Review Minutes
  • 17 Feb 2020
• PING issue for feedback on privacy threat model
  • https://github.com/w3cping/privacy-threat-model/issues/17
• DID review
  • DID Summary Presentation
  • Joint call proposed - to confirm timeslot in virtual F2F
  • Issue for public key references in TDs: https://github.com/w3c/wot-security/issues/161
• PRs
• Issues
• AOB

17 Feb 2020

• Review Minutes
  • 10 Feb 2020
• DID review
• PING feedback
• PRs
• Issues
• AOB

10 Feb 2020

• Review Minutes
  • Jan-13 minutes
  • Jan-20 minutes
  • Feb-03 minutes
• PRs
• Issues
• AOB

3 Feb 2020

• Review Minutes
• PRs and Issues
  • Work bottom-up to try and retire older issues this time
• AOB

27 Jan 2020

• Review Minutes
• PRs and Issues
• AOB

20 Jan 2020

• Review Minutes:
  • deferred to main call
• Edge Apps
  • Security and Privacy implications
• Lifecycle
• PRs and Issues
  • MUDs
  • Privacy Threat Model
• AOB

13 Jan 2020

• Review Minutes:
  • https://www.w3.org/2019/12/16-wot-sec-minutes.html
• Lifecycle
  • Further discussion in Architecture (first call)
• Discovery
  • Privacy and security considerations
• PRs and Issues
• AOB