W3C

- DRAFT -

Security and Privacy task force

03 Sep 2015

Agenda

See also: IRC log

Attendees

Present
Oliver, Dave, Arne, Carsten, Claes, Dan, Yingying, Darshak, Thakore
Regrets
Chair
Oliver
Scribe
dsr

Contents

<scribe> scribenick: dsr

Feedback on kick-starting the discussion of "Things Discovery

Oliver summarises where we are in respect to authorisation for discovery, see https://www.w3.org/WoT/IG/wiki/Things_Discovery_Authorization

We have a draft problem statement

Oliver intoduces the section on the state of the art

… and the IT security perspective

We need to elaborate with further details

Oliver invites comments from the people on the call

The most important point it is that we can easily formulate the problem statement, but the rest will be harder.

Carsten: the act of discovery discloses privacy related info, and hence can require authorisation

We have discovery involving other parties, and also cold discovery …

Oliver: my suggestion is to invite volunteers to assist with rewriting/extending the wiki text

Carsten volunteers to help

Oliver: the problem statement should be short
... I would suggest that the discovery task force take the lead on this

Oliver asks if Carsten can make his input on the wiki within one week

Carsten: we could also help with filling in the security perspective based on our experience in the IETF

Status and next steps for SP Landscape

see: https://www.w3.org/WoT/IG/wiki/Design-Time_Security%26Privacy_Means#Mechanisms

Please take a look and provide any feedback you may have

I did some restructuring

The old version was perhaps too bottom up. We now start with the main findings and then add details by way of explanations.

The text in the table is in some cases a little long

… or is missing

I would like you to review the mechanisms and to see if there are missing technologies that should be added here. Right now we have around 17 technologies

Oliver asks for feedback within the next 2 weeks if at all possible.

Has anybody had a chance to look at this so far? [no]

He distinguishes classic, new and future technologies on the basis of existing standards and the date they were introduced

We have less clear understanding of new technologies, so need to get back to the authors to clarify things as needed

My aim is to have a full review in two weeks or so

Oliver asks for comments from people on the call [none]

Status and next steps for SP Requirements

See https://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements_Catalogue

I am in touch with the other task forces to seek input on use cases with security requirements.

Oliver: my aim is to finalise our report at the next face to face (in Sapporo)

Who plans to attend?

Carsten: yes

Dave: yes

Dave reminds people to register for TPAC see http://www.w3.org/2015/10/TPAC/

Oliver: any other business for today? [none]

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/09/03 13:45:19 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/SP/SP Landscape/
Succeeded: s/mechanisms/technologies/
Succeeded: s/time/date/
Found ScribeNick: dsr
Inferring Scribes: dsr
Present: Oliver Dave Arne Carsten Claes Dan Yingying Darshak Thakore
Agenda: https://lists.w3.org/Archives/Public/public-wot-ig/2015Sep/0001.html
Got date from IRC log name: 03 Sep 2015
Guessing minutes URL: http://www.w3.org/2015/09/03-wot-sp-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
[End of scribe.perl diagnostic output]