See also: IRC log
<scribe> scribenick: dsr
Oliver shares his screen showing the agenda
Any agenda change requests? [no]
See https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means
There is a list of some 17 technology items covered.
Oliver invites additions to the table of technologies for the current state of the art.
He reviews the mechanisms listed at https://www.w3.org/WoT/IG/wiki/Design-Time_Security%26Privacy_Means#Mechanisms
We distinguish evolution stages in security and privacy technologies: classic (invented before 2010), new and future (invted > 2015)
Oliver suggests that we formally ask the IG as a whole for a review.
The conclusion session text is now complete, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#Conclusions
Oliver proposes to to give us a short overview
We need standards to ensure that different vendors can create interoperable software.
He introduces the section on inclusion of physical goods, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#Inclusion_of_Physical_Goods
We need new standards relating to authorisation of discovery, management and software updates.
In respect to origin/heritage, security and privacy for the IoT is still a work in progress.
What are the impacts of security technology choices on the architecture of WoT products and solutions.
Oliver draws our attention to the state of the art section, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#State-of-the-Art
Oliver notes that he has cut down the text leaving the details on the respective wiki sections
The report then looks at clusters of requirements, e.g. privacy, authentication, authorisation, secure commuication and storage, provisioning and credentialing.
This is followed by the conclusions.
The document is around 4 pages long.
Oliver wants to invite review from the IG mailing list.
Perhaps with one to two weeks for reviewers to send comments.
Dave: sounds like a good ideas. We also should seek ways to encourage more people to participate in this task force.
Oliver: perhaps the people representing the companies in the IG don’t include many security experts, but those companies should have securit experts that they can consult.
Dave: this is something the proposed communications strategy task force could help.
Oliver: the first step is to check that the work has a meaning for existing IG members, and after that to look at further outreach beyond current IG people.
Dave: any idea for where and when we will address resiliency which itself is a broad topic?
Oliver: I want to review the IIC materials after TPAC and come back to resilience at the start of 2016
Dave: we should discuss the roadmap during the October face to face.
Oliver: so I will email the list tomorrow to initiate the review and encourage people to involve security experts in their respective companies.
This will require a lot of time, I propose to leave this as it is see https://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements_Catalogue
Oliver has a few days vacation to take.
He proposes to initiate study of use cases and emerging requirements after the face to face
That’s all I wanted to cover today, any comments?
Joerg asked each task force to prepare a short status report for the October face to face.
Discussion has started on requirements, but is going slow right now. We have a complete document for the requirements catalogue. The landscape is in good shape. We’re waiting for the IIC security reference architecture. We’ve discussed run-time means.
We’ve also initiated discussion on authorisation in relationship to discovery.
We’ve plans for the compilation of the technology landscape.
In respect to proposals for discussion at TPAC, Oliver plans to focus on the landscape work, both at the overview level and the technical building blocks.
It would be good to discuss ideas for introducing security into future work on plugfests.
Oliver would like to do some work use cases, but feels that this would take too much time. So he proposes to use the face to face to prepare that work.
Michael: I am trying to bring in fresh people and to get involved with the security work. The process looks good.
Oliver: we can also discuss security etc. in the W3C/T2TRG meeting
Oliver: we won’t have a call on Oct 29, nor on Oct 15 (when I will be on vacation)
Dave: suggests dropping the calls, but try to use the existing calls to draw attention to the review of the SP materials.
Oliver ask if Dave could handle that in his absence.
Dave: sure
Oliver: okay we will next meet in Japan.
… end of meeting …
This is scribe.perl Revision: 1.140 of Date: 2014-11-06 18:16:30 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/technoogy/technology/ Succeeded: s/out/our/ Succeeded: s/pages/sections/ Found ScribeNick: dsr Inferring Scribes: dsr Present: Oliver Dave Ari Yingying Michael Agenda: https://lists.w3.org/Archives/Public/public-wot-ig/2015Sep/0074.html Got date from IRC log name: 01 Oct 2015 Guessing minutes URL: http://www.w3.org/2015/10/01-wot-sp-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]