IRC log of wot-sec on 2017-10-09

Timestamps are in UTC.

12:02:25 [RRSAgent]

RRSAgent has joined #wot-sec

12:02:25 [RRSAgent]

logging to http://www.w3.org/2017/10/09-wot-sec-irc

12:03:05 [kaz]

meeting: WoT IG - Security

12:03:33 [kaz]

present+ Kaz_Ashimura, Michael_McCool, Dave_Raggett, Elena_Reshetova, Zoltan_Kis

12:03:48 [kaz]

Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda

12:04:41 [kaz]

https://www.w3.org/WoT/IG/wiki/WG_WoT_Thing_Description_WebConf#Agenda

12:05:40 [kaz]

FP Notes

12:05:46 [kaz]

s/Notes/Note/

12:05:53 [kaz]

and updated Notes

12:06:45 [kaz]

topic: Release Timeline (as a W3C WG Note)

12:06:51 [kaz]

s/WG //

12:07:12 [kaz]

present+ Soumya_Kanti_Datta

12:08:01 [Soumya]

Soumya has joined #wot-sec

12:08:04 [kaz]

mm: publication schedule

12:08:11 [kaz]

... this is a Note

12:08:30 [kaz]

... distinction on the state of the doc

12:08:33 [Mizushima]

Mizushima has joined #wot-sec

12:09:14 [kaz]

... working version and release version

12:09:32 [kaz]

kaz: clarification

12:09:42 [kaz]

mm: would like to publish a first one before TPAC

12:10:00 [kaz]

er: when is TPAC?

12:10:06 [kaz]

kaz: the week of Nov. 6

12:10:40 [kaz]

mm: would like to prepare the release candidate within 2 weeks

12:11:05 [kaz]

... first draft for the FP Note in 2 weeks from now

12:11:13 [kaz]

... Oct. 24

12:11:22 [kaz]

... working -> master

12:12:29 [kaz]

... and W3C Note: Oct 31 roughly - ready for TPAC Nov. 6

12:13:08 [kaz]

... (mm checks Elena's availability)

12:13:29 [kaz]

... 2nd draft: end of Dec

12:13:33 [kaz]

s/Nov. 6/Nov 6/

12:14:45 [kaz]

... Dec 19 (Tue)

12:14:51 [kaz]

... tentatively

12:15:09 [kaz]

... after that: roughly every 2 months

12:16:01 [kaz]

... FYI, NDSS deadline Nov 14

12:16:43 [kaz]

... and the NDSS workshop Feb 18

12:17:03 [kaz]

... IEEE proposal was rejected

12:17:33 [kaz]

... I'll be making presentation and need your input for NDSS workshop

12:17:50 [kaz]

... (going back to the publication schedule)

12:18:00 [kaz]

... 3rd draft: early Feb

12:18:05 [kaz]

er: might be problematic to m

12:18:11 [kaz]

s/to m/to me/

12:19:15 [kaz]

mm: 3rd draft: early Feb (e.g., Feb 15 for NDSS; Elena may not be available)

12:19:32 [kaz]

... (records the above in the wiki)

12:19:35 [McCool]

Release Timeline (W3C Note) First Draft - 2wks from now, Oct 24 (working -> master) W3C Note: FP Note (Oct 31 roughly) - ready for TPAC Nov 6 Second draft: Dec 19 (Tues) Third draft: early Feb (eg Feb 15 for NDSS; Elena may not be available) After that: roughly every two months update

12:19:59 [kaz]

i/after that/kaz: note on the automatic publication system/

12:20:07 [kaz]

topic: Issues

12:20:46 [kaz]

s/Issues/Pull requests/

12:20:47 [kaz]

https://github.com/w3c/wot-security/pull/30

12:20:51 [kaz]

topic: Issues

12:20:59 [kaz]

https://github.com/w3c/wot-security/issues

12:21:11 [kaz]

er: submitted proposal for section 5

12:21:19 [kaz]

... agreement?

12:21:36 [kaz]

... seems there is some difference

12:21:46 [kaz]

... need to change the basic assumption?

12:22:14 [kaz]

-> https://rawgit.com/w3c/wot-security/working/index.html#examples-of-wot-security-configurations Section 5

12:22:31 [kaz]

er: ok with this approach?

12:23:34 [kaz]

mm: as long as you're clear with the example, should be ok

12:24:14 [kaz]

er: referring to a couple of RFCs

12:24:59 [kaz]

... don't want to repeat the descriptions already done by others

12:25:00 [kaz]

... e.g., OCF

12:25:35 [kaz]

mm: architecture documents include similar things

12:25:42 [kaz]

... bunch of use cases

12:27:10 [kaz]

... maybe you could add links referring to the architecture document

12:27:31 [kaz]

er: might be a bit different set

12:27:59 [kaz]

mm: another point you mentioned is OCF

12:28:39 [kaz]

... WoT client can talk with an OCF device

12:29:30 [kaz]

... is there a case in which the device doesn't handle WoT TD?

12:30:37 [kaz]

... one possibility is a Thing itself provides TD

12:31:01 [kaz]

... or another Thing could provide the TD for the Thing

12:31:30 [kaz]

er: can add some description

12:31:59 [McCool]

q?

12:32:01 [kaz]

q+

12:32:26 [kaz]

mm: OK with this Editor's Note (Fill in the protocols"

12:32:34 [kaz]

s/protocols"/protocols)/

12:33:20 [kaz]

present+ Tomoaki_Mizushima

12:33:47 [kaz]

er: any configuration different is important and to be described from security viewpoint

12:34:00 [kaz]

... would people to submit ideas

12:34:11 [kaz]

mm: we should proceed with some obvious scenarios

12:34:18 [kaz]

... not too much stuff

12:34:52 [kaz]

... in this scenario (Fig 3)

12:35:02 [kaz]

... what if we have a gateway

12:35:23 [kaz]

... there might be some additional security issue with, e.g., caching

12:35:43 [kaz]

... need to expand the example to include other possible scenarios

12:36:31 [kaz]

er: btw, the cloud is cut off in Fig 5

12:36:49 [kaz]

... will work with section 5 tomorrow

12:36:53 [kaz]

q?

12:37:07 [kaz]

mm: we should fix the figure references

12:37:59 [kaz]

... once you add links to the threats, take a look at the definition

12:39:28 [kaz]

kaz: will we add links to the architecture doc from section 5?

12:39:32 [kaz]

mm: we should do so

12:40:02 [kaz]

... 1-to-1 link

12:40:15 [kaz]

kaz: do you want to add an Editor's note on that?

12:40:46 [kaz]

mm: (looks at the draft)

12:40:59 [kaz]

... starting with the section "1. Introduction"

12:41:09 [kaz]

... will add a link to the WoT Architecture document

12:41:30 [kaz]

... terminology section also should refer to the Architecture document

12:41:40 [kaz]

i/mm:/mm: as appropriate/

12:42:20 [kaz]

ack k

12:43:03 [kaz]

mm: still missing content for several sections

12:43:06 [kaz]

er: e.g., 4.2

12:43:17 [kaz]

mm: ok with those sections at the moment

12:43:36 [kaz]

... should add several abstract sentences, though

12:43:49 [kaz]

... OK for the first public Note

12:44:28 [kaz]

... might be going to fix up the formatting for the table

12:44:38 [kaz]

... to make it consistence

12:44:44 [kaz]

s/consistence/consistent/

12:45:29 [kaz]

... let's go back to the issues

12:45:40 [kaz]

topic: Issues

12:45:43 [kaz]

-> https://github.com/w3c/wot-security/issues Issues

12:46:08 [kaz]

mm: Elena has done some edits

12:46:17 [kaz]

https://github.com/w3c/wot-security/issues/29

12:47:33 [kaz]

mm: we have bunch of things with the scenarios

12:47:50 [kaz]

mm: we've done the abstract

12:47:57 [kaz]

https://github.com/w3c/wot-security/issues/17

12:48:46 [kaz]

-> https://rawgit.com/w3c/wot-security/working/index.html#abstract abstract

12:50:05 [kaz]

mm: the abstract is clean enough

12:50:22 [kaz]

kaz: you'll add a link to the Architecture document. right?

12:50:24 [kaz]

mm: yes

12:51:05 [kaz]

... closes issue 17

12:51:35 [kaz]

... and create another issue "Align with Architecture document"

12:52:07 [kaz]

https://github.com/w3c/wot-security/issues/35

12:52:42 [kaz]

mm: would like to clean up the document for the first publication within 2 weeks

12:53:12 [kaz]

topic: issue 34

12:53:15 [kaz]

-> https://github.com/w3c/wot-security/issues/34 issue 34

12:53:38 [kaz]

dsr: using WebSocket for Eventing

12:54:00 [kaz]

mm: do you agree with Elena?

12:54:02 [kaz]

dsr: yes

12:54:27 [kaz]

i|Should we have a case for this explained in the "Examples of WoT security configurations" section of the security doc? Seems like a good logical place to describe this case and also talk about the measures

12:54:35 [kaz]

i|yes|Should we have a case for this explained in the "Examples of WoT security configurations" section of the security doc? Seems like a good logical place to describe this case and also talk about the measures|

12:54:53 [kaz]

er: need to clarify concrete mechanism

12:55:18 [kaz]

... please add description and pictures if possible

12:55:25 [kaz]

... actual security mitigation, etc.

12:55:38 [kaz]

dsr: wanted to stimulate the discussion

12:56:19 [kaz]

mm: willing to provide concrete text?

12:56:50 [kaz]

s/text/Pullrequest/

12:56:53 [kaz]

dsr: yes

12:57:03 [kaz]

er: possible new section 5.5

12:57:25 [kaz]

mm: what kind of figure? SVG?

12:57:45 [kaz]

er: please follow the examples from Matthias

12:59:24 [kaz]

mm: good to follow align with existing practices in this space

13:00:00 [kaz]

s|Matthias|Matthias (wot-security/images)|

13:00:28 [kaz]

topic: Issue on privacy

13:00:36 [kaz]

mm: would like to add another issue on privacy

13:00:48 [kaz]

er: we can add a separate section

13:01:09 [kaz]

... but still need to update the threat model section

13:02:12 [kaz]

... should add links to the points we need to consider

13:02:19 [kaz]

q+

13:03:33 [kaz]

kaz: possibly a guy from DAS WG who attended TPAC in Lisbon?

13:03:40 [kaz]

sk: can hep as well

13:03:59 [kaz]

ack k

13:05:18 [kaz]

mm: (can't find Soumya on the list)

13:06:01 [kaz]

mm: who is the guy from DAS?

13:06:03 [kaz]

kaz: @@@

13:06:48 [kaz]

mm: updates the issue

13:07:17 [kaz]

sk: question on NDSS paper

13:07:50 [kaz]

... can join the effort as well

13:07:51 [kaz]

mm: tx

13:08:24 [kaz]

i|-> https://github.com/w3c/wot-security/issues/36 Issue 36|

13:08:44 [kaz]

sk: we should have some template

13:08:59 [kaz]

mm: let's have discussion next week

13:09:19 [kaz]

... (adds a topic on that for the next meeting)

13:09:28 [kaz]

[adjourned]

13:09:42 [kaz]

rrsagent, make log public

13:09:46 [kaz]

rrsagent, draft minutes

13:09:46 [RRSAgent]

I have made the request to generate http://www.w3.org/2017/10/09-wot-sec-minutes.html kaz

13:19:12 [elena]

elena has joined #wot-sec

13:29:21 [zkis]

zkis has joined #wot-sec

15:09:53 [Zakim]

Zakim has left #wot-sec

16:50:43 [elena]

elena has joined #wot-sec

18:46:39 [zkis]

zkis has joined #wot-sec

18:51:56 [elena]

elena has joined #wot-sec