13:01:17 RRSAgent has joined #wot-sp 13:01:17 logging to http://www.w3.org/2015/10/01-wot-sp-irc 13:01:24 chair: Oliver 13:01:44 meeting: Security task force 13:02:37 scribenick: dsr 13:04:05 present: Oliver, Dave, Ari, Yingying 13:04:39 Oliver shares his screen showing the agenda 13:06:04 agenda: https://lists.w3.org/Archives/Public/public-wot-ig/2015Sep/0074.html 13:06:17 Any agenda change requests? [no] 13:06:45 Topic: Security and Privacy Landscape 13:06:48 See https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means 13:07:35 There is a list of some 17 technoogy items covered. 13:07:50 s/technoogy/technology/ 13:08:52 Oliver invites additions to the table of technologies for the current state of the art. 13:10:39 He reviews the mechanisms listed at https://www.w3.org/WoT/IG/wiki/Design-Time_Security%26Privacy_Means#Mechanisms 13:12:07 We distinguish evolution stages in security and privacy technologies: classic (invented before 2010), new and future (invted > 2015) 13:12:57 Oliver suggests that we formally ask the IG as a whole for a review. 13:13:56 The conclusion session text is now complete, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#Conclusions 13:14:46 Oliver proposes to to give us a short overview 13:16:00 We need standards to ensure that different vendors can create interoperable software. 13:17:06 He introduces the section on inclusion of physical goods, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#Inclusion_of_Physical_Goods 13:17:15 rrsagent, set logs public 13:18:15 We need new standards relating to authorisation of discovery, management and software updates. 13:18:51 In respect to origin/heritage, security and privacy for the IoT is still a work in progress. 13:19:43 What are the impacts of security technology choices on the architecture of WoT products and solutions. 13:20:19 Oliver draws out attention to the state of the art section, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#State-of-the-Art 13:20:41 s/out/our/ 13:21:28 Oliver notes that he has cut down the text leaving the details on the respective wiki pages 13:22:13 s/pages/sections/ 13:23:45 The report then looks at clusters of requirements, e.g. privacy, authentication, authorisation, secure commuication and storage, provisioning and credentialing. 13:24:25 This is followed by the conclusions. 13:24:41 The document is around 4 pages long. 13:25:04 Oliver wants to invite review from the IG mailing list. 13:25:46 Perhaps with one to two weeks for reviewers to send comments. 13:27:03 Dave: sounds like a good ideas. We also should seek ways to encourage more people to participate in this task force. 13:27:47 Oliver: perhaps the people representing the companies in the IG don’t include many security experts, but those companies should have securit experts that they can consult. 13:28:56 Dave: this is something the proposed communications strategy task force could help. 13:29:36 Oliver: the first step is to check that the work has a meaning for existing IG members, and after that to look at further outreach beyond current IG people. 13:30:21 Dave: any idea for where and when we will address resiliency which itself is a broad topic? 13:31:56 Oliver: I want to review the IIC materials after TPAC and come back to resilience at the start of 2016 13:32:17 Dave: we should discuss the roadmap during the October face to face. 13:33:22 Oliver: so I will email the list tomorrow to initiate the review and encourage people to involve security experts in their respective companies. 13:33:56 Topic: SP Requirements 13:35:09 This will require a lot of time, I propose to leave this as it is see https://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements_Catalogue 13:35:26 Oliver has a few days vacation to take. 13:36:08 He proposes to initiate study of use cases and emerging requirements after the face to face 13:36:41 That’s all I wanted to cover today, any comments? 13:37:10 Topic: F2F preparation 13:37:42 Joerg asked each task force to prepare a short status report for the October face to face. 13:41:23 Discussion has started on requirements, but is going slow right now. We have a complete document for the requirements catalogue. The landscape is in good shape. We’re waiting for the IIC security reference architecture. We’ve discussed run-time means. 13:42:14 We’ve also initiated discussion on authorisation in relationship to discovery. 13:42:48 We’ve plans for the compilation of the technology landscape. 13:44:01 In respect to proposals for discussion at TPAC, Oliver plans to focus on the landscape work, both at the overview level and the technical building blocks. 13:45:28 It would be good to discuss ideas for introducing security into future work on plugfests. 13:47:25 Oliver would like to do some work use cases, but feels that this would take too much time. So he proposes to use the face to face to prepare that work. 13:47:36 present+ Michael 13:48:06 Michael: I am trying to bring in fresh people and to get involved with the security work. The process looks good. 13:49:49 Oliver: we can also discuss security etc. in the W3C/T2TRG meeting 13:50:38 Topic: Any other business 13:51:11 Oliver: we won’t have a call on Oct 29, nor on Oct 15 (when I will be on vacation) 13:52:51 Dave: suggests dropping the calls, but try to use the existing calls to draw attention to the review of the SP materials. 13:53:08 Oliver ask if Dave could handle that in his absence. 13:53:11 Dave: sure 13:54:23 Oliver: okay we will next meet in Japan. 13:54:28 … end of meeting … 13:54:36 rrsagent, make minutes 13:54:36 I have made the request to generate http://www.w3.org/2015/10/01-wot-sp-minutes.html dsr 14:56:57 Yingying has joined #wot-sp 15:32:59 Yingying has joined #wot-sp 15:34:16 dsr has joined #wot-sp 15:55:15 Yingying has joined #wot-sp 16:01:48 Yingying has joined #wot-sp