IRC log of wot-sp on 2015-10-01
Timestamps are in UTC.
- 13:01:17 [RRSAgent]
- RRSAgent has joined #wot-sp
- 13:01:17 [RRSAgent]
- logging to http://www.w3.org/2015/10/01-wot-sp-irc
- 13:01:24 [dsr]
- chair: Oliver
- 13:01:44 [dsr]
- meeting: Security task force
- 13:02:37 [dsr]
- scribenick: dsr
- 13:04:05 [dsr]
- present: Oliver, Dave, Ari, Yingying
- 13:04:39 [dsr]
- Oliver shares his screen showing the agenda
- 13:06:04 [dsr]
- agenda: https://lists.w3.org/Archives/Public/public-wot-ig/2015Sep/0074.html
- 13:06:17 [dsr]
- Any agenda change requests? [no]
- 13:06:45 [dsr]
- Topic: Security and Privacy Landscape
- 13:06:48 [dsr]
- See https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means
- 13:07:35 [dsr]
- There is a list of some 17 technoogy items covered.
- 13:07:50 [dsr]
- s/technoogy/technology/
- 13:08:52 [dsr]
- Oliver invites additions to the table of technologies for the current state of the art.
- 13:10:39 [dsr]
- He reviews the mechanisms listed at https://www.w3.org/WoT/IG/wiki/Design-Time_Security%26Privacy_Means#Mechanisms
- 13:12:07 [dsr]
- We distinguish evolution stages in security and privacy technologies: classic (invented before 2010), new and future (invted > 2015)
- 13:12:57 [dsr]
- Oliver suggests that we formally ask the IG as a whole for a review.
- 13:13:56 [dsr]
- The conclusion session text is now complete, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#Conclusions
- 13:14:46 [dsr]
- Oliver proposes to to give us a short overview
- 13:16:00 [dsr]
- We need standards to ensure that different vendors can create interoperable software.
- 13:17:06 [dsr]
- He introduces the section on inclusion of physical goods, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#Inclusion_of_Physical_Goods
- 13:17:15 [dsr]
- rrsagent, set logs public
- 13:18:15 [dsr]
- We need new standards relating to authorisation of discovery, management and software updates.
- 13:18:51 [dsr]
- In respect to origin/heritage, security and privacy for the IoT is still a work in progress.
- 13:19:43 [dsr]
- What are the impacts of security technology choices on the architecture of WoT products and solutions.
- 13:20:19 [dsr]
- Oliver draws out attention to the state of the art section, see https://www.w3.org/WoT/IG/wiki/Landscape_of_Security%26Privacy_Means#State-of-the-Art
- 13:20:41 [dsr]
- s/out/our/
- 13:21:28 [dsr]
- Oliver notes that he has cut down the text leaving the details on the respective wiki pages
- 13:22:13 [dsr]
- s/pages/sections/
- 13:23:45 [dsr]
- The report then looks at clusters of requirements, e.g. privacy, authentication, authorisation, secure commuication and storage, provisioning and credentialing.
- 13:24:25 [dsr]
- This is followed by the conclusions.
- 13:24:41 [dsr]
- The document is around 4 pages long.
- 13:25:04 [dsr]
- Oliver wants to invite review from the IG mailing list.
- 13:25:46 [dsr]
- Perhaps with one to two weeks for reviewers to send comments.
- 13:27:03 [dsr]
- Dave: sounds like a good ideas. We also should seek ways to encourage more people to participate in this task force.
- 13:27:47 [dsr]
- Oliver: perhaps the people representing the companies in the IG don’t include many security experts, but those companies should have securit experts that they can consult.
- 13:28:56 [dsr]
- Dave: this is something the proposed communications strategy task force could help.
- 13:29:36 [dsr]
- Oliver: the first step is to check that the work has a meaning for existing IG members, and after that to look at further outreach beyond current IG people.
- 13:30:21 [dsr]
- Dave: any idea for where and when we will address resiliency which itself is a broad topic?
- 13:31:56 [dsr]
- Oliver: I want to review the IIC materials after TPAC and come back to resilience at the start of 2016
- 13:32:17 [dsr]
- Dave: we should discuss the roadmap during the October face to face.
- 13:33:22 [dsr]
- Oliver: so I will email the list tomorrow to initiate the review and encourage people to involve security experts in their respective companies.
- 13:33:56 [dsr]
- Topic: SP Requirements
- 13:35:09 [dsr]
- This will require a lot of time, I propose to leave this as it is see https://www.w3.org/WoT/IG/wiki/Security%26Privacy_Requirements_Catalogue
- 13:35:26 [dsr]
- Oliver has a few days vacation to take.
- 13:36:08 [dsr]
- He proposes to initiate study of use cases and emerging requirements after the face to face
- 13:36:41 [dsr]
- That’s all I wanted to cover today, any comments?
- 13:37:10 [dsr]
- Topic: F2F preparation
- 13:37:42 [dsr]
- Joerg asked each task force to prepare a short status report for the October face to face.
- 13:41:23 [dsr]
- Discussion has started on requirements, but is going slow right now. We have a complete document for the requirements catalogue. The landscape is in good shape. We’re waiting for the IIC security reference architecture. We’ve discussed run-time means.
- 13:42:14 [dsr]
- We’ve also initiated discussion on authorisation in relationship to discovery.
- 13:42:48 [dsr]
- We’ve plans for the compilation of the technology landscape.
- 13:44:01 [dsr]
- In respect to proposals for discussion at TPAC, Oliver plans to focus on the landscape work, both at the overview level and the technical building blocks.
- 13:45:28 [dsr]
- It would be good to discuss ideas for introducing security into future work on plugfests.
- 13:47:25 [dsr]
- Oliver would like to do some work use cases, but feels that this would take too much time. So he proposes to use the face to face to prepare that work.
- 13:47:36 [dsr]
- present+ Michael
- 13:48:06 [dsr]
- Michael: I am trying to bring in fresh people and to get involved with the security work. The process looks good.
- 13:49:49 [dsr]
- Oliver: we can also discuss security etc. in the W3C/T2TRG meeting
- 13:50:38 [dsr]
- Topic: Any other business
- 13:51:11 [dsr]
- Oliver: we won’t have a call on Oct 29, nor on Oct 15 (when I will be on vacation)
- 13:52:51 [dsr]
- Dave: suggests dropping the calls, but try to use the existing calls to draw attention to the review of the SP materials.
- 13:53:08 [dsr]
- Oliver ask if Dave could handle that in his absence.
- 13:53:11 [dsr]
- Dave: sure
- 13:54:23 [dsr]
- Oliver: okay we will next meet in Japan.
- 13:54:28 [dsr]
- … end of meeting …
- 13:54:36 [dsr]
- rrsagent, make minutes
- 13:54:36 [RRSAgent]
- I have made the request to generate http://www.w3.org/2015/10/01-wot-sp-minutes.html dsr
- 14:56:57 [Yingying]
- Yingying has joined #wot-sp
- 15:32:59 [Yingying]
- Yingying has joined #wot-sp
- 15:34:16 [dsr]
- dsr has joined #wot-sp
- 15:55:15 [Yingying]
- Yingying has joined #wot-sp
- 16:01:48 [Yingying]
- Yingying has joined #wot-sp