See also: IRC log
<scribe> scribenick: kaz
mccool: review of prev minutes, draft
publication, schedule, issues, workshop
... TPAC agenda and PlugFest objectives
elena: next week?
mccool: yes
... so no meeting on Nov. 6
mccool: goes through the
minutes
... various issues
... one clarification
... working branch was deleted
... merged into the main master branch
elena: and started new work on the working branch
mccool: ok
... master branch staying clean is important for TPAC
discussion
... goes through issues
... I'm ok with the minutes
elena: fine by me as well
RESOLUTION: prev minutes accepted
mccool: working branch is not gone but merged
kaz: will fix that point
mccool: we've done the
preparation
... kaz, can you work for the publication?
kaz: will send a transition
request to the project manager
... and check the document using check tools
... and then talk with the Webmaster
mccool: possible pub date on Nov. 16?
kaz: yes, let's aim that
... if there is any problem, I'll get back to you
mccool: updates the schedule
mccool: master is updated version for
TPAC
... feel free to provide pull requests but the master branch
should be clean
elena: Matthias's comments?
mccool: he's busy so maybe
difficult
... during TPAC, there are three things
... plugfest, security features as part of my
contribution
... trying to work with HTTPS
... authentication using OAuth
... in conjunction with Amazon Alexa as well
... any prototype of implementations for TPAC?
elena: thinking about practical
implementations
... example use cases for section 5
... not sure how to collect information at the moment,
though
mccool: add topics for "TODO:
Security Features" from his slides
... WoT0McCoolPOC(007).pptx
elena: now we have a very basic one
mccool: Use Cases from PlugFest
... additional lower-level "patterns" or "system
configurations"
... some information at:
https://github.com/w3c/wot/tree/master/plugfest/2017-burlingame
... we can discuss the document
... you'd do a presentation on the current status?
... you can add people about possible additional system
configuration
elena: section 5 is good to go
... examples of security mechanisms
mccool: want a document
... e.g., Intel POC includes HTTPS, SSH tunnel for NAT
traversal, OAuth, CoAPS locally
... shows the current configuration
... [1.5 Metadata Bridging]
... metadata bridge
... and HTTPS bridge
... relays the NAT tunnel
... good HTTPS access to the system here (at the local
network)
... correct setup for remote access
... and also local access
... HTTP connection is not so nice
... would try HTTPS end point
... thing directory is a SPARQL end point
... global HTTP endpoint and local HTTP endpoint
... that's my configuration
elena: local HTTP
... local network is not so secure
... may be some acceptable scenario, though
mccool: right
... IP address not visible globally
... how to set up a local HTTPS bridge?
... now working with Edison
... not fully OCF 1.1 compliant
... may be able to use CoAPS, though
... not fantastically secure yet
elena: lack of setting up a local
HTTPS server
... question of protocols
mccool: many possible ways
... issues: local certs for HTTPS?
... let's Encrypt/certbot does not work; cert renewal (need
certibot)
... there is a CG working on local HTTPS
kaz: we can talk with them during TPAC
mccool: yeah
... AVS server needs to talk with these guys
... (showing [2. Semantic Voice Control])
... any other certificate issues?
... look into "HTTPS Local CG"
... authenticated, encrypted, securely identified
endpoints
... HTTPS + OAuth
... the connection is encrypted
... probably not locally...
mccool: regarding security
... should mention...
... Wednesday, in addition to the regular topics
... we'll have a joint session with Payments/Security
... also joint meeting on Thursday with Web Commerce
elena: wondering about the timezone
mccool: California time
... asking a speakerphone
... morning should be better for you
elena: Monday is fine
... but something on Tuesday
mccool: you're listed here on Monday
in the morning (in California)
... also summary of security work in the afternoon on
Monday
... feedback on section 5
... I can do it if not good for you
... Tuesday morning, 1.5 hours for security
<McCool> please delete the above line before email is published
mccool: and Wednesday
... introduction to WoT for Security guys
... will generate some short presentation for that purpose
skipping
mccool: busy with POC work
... you input welcome
... will write the paper after TPAC
mccool: anything else?
(none)
mccool: no meeting on Nov. 6
<McCool> but there will be one the week after that
<McCool> Nov 13
mccool: next meeting on Nov. 13
[adjourned]