<McCool> TPAC post-mortem - Action Elena to create issue for feedback points
mccool: during TPAC joined HTTPS local breakout, IoT security breakout and joint session with Web payment IG
<scribe> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda agenda
mccool: generating a paper for NDSS workshop
... introduction section doesn't include WoT introduction, there is a separate section for that
... made up some themes
-> https://github.com/mmccool/ndss-wot-sec McCool's write-up
mccool: targetting the "decentralized security" focus
[[
Vulnerability scanning using metadata: There is both risk and opportunity.
End-to-end secure adaptation: translate payloads in secure endpoints, not at bridges.
Secure semantic searches: How do we ensure only authorized Things are searched when using federated semantic searches?
Metadata for distributed security and payment mechanisms: Blockchain, Interledger, etc.
]]
mccool: how to know the rights to access the DB for TD?
... we need to have some kind of extension to semantic search
... and how exactly to do that?
... also interested in distributed security and payments
... interledger-based payments
... payment for IoT systems
... various other mechanism to handle tokens
... look into the PDF of the paper
-> https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-wot-sec.pdf PDF of the paper
elena: what specific for WoT?
mccool: we can look for some authentication mechanism
... people may not use HTTPS
... e.g., we don't put actual version information for the hardware
... distributed mechanism
elena: there are many views for distributed security
... potentially different security models
mccool: goes through the TeX file
... metadata for security mechanisms
... add subsection structure
... what kind of authentication mechanism?
... (updates the PDF)
elena: wondering about the title
(some discussion)
mccool: changes the title to "Distributed Security Risks and Opportunities in the W3C Web of Things"
elena: what is the selling point of the paper
mccool: within a few days, I can fill in the Introduction section
... add comments to the "Related Work" section
... best practices in IoT that are "common" to WOT
... and that we will not focus on
elena: better to have "Related Work" after explaining the background of WoT
... make sure you include some of the diagrams
... note there are some notes on the LaTex template
... also please break up the content instead one big file
... background section should be helpful for people to understand our work
... Matthias may have ideas on use case scenarios
... will contact him
... so far the content is in my repo
... have not considered security for scripting because scripting is mainly related within the servient
... the topics for scripting is common IoT security (so far)
<McCool> please publish prev minutes
kaz: btw, the prev minutes ok?
mccool: yes
mccool: mccool for section I. Introduction
... elena for section II. Web of Things
... maybe we can check the progress on Friday, Nov. 17th?
... can provide Intel bridge for that purpose