W3C

- DRAFT -

WoT Security

13 Nov 2017

Attendees

Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
kaz

Contents


TPAC discussion

<McCool> TPAC post-mortem - Action Elena to create issue for feedback points

NDSS paper

mccool: during TPAC joined HTTPS local breakout, IoT security breakout and joint session with Web payment IG

<scribe> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda agenda

mccool: generating a paper for NDSS workshop
... introduction section doesn't include WoT introduction, there is a separate section for that
... made up some themes

-> https://github.com/mmccool/ndss-wot-sec McCool's write-up

mccool: targetting the "decentralized security" focus

[[

Vulnerability scanning using metadata: There is both risk and opportunity.

End-to-end secure adaptation: translate payloads in secure endpoints, not at bridges.

Secure semantic searches: How do we ensure only authorized Things are searched when using federated semantic searches?

Metadata for distributed security and payment mechanisms: Blockchain, Interledger, etc.

]]

mccool: how to know the rights to access the DB for TD?
... we need to have some kind of extension to semantic search
... and how exactly to do that?
... also interested in distributed security and payments
... interledger-based payments
... payment for IoT systems
... various other mechanism to handle tokens
... look into the PDF of the paper

-> https://github.com/mmccool/ndss-wot-sec/blob/master/ndss-wot-sec.pdf PDF of the paper

elena: what specific for WoT?

mccool: we can look for some authentication mechanism
... people may not use HTTPS
... e.g., we don't put actual version information for the hardware
... distributed mechanism

elena: there are many views for distributed security
... potentially different security models

mccool: goes through the TeX file
... metadata for security mechanisms
... add subsection structure
... what kind of authentication mechanism?
... (updates the PDF)

elena: wondering about the title

(some discussion)

mccool: changes the title to "Distributed Security Risks and Opportunities in the W3C Web of Things"

elena: what is the selling point of the paper

mccool: within a few days, I can fill in the Introduction section
... add comments to the "Related Work" section
... best practices in IoT that are "common" to WOT
... and that we will not focus on

elena: better to have "Related Work" after explaining the background of WoT
... make sure you include some of the diagrams
... note there are some notes on the LaTex template
... also please break up the content instead one big file
... background section should be helpful for people to understand our work
... Matthias may have ideas on use case scenarios
... will contact him
... so far the content is in my repo
... have not considered security for scripting because scripting is mainly related within the servient
... the topics for scripting is common IoT security (so far)

previous minutes

prev minutes

<McCool> please publish prev minutes

kaz: btw, the prev minutes ok?

mccool: yes

paper again

mccool: mccool for section I. Introduction
... elena for section II. Web of Things
... maybe we can check the progress on Friday, Nov. 17th?
... can provide Intel bridge for that purpose

Summary of Action Items

Summary of Resolutions

    [End of minutes]

    Minutes formatted by David Booth's scribe.perl version 1.147 (CVS log)
    $Date: 2017/11/21 02:55:32 $