10:13:38 <RRSAgent> RRSAgent has joined #wot-sec
10:13:38 <RRSAgent> logging to https://www.w3.org/2019/09/09-wot-sec-irc
10:13:44 <kaz> Meeting: WoT Security
10:14:05 <kaz> present+ Michael_McCool, Elena_Reshetova, Tomoaki_Mizushima, Kaz_Ashimura
10:14:16 <kaz> topic: Quick updates
10:14:18 <kaz> (none)
10:14:24 <kaz> topic: Previous minutes
10:15:08 <kaz> -> https://www.w3.org/2019/09/02-wot-sec-minutes.html Prev minutes
10:15:20 <kaz> mm: any objections to accept the minutes?
10:15:21 <kaz> (none)
10:15:29 <kaz> mm: accept the previous minutes
10:16:18 <kaz> Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
10:16:47 <kaz> topic: Definition PR in Architecture
10:17:04 <kaz> -> https://github.com/w3c/wot-architecture/pull/384 PR 384
10:17:14 <kaz> mm: created a PR based on ISO standard definition
10:18:03 <kaz> ... ISO/IEC 2382 and ISO/IEC 27000
10:18:38 <kaz> ... put some explanatory text
10:18:56 <McCool> https://github.com/w3c/wot-architecture/pull/384/files
10:19:28 <kaz> kaz: seems the link for 2382 is wrong (same as 27000)
10:19:31 <kaz> mm: will fix it
10:19:49 <kaz> ... we'll make decision during the Architecture call on Thursday
10:20:08 <kaz> ... there is a note on PII here
10:21:14 <kaz> ... added description on information privacy as well
10:21:28 <kaz> ... ISO 2382 and ISO 29100
10:21:49 <kaz> ... and then
10:21:57 <kaz> ... security
10:22:23 <kaz> ... confidentiality, integrity and availability of information
10:22:52 <kaz> ... and then add a note "please refer to this document (ISO 27000)"
10:23:33 <kaz> ... also add a note saying " it is desirable that these properties be maintained both in normal operation and when the system is subject to attack"
10:24:15 <kaz> ... also definition of "private life"
10:24:54 <kaz> ... any comments?
10:25:11 <kaz> s/any/any other/
10:26:15 <kaz> mm: (fixes the wrong link for "ISO 2382")
10:32:09 <kaz> ... wondering if we need to add an entry to the ReSpec reference DB
10:34:09 <kaz> topic: WG Charter
10:34:52 <kaz> -> https://github.com/w3c/wot/pull/862 WG Charter PR (round 2)
10:35:17 <kaz> -> https://github.com/w3c/wot/pull/862/files Changes
10:35:30 <kaz> mm: (goes through the changes)
10:37:01 <kaz> ... how to allow access to metadata?
10:38:03 <kaz> ... changed "parties" to "users" ..
10:38:03 <kaz> s/../.../
10:38:29 <kaz> topic: Profiles
10:39:11 <McCool> https://github.com/w3c/wot-profile/issues/6
10:39:19 <kaz> er: don't really understand which profiles are for waht
10:39:24 <kaz> s/waht/what/
10:39:45 <kaz> mm: would be fixed within TD
10:40:14 <kaz> ... we're generating a document on "Requirements from WG participants for the profile"
10:41:34 <kaz> -> https://github.com/w3c/wot-profile/blob/master/REQUIREMENTS.md Requirements
10:42:40 <kaz> mm: it's just outline
10:42:49 <kaz> ... we'll discuss this during TPAC
10:42:52 <zkis__> zkis__ has joined #wot-sec
10:43:18 <kaz> ... there is a proposal to make TD less complicated
10:44:19 <kaz> ... human readability vs machine-to-machine communication
10:44:43 <kaz> er: what about security?
10:44:55 <kaz> ... we have security best practice document
10:45:08 <kaz> ... how does things relate to each other?
10:45:18 <kaz> mm: some of the combinations would make sense
10:45:45 <kaz> er: any plan to merge the best practice with this?
10:45:51 <kaz> mm: not really
10:46:09 <kaz> ... we have limitation
10:46:35 <kaz> ... but there is a relationship and we should not duplicate
10:47:08 <kaz> er: ok
10:48:14 <kaz> mm: we need to figure out developer status
10:48:43 <kaz> ... there should be a mechanism to allow "nosec" but only in a developer context
10:49:24 <kaz> er: e.g., people working within a local network
10:50:28 <kaz> mm: we have to have discussion at TPAC
10:50:36 <kaz> ... also need to find use cases
10:51:56 <kaz> er: btw, we needed to update the Architecture document with updated definition?
10:52:25 <kaz> mm: working on the original issue and newly generated definition based on the CR version of the Architecture draft
10:53:22 <kaz> ... let's discuss the detail at TPAC
10:54:53 <kaz> ... if you have any ideas, please put that on the TPAC f2f wiki
10:55:13 <kaz> er: Asian time?
10:55:25 <kaz> mm: TPAC will be held in Fukuoka, so JST
10:55:44 <kaz> ... would make sure you can make the f2f remotely
10:56:14 <kaz> ... let's meet (or talk on webex) at TPAC next week!
10:56:16 <kaz> [adjourned]
10:56:24 <kaz> rrsagent, make log public
10:56:31 <kaz> rrsagent, draft minutes
10:56:31 <RRSAgent> I have made the request to generate https://www.w3.org/2019/09/09-wot-sec-minutes.html kaz
11:00:53 <zkis> zkis has joined #wot-sec
11:02:36 <McCool> McCool has left #wot-sec
12:15:21 <Zakim> Zakim has left #wot-sec
14:15:26 <zkis> zkis has joined #wot-sec
14:47:06 <zkis> zkis has joined #wot-sec