IRC log of wot-sec on 2022-08-22

Timestamps are in UTC.

12:04:06 [RRSAgent]
RRSAgent has joined #wot-sec
12:04:06 [RRSAgent]
logging to https://www.w3.org/2022/08/22-wot-sec-irc
12:04:15 [kaz]
meeting: WoT Security
12:04:48 [kaz]
present+ Kaz_Ashimura, Michael_McCool, Jiye_Park
12:05:11 [kaz]
agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Discovery_WebConf#27_June_2022
12:05:37 [kaz]
s|agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Discovery_WebConf#27_June_2022||
12:07:54 [kaz]
present+ Tomoaki_Mizushima
12:09:00 [citrullin]
citrullin has joined #wot-sec
12:09:33 [citrullin]
I can do it
12:09:43 [citrullin]
My microphone is broken, I know...
12:10:15 [McCool]
McCool has joined #wot-sec
12:10:31 [citrullin]
@McCool I can do it. My microphone is just broken.
12:10:43 [citrullin]
topic: Minutes
12:10:47 [kaz]
scribenick: citrullin
12:11:19 [citrullin]
mm: Can we use Zoom instead of WebEx?
12:11:40 [citrullin]
mm: I would like to use Zoom for next week. Kaz, can you look into it?
12:12:01 [citrullin]
kaz: Siemens had some issues with Zoom, that's what why we use WebEx for now.
12:12:13 [kaz]
s/what why/why/
12:12:14 [citrullin]
mm: Let's just discuss it in the main call.
12:13:28 [kaz]
s/Siemens/I can provide a Zoom call if needed. However, Siemens and some other participants/
12:13:28 [citrullin]
Minutes -> https://www.w3.org/2022/08/08-wot-sec-minutes.html
12:13:55 [citrullin]
mm: Any objections for the minutes? No objections.
12:14:57 [citrullin]
topic: policy-like security and privacy assertions
12:15:08 [citrullin]
WIP: Adjust policy-like security and privacy assertions -> https://github.com/w3c/wot-architecture/issues/824
12:15:49 [kaz]
agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#22_August_2022
12:19:22 [citrullin]
kaz: There are several options here. We have to clarify what assertion has to be covered and what not.
12:20:00 [citrullin]
mm: There are things you can test well and there are things like this that are not testable.
12:21:28 [citrullin]
Some discussion between kaz and mm about different scripting api implementations.
12:22:19 [citrullin]
and how to organize the testing/not-testing/manual-assertions
12:26:27 [kaz]
s/different scripting api implementations/how to handle the assertions marked by the RFC2119 keywords within the WoT Architecture spec/
12:27:22 [kaz]
-> https://w3c.github.io/wot-architecture/#sec-security-consideration-device-direct-access WoT Architecture - Section 10.2.2 Physical Device Direct Access Risk as an example which includes RFC 2119 keywords
12:29:45 [citrullin]
mm: I don't want to do major restructuring here. So, my conclusions are that these are manual testable. So we could keep them.
12:30:32 [citrullin]
mm changes description of #824 -> https://github.com/w3c/wot-architecture/issues/824
12:34:06 [citrullin]
mm: the security credential storage part isn't well defined. Securely stored can be interpreted in different ways. There is also a non capitalized assumption.
12:34:26 [citrullin]
mm: 10.3.2 needs some work.
12:37:00 [citrullin]
mm: except for those points, the other things should be verifiable.
12:37:27 [citrullin]
mm: We probably have to mark it at risk anyway.
12:39:30 [citrullin]
mm: If we have a private network with more than 2 devices, it's not limited. mTLS would be great in those situations. Pre-shared keys also works.
12:41:58 [citrullin]
mm: 10.4 should not be a problem to test.
12:43:41 [citrullin]
mm: I am wondering if we have overlaps in the assumptions.
12:46:50 [citrullin]
mm changes the descripton of #824
12:48:51 [citrullin]
mm: We may have to remove 11.1.1, because it is, more or less, dublicated.
12:50:43 [citrullin]
mm: If we use a wot directory to hold the TDs. WoT TD has features like access control etc. in order to stop not authorized access.
12:51:33 [citrullin]
mm: Discovery is designed to cover these topics.
12:52:17 [citrullin]
mm: I am fine with leaving it in though and it is testable.
12:54:09 [citrullin]
mm: 11.2 overlaps a a little with the previous assertions. It's testable.
12:55:18 [citrullin]
mm: 11.2 may conflict with some assertions in the TD. Some assertions may be softer in the TD.
12:55:32 [citrullin]
mm: I am going to double check, if this is the case.
12:59:53 [kaz]
[adjourned]
13:00:04 [kaz]
rrsagent, make log public
13:00:09 [kaz]
rrsagent, draft minutes
13:00:09 [RRSAgent]
I have made the request to generate https://www.w3.org/2022/08/22-wot-sec-minutes.html kaz
14:35:12 [Zakim]
Zakim has left #wot-sec