IRC log of wot-sec on 2022-08-22
Timestamps are in UTC.
- 12:04:06 [RRSAgent]
- RRSAgent has joined #wot-sec
- 12:04:06 [RRSAgent]
- logging to https://www.w3.org/2022/08/22-wot-sec-irc
- 12:04:15 [kaz]
- meeting: WoT Security
- 12:04:48 [kaz]
- present+ Kaz_Ashimura, Michael_McCool, Jiye_Park
- 12:05:11 [kaz]
- agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Discovery_WebConf#27_June_2022
- 12:05:37 [kaz]
- s|agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Discovery_WebConf#27_June_2022||
- 12:07:54 [kaz]
- present+ Tomoaki_Mizushima
- 12:09:00 [citrullin]
- citrullin has joined #wot-sec
- 12:09:33 [citrullin]
- I can do it
- 12:09:43 [citrullin]
- My microphone is broken, I know...
- 12:10:15 [McCool]
- McCool has joined #wot-sec
- 12:10:31 [citrullin]
- @McCool I can do it. My microphone is just broken.
- 12:10:43 [citrullin]
- topic: Minutes
- 12:10:47 [kaz]
- scribenick: citrullin
- 12:11:19 [citrullin]
- mm: Can we use Zoom instead of WebEx?
- 12:11:40 [citrullin]
- mm: I would like to use Zoom for next week. Kaz, can you look into it?
- 12:12:01 [citrullin]
- kaz: Siemens had some issues with Zoom, that's what why we use WebEx for now.
- 12:12:13 [kaz]
- s/what why/why/
- 12:12:14 [citrullin]
- mm: Let's just discuss it in the main call.
- 12:13:28 [kaz]
- s/Siemens/I can provide a Zoom call if needed. However, Siemens and some other participants/
- 12:13:28 [citrullin]
- Minutes -> https://www.w3.org/2022/08/08-wot-sec-minutes.html
- 12:13:55 [citrullin]
- mm: Any objections for the minutes? No objections.
- 12:14:57 [citrullin]
- topic: policy-like security and privacy assertions
- 12:15:08 [citrullin]
- WIP: Adjust policy-like security and privacy assertions -> https://github.com/w3c/wot-architecture/issues/824
- 12:15:49 [kaz]
- agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#22_August_2022
- 12:19:22 [citrullin]
- kaz: There are several options here. We have to clarify what assertion has to be covered and what not.
- 12:20:00 [citrullin]
- mm: There are things you can test well and there are things like this that are not testable.
- 12:21:28 [citrullin]
- Some discussion between kaz and mm about different scripting api implementations.
- 12:22:19 [citrullin]
- and how to organize the testing/not-testing/manual-assertions
- 12:26:27 [kaz]
- s/different scripting api implementations/how to handle the assertions marked by the RFC2119 keywords within the WoT Architecture spec/
- 12:27:22 [kaz]
- -> https://w3c.github.io/wot-architecture/#sec-security-consideration-device-direct-access WoT Architecture - Section 10.2.2 Physical Device Direct Access Risk as an example which includes RFC 2119 keywords
- 12:29:45 [citrullin]
- mm: I don't want to do major restructuring here. So, my conclusions are that these are manual testable. So we could keep them.
- 12:30:32 [citrullin]
- mm changes description of #824 -> https://github.com/w3c/wot-architecture/issues/824
- 12:34:06 [citrullin]
- mm: the security credential storage part isn't well defined. Securely stored can be interpreted in different ways. There is also a non capitalized assumption.
- 12:34:26 [citrullin]
- mm: 10.3.2 needs some work.
- 12:37:00 [citrullin]
- mm: except for those points, the other things should be verifiable.
- 12:37:27 [citrullin]
- mm: We probably have to mark it at risk anyway.
- 12:39:30 [citrullin]
- mm: If we have a private network with more than 2 devices, it's not limited. mTLS would be great in those situations. Pre-shared keys also works.
- 12:41:58 [citrullin]
- mm: 10.4 should not be a problem to test.
- 12:43:41 [citrullin]
- mm: I am wondering if we have overlaps in the assumptions.
- 12:46:50 [citrullin]
- mm changes the descripton of #824
- 12:48:51 [citrullin]
- mm: We may have to remove 11.1.1, because it is, more or less, dublicated.
- 12:50:43 [citrullin]
- mm: If we use a wot directory to hold the TDs. WoT TD has features like access control etc. in order to stop not authorized access.
- 12:51:33 [citrullin]
- mm: Discovery is designed to cover these topics.
- 12:52:17 [citrullin]
- mm: I am fine with leaving it in though and it is testable.
- 12:54:09 [citrullin]
- mm: 11.2 overlaps a a little with the previous assertions. It's testable.
- 12:55:18 [citrullin]
- mm: 11.2 may conflict with some assertions in the TD. Some assertions may be softer in the TD.
- 12:55:32 [citrullin]
- mm: I am going to double check, if this is the case.
- 12:59:53 [kaz]
- [adjourned]
- 13:00:04 [kaz]
- rrsagent, make log public
- 13:00:09 [kaz]
- rrsagent, draft minutes
- 13:00:09 [RRSAgent]
- I have made the request to generate https://www.w3.org/2022/08/22-wot-sec-minutes.html kaz
- 14:35:12 [Zakim]
- Zakim has left #wot-sec