Meeting minutes
agenda
Lagally: (goes through the agenda)
… anything to be added?
(none)
minutes
Lagally: (goes through the minutes)
… wondering about the Issue 809
McCool: need some time to fix it
… please assign that to me
… need to fix it by CR transition anyway
Issue 809 - Fix normative references / convert to informative, where applicable
McCool: will do that immediately after this call
Lagally: (creates another issue 828 on "Prepare CR publication" and adds a label of "by CR transition" to it)
<mlagally> https://
Issues
Issue 820
<mlagally> https://
closed
Issue 818
<mlagally> https://
Consider whether this makes more sense as a Note [TAG feedback]
Lagally: (adds comments)
… discussion about the scope and the future deliverables
… in the next Charter period
… during the TPAC meeting
(closed)
Kaz: depending on the response from TAG, would suggest again we have a joint discussion with them
McCool: e.g., we can invite them to our TPAC meeting
Kaz: could you please try to contact Daniel Appelquist and Amy Guy?
<mlagally> https://
Discovery-related issues
McCool: we can apply another label of considering to be closed
issues with "close next week" label
McCool: next week, we'll discuss issues around the next Charter
Issue 824
Issue 824 - Adjust policy-like security and privacy assertions
McCool: (describes the situation)
… Security TF has not discussed this yet
… would suggest we review the updated draft during the CR period
… changed a lot of things
… e.g., "isolation" is a vague word
… we really care is untrusted code out of the sandbox
… anyway, I don't want to ask people to do something impossible
Kaz: continuing the review during the CR period is ok
… but we need to make sure there would not be any changes which have impacts for implementations
McCool: right
… there should not be any impacts
PR 827
Revise Security and Privacy assertions
(fixes the issue 824)
Lagally: "isolated" execution environments environments is now "sandboxed" execution
McCool: this has much longer text after it
… about data access
Lagally: about security and data protection
McCool: yes
… private data protection is important here
… btw, typo there...
Lagally: (adds comments about that)
… (around line 4172)
… remove "perform"
(still pending status, though)
Lagally: link to the WoT Security and Privacy Guidelines?
McCool: can add an anchor there
(around line 4204)
McCool: next point is the word of "guarantee"
… which means "SHOULD"
(around line 4296)
McCool: then around line 4608/4604
… MUST to be SHOULD
… mutable IDs required for some use cases
(around line 4613/4609, "required to" to be "should")
(around 4617/1613, MUST to be SHOULD)
(around 4619/4615, "cannot" to be "should not")
McCool: we can remove some of the text, though
… you can add a suggestion using the GitHub interface
Lagally: (adds a suggestion)
McCool: line 4614-4616 (on the right side) to be removed
Kaz: what about the other lower-case "should" sentences?
… like line 4609 on the right side?
… I'm OK with removing them, but we should make sure about our policy at this stage
McCool: right
… also we can add a text mentioning lower-case keywords are not assertions withing the RFC2119 description section
Lagally: (around line 4620, "should not use nosec" to be "should use access control")
… (then shows the preview)
preview: section 2. Conformance
McCool: the question is that the text here comes from ReSpec automatically
… I'm OK with either merging this and add fix later, or wait to fix them
Lagally: ok to merge?
(no objections)
merged
Tag review issues
Issue 817
Issue 817 - Review for unnecessary normative statements [TAG feedback]
Lagally: (adds comments)
… several normative statements have been weakened from "MUST" to "SHOULD"
… specifically in the security section
… also some of the redundant assertions have been removed
… group-wide review will be done when the implementation report is done
… collecting testing inputs and we'll see which assertions need to be identified as "at risk"
McCool: for CR transition, we need to identify feature at risk
new issue 829 - Provide implementation report on architecture for node-wot
Resolution for CR candidate
McCool: need to make a resolution
<mlagally> proposal: submit the current editors draft as CR candidate and ask for group-wide review
RESOLUTION: submit the current editors draft as CR candidate and ask for group-wide review
[adjourned]