12:00:43 <RRSAgent> RRSAgent has joined #wot-sec
12:00:47 <RRSAgent> logging to https://www.w3.org/2023/07/31-wot-sec-irc
12:00:52 <kaz> meeting: WoT Security
12:01:17 <kaz> present+ Kaz_Ashimura, Michael_McCool, Mahda_Noura
12:03:40 <kaz> present+ Tomoaki_Mizushima
12:04:09 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#31_July_2023
12:05:00 <kaz> scribenick: mahda
12:05:33 <McCool_> McCool_ has joined #wot-sec
12:06:27 <kaz> topic: Minutes
12:06:39 <kaz> ->https://www.w3.org/2023/07/24-wot-sec-minutes.html July-24
12:07:04 <Mizushima> Mizushima has joined #wot-sec
12:09:10 <kaz> https://github.com/w3ctag/design-reviews
12:10:09 <kaz> s|https://github.com/w3ctag/design-reviews||
12:10:15 <kaz> topic: TAG review on Profile
12:10:45 <kaz> -> https://github.com/w3ctag/design-reviews/issues/818 w3ctag/design-reviews issue 818 - Web of Things (WoT) Profile - Review Requested
12:11:44 <kaz> kaz: how to deal with that?
12:12:00 <kaz> mm: would talk about this during the Planning session of the main call
12:12:31 <kaz> topic: Requirements
12:13:21 <mahda> mm: for security and discovery do a survey of the current risks we have in the guideline documents
12:13:37 <kaz> i|for|-> https://github.com/w3c/wot/blob/main/PRESENTATIONS/2023-07-WoT-Planning-UseCases.pdf Use Cases and Requirements|
12:13:42 <kaz> rrsagent, make log public
12:13:46 <kaz> rrsagent, draft minutes
12:13:47 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
12:13:54 <mahda> ...to make sure things are consistent and then to integrate it within the use case requirement
12:14:31 <kaz> s/use case requirement/use cases and requirements/
12:15:51 <kaz> -> https://github.com/w3c/wot-security/issues/209 wot-security issue 209 - Update "Security and Privacy Guidelines" prior to 2023 PR transitions
12:15:59 <kaz> (McCool adds some comments)
12:17:14 <mahda> mm: the issue in self-discovery on LAN, if encyrption is not used in the LAN, everyone has access to TD's
12:17:52 <kaz> i|the issue|-> https://w3c.github.io/wot-discovery/#security-consideration-lan-self-discovery WoT Discovery ED - 8.3 Self-Discovery on LANs|
12:18:02 <kaz> rrsagent, draft minutes
12:18:04 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
12:19:24 <kaz> -> https://w3c.github.io/wot-discovery/#privacy-consideration-location-tracking WoT Discovery ED -9.1 Location Tracking and Profiling
12:19:45 <mahda> mm: tracking and profiling are the same thing, mainly used for covering the same term used across the document
12:21:23 <kaz> q+
12:23:04 <kaz> ack k
12:23:12 <mahda> kaz: in the agenda: we would like to pickup the most important requirement in e.g., the discovery
12:23:43 <mahda> mm: we want requirements that mitigate risk appropriately, we need to tie the risks to the use cases that are most critical
12:24:13 <kaz> s/in the agenda: we would like to pickup the most important requirement in e.g., the discovery/Just to make sure, we're picking up dome of the important requirements from the WoT Discovery specification as the basis of the next Charter discussion. Right?/
12:24:15 <mahda> ...surveying what we have as risk and make sure the list is up to date and then to tie the risks to the use case
12:24:26 <kaz> s/we want/Yes, We want/
12:24:38 <kaz> rrsagent, draft minutes
12:24:39 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
12:26:39 <mahda> mm: some names in the security and privacy titles need to be reformulated to be more clear
12:27:59 <mahda> mm: he gathers the privacy and security items mentioned in the discovery, Thing Description and Architecture documentation
12:30:21 <kaz> s/he ga/(ga/
12:30:30 <kaz> s/documentation/documentation)/
12:30:31 <kaz> rrsagent, draft minutes
12:30:33 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
12:30:45 <McCool_> https://w3c.github.io/wot-security/
12:31:14 <kaz> s|https://w3c.github.io/wot-security/|-> https://w3c.github.io/wot-security/ Web of Things (WoT) Security and Privacy Guidelines ED|
12:31:17 <kaz> rrsagent, draft minutes
12:31:18 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
12:32:12 <mahda> mm: a unified list of threats are required in the wot-security, and duplicates should be removed
12:35:10 <mahda> ...a starting point should be correct linking
12:36:02 <kaz> q+
12:36:48 <mahda> ...we should consider updating the wot-threat-model-threats file
12:37:54 <mahda> ...any ideas on how we can clean this up?
12:38:29 <mahda> kaz: picking up some of the existing pieces, but in the next chater we need to look into additional potential use cases from the industry
12:38:33 <kaz> ack k
12:38:56 <mahda> mm: sure
12:39:41 <mahda> kaz: we should summarize the current information which is good then work on potential use case
12:40:34 <mahda> mm: the aim is to have everything in one place, a challenge is that the names are not self-explanatory, we need to have single set of threats that cross-reference them
12:40:48 <mahda> ...in the long term, we have to decide where to put the information
12:41:44 <kaz> s/we should summarize the current information which is good then work on potential use case/I'm OK with this direction, but in addition, we should clarify we'd like work on this using 2-step approach, (1 summarizing the current information from the existing WoT specs and (2) work on potential use cases for further discussion./
12:41:47 <kaz> rrsagent, draft minutes
12:41:48 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
12:42:06 <kaz> s/the aim is/Yes, the aim/
12:42:15 <kaz> s/aim to/aim is to/
12:42:17 <kaz> rrsagent, draft minutes
12:42:18 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
12:44:00 <mahda> ...the problem with going with use case forward is that there is alot of work
12:45:49 <mahda> mm: lets go through the documents and link them
12:46:51 <mahda> mm: issue created for creating anchors for threats: https://github.com/w3c/wot-security/issues/222
12:47:32 <mahda> mm: he will create anchors for each of the threats
12:48:03 <kaz> s/ he will/(McCool will/
12:48:10 <kaz> s/threats/threats)/
12:48:14 <kaz> rrsagent, draft minutes
12:48:15 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
12:56:51 <mahda> kaz: you can create a list that can be formatted as a table
12:59:28 <kaz> s/you can create a list that can be formatted as a table/My suggestion is using unordered lists with CSS style instead of table, but it would take some time to convert all the tables. So we can simply add "id" to <tr> or <th> within the tables./
13:00:07 <kaz> -> https://stackoverflow.com/questions/13824918/how-to-style-my-unordered-list-like-a-table fyi, How to style my unordered list like a table?
13:01:45 <mahda> mm: from next week the meeting will take place one hour later
13:02:33 <kaz> i/from/topic: Next call/
13:03:29 <kaz> [adjourned]
13:03:32 <kaz> rrsagent, draft minutes
13:03:33 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
14:01:42 <kaz> chair: McCool
14:01:43 <kaz> rrsagent, draft minutes
14:01:44 <RRSAgent> I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz
15:03:42 <Zakim> Zakim has left #wot-sec