IRC log of wot-sec on 2023-07-31

Timestamps are in UTC.

12:00:43 [RRSAgent]

RRSAgent has joined #wot-sec

12:00:47 [RRSAgent]

logging to https://www.w3.org/2023/07/31-wot-sec-irc

12:00:52 [kaz]

meeting: WoT Security

12:01:17 [kaz]

present+ Kaz_Ashimura, Michael_McCool, Mahda_Noura

12:03:40 [kaz]

present+ Tomoaki_Mizushima

12:04:09 [kaz]

agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#31_July_2023

12:05:00 [kaz]

scribenick: mahda

12:05:33 [McCool_]

McCool_ has joined #wot-sec

12:06:27 [kaz]

topic: Minutes

12:06:39 [kaz]

->https://www.w3.org/2023/07/24-wot-sec-minutes.html July-24

12:07:04 [Mizushima]

Mizushima has joined #wot-sec

12:09:10 [kaz]

https://github.com/w3ctag/design-reviews

12:10:09 [kaz]

s|https://github.com/w3ctag/design-reviews||

12:10:15 [kaz]

topic: TAG review on Profile

12:10:45 [kaz]

-> https://github.com/w3ctag/design-reviews/issues/818 w3ctag/design-reviews issue 818 - Web of Things (WoT) Profile - Review Requested

12:11:44 [kaz]

kaz: how to deal with that?

12:12:00 [kaz]

mm: would talk about this during the Planning session of the main call

12:12:31 [kaz]

topic: Requirements

12:13:21 [mahda]

mm: for security and discovery do a survey of the current risks we have in the guideline documents

12:13:37 [kaz]

i|for|-> https://github.com/w3c/wot/blob/main/PRESENTATIONS/2023-07-WoT-Planning-UseCases.pdf Use Cases and Requirements|

12:13:42 [kaz]

rrsagent, make log public

12:13:46 [kaz]

rrsagent, draft minutes

12:13:47 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

12:13:54 [mahda]

...to make sure things are consistent and then to integrate it within the use case requirement

12:14:31 [kaz]

s/use case requirement/use cases and requirements/

12:15:51 [kaz]

-> https://github.com/w3c/wot-security/issues/209 wot-security issue 209 - Update "Security and Privacy Guidelines" prior to 2023 PR transitions

12:15:59 [kaz]

(McCool adds some comments)

12:17:14 [mahda]

mm: the issue in self-discovery on LAN, if encyrption is not used in the LAN, everyone has access to TD's

12:17:52 [kaz]

i|the issue|-> https://w3c.github.io/wot-discovery/#security-consideration-lan-self-discovery WoT Discovery ED - 8.3 Self-Discovery on LANs|

12:18:02 [kaz]

rrsagent, draft minutes

12:18:04 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

12:19:24 [kaz]

-> https://w3c.github.io/wot-discovery/#privacy-consideration-location-tracking WoT Discovery ED -9.1 Location Tracking and Profiling

12:19:45 [mahda]

mm: tracking and profiling are the same thing, mainly used for covering the same term used across the document

12:21:23 [kaz]

q+

12:23:04 [kaz]

ack k

12:23:12 [mahda]

kaz: in the agenda: we would like to pickup the most important requirement in e.g., the discovery

12:23:43 [mahda]

mm: we want requirements that mitigate risk appropriately, we need to tie the risks to the use cases that are most critical

12:24:13 [kaz]

s/in the agenda: we would like to pickup the most important requirement in e.g., the discovery/Just to make sure, we're picking up dome of the important requirements from the WoT Discovery specification as the basis of the next Charter discussion. Right?/

12:24:15 [mahda]

...surveying what we have as risk and make sure the list is up to date and then to tie the risks to the use case

12:24:26 [kaz]

s/we want/Yes, We want/

12:24:38 [kaz]

rrsagent, draft minutes

12:24:39 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

12:26:39 [mahda]

mm: some names in the security and privacy titles need to be reformulated to be more clear

12:27:59 [mahda]

mm: he gathers the privacy and security items mentioned in the discovery, Thing Description and Architecture documentation

12:30:21 [kaz]

s/he ga/(ga/

12:30:30 [kaz]

s/documentation/documentation)/

12:30:31 [kaz]

rrsagent, draft minutes

12:30:33 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

12:30:45 [McCool_]

https://w3c.github.io/wot-security/

12:31:14 [kaz]

s|https://w3c.github.io/wot-security/|-">https://w3c.github.io/wot-security/|-> https://w3c.github.io/wot-security/ Web of Things (WoT) Security and Privacy Guidelines ED|

12:31:17 [kaz]

rrsagent, draft minutes

12:31:18 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

12:32:12 [mahda]

mm: a unified list of threats are required in the wot-security, and duplicates should be removed

12:35:10 [mahda]

...a starting point should be correct linking

12:36:02 [kaz]

q+

12:36:48 [mahda]

...we should consider updating the wot-threat-model-threats file

12:37:54 [mahda]

...any ideas on how we can clean this up?

12:38:29 [mahda]

kaz: picking up some of the existing pieces, but in the next chater we need to look into additional potential use cases from the industry

12:38:33 [kaz]

ack k

12:38:56 [mahda]

mm: sure

12:39:41 [mahda]

kaz: we should summarize the current information which is good then work on potential use case

12:40:34 [mahda]

mm: the aim is to have everything in one place, a challenge is that the names are not self-explanatory, we need to have single set of threats that cross-reference them

12:40:48 [mahda]

...in the long term, we have to decide where to put the information

12:41:44 [kaz]

s/we should summarize the current information which is good then work on potential use case/I'm OK with this direction, but in addition, we should clarify we'd like work on this using 2-step approach, (1 summarizing the current information from the existing WoT specs and (2) work on potential use cases for further discussion./

12:41:47 [kaz]

rrsagent, draft minutes

12:41:48 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

12:42:06 [kaz]

s/the aim is/Yes, the aim/

12:42:15 [kaz]

s/aim to/aim is to/

12:42:17 [kaz]

rrsagent, draft minutes

12:42:18 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

12:44:00 [mahda]

...the problem with going with use case forward is that there is alot of work

12:45:49 [mahda]

mm: lets go through the documents and link them

12:46:51 [mahda]

mm: issue created for creating anchors for threats: https://github.com/w3c/wot-security/issues/222

12:47:32 [mahda]

mm: he will create anchors for each of the threats

12:48:03 [kaz]

s/ he will/(McCool will/

12:48:10 [kaz]

s/threats/threats)/

12:48:14 [kaz]

rrsagent, draft minutes

12:48:15 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

12:56:51 [mahda]

kaz: you can create a list that can be formatted as a table

12:59:28 [kaz]

s/you can create a list that can be formatted as a table/My suggestion is using unordered lists with CSS style instead of table, but it would take some time to convert all the tables. So we can simply add "id" to <tr> or <th> within the tables./

13:00:07 [kaz]

-> https://stackoverflow.com/questions/13824918/how-to-style-my-unordered-list-like-a-table fyi, How to style my unordered list like a table?

13:01:45 [mahda]

mm: from next week the meeting will take place one hour later

13:02:33 [kaz]

i/from/topic: Next call/

13:03:29 [kaz]

[adjourned]

13:03:32 [kaz]

rrsagent, draft minutes

13:03:33 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

14:01:42 [kaz]

chair: McCool

14:01:43 [kaz]

rrsagent, draft minutes

14:01:44 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/07/31-wot-sec-minutes.html kaz

15:03:42 [Zakim]

Zakim has left #wot-sec