Meeting minutes
Minutes
<kaz> July-24
TAG review on Profile
<kaz> w3ctag/design-reviews issue 818 - Web of Things (WoT) Profile - Review Requested
Kaz: how to deal with that?
McCool: would talk about this during the Planning session of the main call
Requirements
<kaz> Use Cases and Requirements
McCool: for security and discovery do a survey of the current risks we have in the guideline documents
… to make sure things are consistent and then to integrate it within the use cases and requirements
<kaz> wot-security issue 209 - Update "Security and Privacy Guidelines" prior to 2023 PR transitions
<kaz> (McCool adds some comments)
<kaz> WoT Discovery ED - 8.3 Self-Discovery on LANs
McCool: the issue in self-discovery on LAN, if encyrption is not used in the LAN, everyone has access to TD's
<kaz> WoT Discovery ED -9.1 Location Tracking and Profiling
McCool: tracking and profiling are the same thing, mainly used for covering the same term used across the document
Kaz: Just to make sure, we're picking up some of the important requirements from the WoT Discovery specification as the basis of the next Charter discussion. Right?
McCool: Yes, We want requirements that mitigate risk appropriately, we need to tie the risks to the use cases that are most critical
… surveying what we have as risk and make sure the list is up to date and then to tie the risks to the use case
McCool: some names in the security and privacy titles need to be reformulated to be more clear
McCool: (gathers the privacy and security items mentioned in the discovery, Thing Description and Architecture documentation)
<McCool_> Web of Things (WoT) Security and Privacy Guidelines ED
McCool: a unified list of threats are required in the wot-security, and duplicates should be removed
… a starting point should be correct linking
… we should consider updating the wot-threat-model-threats file
… any ideas on how we can clean this up?
Kaz: picking up some of the existing pieces, but in the next charter we need to look into additional potential use cases from the industry
McCool: sure
Kaz: I'm OK with this direction, but in addition, we should clarify we'd like work on this using 2-step approach, (1 summarizing the current information from the existing WoT specs and (2) work on potential use cases for further discussion.
McCool: Yes, the aim is to have everything in one place, a challenge is that the names are not self-explanatory, we need to have single set of threats that cross-reference them
… in the long term, we have to decide where to put the information
… the problem with going with use case forward is that there is a lot of work
McCool: lets go through the documents and link them
McCool: issue created for creating anchors for threats: w3c/
McCool: (McCool will create anchors for each of the threats)
Kaz: My suggestion is using unordered lists with CSS style instead of table, but it would take some time to convert all the tables. So we can simply add "id" to <tr> or <th> within the tables.
Next call
McCool: from next week the meeting will take place one hour later
<kaz> [adjourned]