12:01:07 <RRSAgent> RRSAgent has joined #wot-sec
12:01:11 <RRSAgent> logging to https://www.w3.org/2023/09/04-wot-sec-irc
12:01:11 <kaz> meeting: WoT Security
12:59:08 <kaz> present+ Kaz_Ashimura, Michael_McCool
13:00:50 <luca_barbato> luca_barbato has joined #wot-sec
13:01:17 <McCool> McCool has joined #wot-sec
13:01:48 <kaz> present+ Luca_Barbato
13:03:58 <Mizushima> Mizushima has joined #wot-sec
13:04:29 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#4_September_2023
13:05:29 <kaz> present+ Tomoaki_Mizushima
13:06:24 <kaz> scribenick: luca_barbato
13:06:24 <luca_barbato> scribenick: luca_barbato
13:06:31 <luca_barbato> topic: Minutes
13:07:04 <kaz> -> https://www.w3.org/2023/08/07-wot-sec-minutes.html Aug-7
13:07:33 <luca_barbato> mm: We agreed to review the minutes offline, but let's go over it to recap what we left last month
13:08:17 <luca_barbato> mm: <approved>
13:08:22 <luca_barbato> topic: PRs
13:08:38 <luca_barbato> mm: 4 PR pending
13:08:54 <luca_barbato> subtopic: PR 226
13:08:56 <McCool> https://github.com/w3c/wot-security/pull/226
13:09:30 <kaz> s|https://github.com/w3c/wot-security/pull/226|-> https://github.com/w3c/wot-security/pull/226 PR 226 - Migrate to new ReSpec profile|
13:09:51 <luca_barbato> It updates the respec version and address its lints
13:10:11 <luca_barbato> s/It/mm: It
13:10:29 <luca_barbato> subtopic: PR 225
13:10:31 <McCool> https://github.com/w3c/wot-security/pull/225
13:12:14 <luca_barbato> mm: It add a section about DDoS next to the current DoS section
13:12:30 <kaz> s|https://github.com/w3c/wot-security/pull/225|-> https://github.com/w3c/wot-security/pull/225 PR 225 - Add DDoS Threats|
13:12:47 <luca_barbato> mm: I added the definition and then added few examples
13:14:07 <luca_barbato> mm: I'd like to have more people to review it
13:14:20 <luca_barbato> subtopic: PR 224
13:14:24 <McCool> https://github.com/w3c/wot-security/pull/224
13:15:31 <kaz> s|https://github.com/w3c/wot-security/pull/224|-> https://github.com/w3c/wot-security/pull/224 PR 224 - Add anchors to threats|
13:16:01 <luca_barbato> q+
13:16:34 <luca_barbato> mm: I would not merge this pr since it adds additional overhead and might desync
13:18:40 <luca_barbato> lb: I agree, might be good to ask the respec developers to improve the usability
13:19:36 <luca_barbato> mm: <closed with comment>
13:20:30 <luca_barbato> topic: TPAC Agenda
13:21:36 <kaz> -> https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf/2023_WoT_TPAC_Agenda TPAC WoT agenda wiki
13:22:47 <luca_barbato> mm: My intention is to have a small slide deck and then go over the documents
13:25:17 <luca_barbato> mm: <Edits the wiki to link the documents>
13:26:04 <kaz> -> https://github.com/w3c/wot/blob/main/planning/Security/README.md wot/planning/Security/README.md
13:26:29 <luca_barbato> q+
13:27:24 <luca_barbato> lb: The items in the list probably will go over the 30min alloted
13:32:26 <luca_barbato> mm: <maps the section to a time budget to leave 10min for discussion>
13:32:32 <kaz> q+
13:32:35 <kaz> ack lu
13:33:05 <luca_barbato> lb: We aren't many in the TF, we should take the TPAC as chance to enlist more people
13:34:10 <kaz> ack k
13:35:38 <kaz> kaz: we need to think about deployment environment for actual IoT services
13:35:54 <kaz> s/services/services like smart homes, smart buildings and smart cities/
13:36:00 <kaz> ack k
13:36:01 <kaz> q+
13:36:07 <luca_barbato> mm: It true, but we aren't going to do that during the TPAC
13:36:29 <kaz> ack k
13:36:40 <luca_barbato> kaz: We could at least reading an issue about detailed security constraints/scenarios
13:36:51 <kaz> i/we need to/scribenick: kaz/
13:37:02 <kaz> i/It true/scribenick: luca_barbato/
13:37:16 <kaz> s/It true/It's true/
13:39:18 <luca_barbato> mm: Security is quite horizontal, that applies to most use-cases
13:39:21 <luca_barbato> q+
13:40:50 <luca_barbato> mm: <Adds to the wiki a set of proposals to be discussed at TPAC>
13:46:48 <luca_barbato> lb: I'm concerned about the relationship between the Security TF and the Use-Case TF
13:47:37 <luca_barbato> lb: Most of the RECs we produce rely on already ratified protocols that bring by themselves security considerations
13:48:03 <luca_barbato> lb: Most of the historical security concerns come from bad deployments and this is hard to fix
13:50:13 <luca_barbato> mm: Also the Profile TF might bring security constraints and signal them over profiles as well
13:50:31 <luca_barbato> lb: It is a good idea IMHO and we could discuss that to TPAC as well
13:52:07 <luca_barbato> mm: Security experts are busy and valueble, we would use their time to review the other TF outputs
13:53:19 <luca_barbato> mm: <Adds that to the Call to action section in the wiki>
13:56:07 <kaz> -> https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf/2023_WoT_TPAC_Agenda#Security_and_Privacy "Security and Privacy" on the TPAC WoT agenda wiki
13:57:44 <kaz> [adjourned]
13:57:49 <kaz> rrsagent, make log public
13:58:01 <kaz> rrsagent, draft minutes
13:58:02 <RRSAgent> I have made the request to generate https://www.w3.org/2023/09/04-wot-sec-minutes.html kaz
16:11:08 <Zakim> Zakim has left #wot-sec
19:17:30 <kaz> kaz has joined #wot-sec