W3C

– DRAFT –
WoT Security

04 September 2023

Attendees

Present
Kaz_Ashimura, Luca_Barbato, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
kaz, luca_barbato

Meeting minutes

Minutes

<kaz> Aug-7

McCool: We agreed to review the minutes offline, but let's go over it to recap what we left last month

McCool: <approved>

PRs

McCool: 4 PR pending

PR 226

<McCool> PR 226 - Migrate to new ReSpec profile

McCool: It updates the respec version and address its lints

(merged)

PR 225

<McCool> PR 225 - Add DDoS Threats

McCool: It add a section about DDoS next to the current DoS section

McCool: I added the definition and then added few examples

McCool: I'd like to have more people to review it

PR 224

<McCool> PR 224 - Add anchors to threats

McCool: I would not merge this pr since it adds additional overhead and might desync

Luca: I agree, might be good to ask the respec developers to improve the usability

McCool: <closed with comment>

TPAC Agenda

<kaz> TPAC WoT agenda wiki

McCool: My intention is to have a small slide deck and then go over the documents

McCool: <Edits the wiki to link the documents>

<kaz> wot/planning/Security/README.md

Luca: The items in the list probably will go over the 30min alloted

McCool: <maps the section to a time budget to leave 10min for discussion>

Luca: We aren't many in the TF, we should take the TPAC as chance to enlist more people

Kaz: we need to think about deployment environment for actual IoT services like smart homes, smart buildings and smart cities

McCool: It's true, but we aren't going to do that during the TPAC

Kaz: We could at least reading an issue about detailed security constraints/scenarios

McCool: Security is quite horizontal, that applies to most use-cases

McCool: <Adds to the wiki a set of proposals to be discussed at TPAC>

Luca: I'm concerned about the relationship between the Security TF and the Use-Case TF

Luca: Most of the RECs we produce rely on already ratified protocols that bring by themselves security considerations

Luca: Most of the historical security concerns come from bad deployments and this is hard to fix

McCool: Also the Profile TF might bring security constraints and signal them over profiles as well

Luca: It is a good idea IMHO and we could discuss that to TPAC as well

McCool: Security experts are busy and valueble, we would use their time to review the other TF outputs

McCool: <Adds that to the Call to action section in the wiki>

<kaz> Security and Privacy on the TPAC WoT agenda wiki

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 221 (Fri Jul 21 14:01:30 2023 UTC).