13:00:24 RRSAgent has joined #wot-sec 13:00:28 logging to https://www.w3.org/2023/10/23-wot-sec-irc 13:01:12 meeting: WoT Security 13:01:18 McCool has joined #wot-sec 13:01:27 Mizushima has joined #wot-sec 13:01:31 present+ Kaz_Ashimura, Mahda_Noura, Michael_McCool 13:02:35 present+ Tomoaki_Mizushima 13:07:06 scribenick: kaz 13:08:09 agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#23_October_2023 13:08:12 topic: Minutes 13:08:20 -> https://www.w3.org/2023/10/02-wot-sec-minutes.html Oct-2 13:08:53 approved 13:08:58 topic: PRs 13:09:59 -> https://github.com/w3c/wot-security/pull/232 PR 232 - changed requirement section to analysis 13:10:37 JKRhb has joined #wot-sec 13:11:03 mm: proposal to change the "Requirements" section to "Analysis" section to avoid confusion 13:12:11 merged 13:12:46 topic: Preparation for Use Case call 13:12:58 mm: we had discussion on use cases around Discovery 13:13:21 ... what we can do now is creating issues on wot-use-cases repo 13:13:34 q+ 13:13:35 q+ 13:14:00 ack m 13:14:18 mn: how to identify the use cases? 13:14:25 ... any strategy there? 13:14:44 mm: had discussion on identifiers during the Use Cases call last week 13:15:21 ... need to have some unique ID for each use case 13:16:13 -> https://github.com/w3c/wot-usecases/pull/231 wot-usecases PR 231 - Capture Discovery Requirements 13:16:45 mn: focusing on the existing ones? 13:17:21 mm: in any case, we need to have some unique ID for each use case to identify all the use cases 13:17:26 present+ Jan_Romann 13:18:54 ... also should clarify which building block is related 13:19:36 ... clear statement for the requirements, and unique ID for use cases 13:20:40 ... now we have the section 3 as "Analysis" 13:21:06 -> https://w3c.github.io/wot-security/#analysis WoT Security and Privacy Guidelines - 3. Analysis 13:23:42 https://github.com/w3c/wot-usecases/issues/229 13:24:57 s|https://github.com/w3c/wot-usecases/issues/229|-> https://github.com/w3c/wot-usecases/issues/229 wot-usecases Issue 229 - Consolidate security discussion in use cases document 13:25:25 https://github.com/w3c/wot-usecases/issues/84 13:25:30 q+ 13:26:33 i|229|subtopic: WoT Use Cases Issue 229| 13:28:20 i|84|kaz: The link Lagally mentioned is a bit strange and bigger than "use cases issues related to security"| 13:29:26 i|84|mm: Yeah, we need to think about how to deal with this| 13:29:42 i|84|kaz: let's put a comment about that then| 13:30:02 i|84|mm: ok. we're reorganizing this now..."| 13:30:16 s|https://github.com/w3c/wot-usecases/issues/84|| 13:30:34 -> https://github.com/w3c/wot-usecases/issues/229#issuecomment-1775198881 McCool's comment 13:30:52 rrsagent, make log public 13:30:53 rrsagent, draft minutes 13:30:54 I have made the request to generate https://www.w3.org/2023/10/23-wot-sec-minutes.html kaz 13:31:09 mm: would suggest we define categories of use cases 13:31:30 ... and think about which use cases belong to which category 13:31:46 kaz: ok 13:32:05 ... and one specific use case could belong to multiple categories, technically 13:32:08 mm: yeah 13:32:13 rrsagent, draft minutes 13:32:14 I have made the request to generate https://www.w3.org/2023/10/23-wot-sec-minutes.html kaz 13:32:30 chair: McCool 13:33:14 s/Preparation for/Preparation for the next/ 13:33:16 rrsagent, draft minutes 13:33:18 I have made the request to generate https://www.w3.org/2023/10/23-wot-sec-minutes.html kaz 13:33:41 mm: (then creates another new Issue for wot-usecases) 13:34:15 s/Issue/Issue, "Create Security Categories for Use Cases",/ 13:35:05 ... (then put a list of tasks for that purpose, e.g., creating a list of categories) 13:38:36 -> https://github.com/w3c/wot-usecases/issues/232 wot-usecases Issue 232 - Create Security Categories for Use Cases 13:41:17 q+ 13:42:14 ack k 13:42:38 mm: would like to think about some initial list of categories 13:43:01 ... e.g., private, safety-critical, business-critical, ... 13:43:53 kaz: if we would like to start with those three as the starting point, maybe it would make sense to use the wide review viewpoints as well 13:44:31 ... e.g., privacy-critical, security-critical, internationalization-critical and accessibility-critical 13:46:37 i|if we would|-> https://github.com/w3c/wot-usecases/issues/232#issuecomment-1775234719 McCool's comments on the initial list of categories| 13:49:20 q+ 13:51:19 kaz: btw, the current WoT Use Cases document has section 2 as "Domain Specific Use Cases" and section 3 as "Use Cases for multiple domains" 13:52:04 ... but some of the contents are not "use cases" themselves but rather "specific technology" or "technology area" 13:52:14 ... so need refactoring of the contents too 13:52:25 mm: yeah, there is some mixing up 13:53:02 kaz: note there are "Accessibility" and "Security" as part of the section 3 already 13:54:15 i/the current/topic: Descriptions for WoT Use Cases/ 13:56:38 topic: Requirements section 13:57:16 -> https://w3c.github.io/wot-usecases/#security WoT Use Cases - 4.2.6 Security 13:57:33 mm: regarding the requirements for security 13:57:50 ... should have description on the potential threats 13:58:17 ... also the table on the threats (from the WoT Security Note) 13:58:41 ack k 14:00:40 ... (adds the link from WoT Use Cases document to WoT Security document) 14:01:17 -> https://w3c.github.io/wot-security/#wot-threat-model-threats WoT Security and Requirements Guidelines - 3.2.5 Threats 14:03:13 https://github.com/w3c/wot-usecases/pull/233 14:03:43 i|233|-> https://w3c.github.io/wot-security/#dfn-wot-interface-threat-unauthorized-wot-interface-access more specifically, "WoT Interface Threat - Unauthorized WoT Interface Access"| 14:04:59 s|https://github.com/w3c/wot-usecases/pull/233|-> https://github.com/w3c/wot-usecases/pull/233 New Issue 233 on wot-use cases (based on today's discussion) - Template for Category/Risk org for Security Requiremens| 14:05:03 [adjourned] 14:05:16 rrsagent, draft minutes 14:05:18 I have made the request to generate https://www.w3.org/2023/10/23-wot-sec-minutes.html kaz