14:05:11 RRSAgent has joined #wot-sec 14:05:15 logging to https://www.w3.org/2023/11/13-wot-sec-irc 14:05:45 meeting: WoT Security 14:06:08 present+ Kaz_Ashimura, Michael_McCool, Mahda_Noura, Tomoaki_Mizushima 14:06:30 mahda-noura has joined #wot-sec 14:06:38 agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#13_November_2023 14:06:45 present+ Mahda_Noura 14:07:24 ScribeNick: mahda-noura 14:07:44 Chair: Michael McCool 14:08:44 Topic: Minutes 14:09:00 -> https://www.w3.org/2023/10/30-wot-sec-minutes.html Oct-30 14:09:00 mccool: any objection to the minutes? 14:09:04 (none) 14:09:31 Topic: Use cases 14:09:39 luca_barbato has joined #wot-sec 14:10:00 mmcool: the use cases are renamed 14:10:45 ...rather having public and private there will be more categories, the threats are added 14:11:00 ...the requirements are about mitigation and threats are motivating 14:11:12 ...a given threat can have more than one mitigation 14:11:27 ...some mitigations can also apply to more than one threat 14:11:45 i|the use cases|subtopic: PR 233| 14:11:55 i|the use cases|-> https://github.com/w3c/wot-usecases/pull/233 PR 233 - Template for Category/Risk org for Security Requirements| 14:12:01 rrsagent, make log public 14:12:05 rrsagent, draft minutes 14:12:07 I have made the request to generate https://www.w3.org/2023/11/13-wot-sec-minutes.html kaz 14:12:14 ...on parallel have been working on discovery 14:12:30 ...Jan is working on the discovery section 14:13:02 -> https://github.com/w3c/wot-usecases/pull/242 PR 242 - Associate Discovery Requirement with Use Cases 14:13:23 ...the links in the security and privacy will be updated to have a similar structure to the discovery document 14:14:14 ...how should we deal with privacy? 14:15:21 ...if we do seperate sections then we have some repitions 14:15:31 q+ 14:15:52 mahda: security and privacy together would be better because of avoidance of redundance 14:18:44 ack k 14:19:05 kaz: there are several potential categories and structures for use case descriptions, and having seperate security and privacy specific sections...securtiy and privacy from a W3C viewpoints. Maybe we could have use case section and requirement section. 14:20:00 kaz: if we concentrate on the question of seperate sections, I think they should be seperate 14:20:10 ...eventhough they are related to each other 14:20:22 s/eventhough/even though/ 14:20:30 mm: I am anticipating we will have a pain point, and we have to cross reference 14:21:06 ...we could have access control as requirement, the requirement can then cite both security and privacy 14:21:41 ...other requirements like deletion is related to only privacy 14:22:04 kaz: protecting privacy requires security mechanisms 14:22:25 ...how and when to access what kind of data and when and where 14:22:36 ...technically two different kinds of requirements 14:24:02 mm: I will try to split them into two sections 14:24:58 https://github.com/w3c/wot-usecases/pull/233 14:25:29 mm: mccool will try to improve the document 14:25:44 mm: is there anything pressing that we should do? 14:25:58 rrsagent, draft minutes 14:25:59 I have made the request to generate https://www.w3.org/2023/11/13-wot-sec-minutes.html kaz 14:26:08 mm: the interest group asked for 2 months extension, at some point we need to think about whether we need to do something special for security 14:26:29 i|PR 242|subtopic: PR 242| 14:26:30 rrsagent, draft minutes 14:26:31 I have made the request to generate https://www.w3.org/2023/11/13-wot-sec-minutes.html kaz 14:28:03 s|subtopic: PR 242|| 14:28:08 [adjourned] 14:28:10 rrsagent, draft minutes 14:28:12 I have made the request to generate https://www.w3.org/2023/11/13-wot-sec-minutes.html kaz