14:02:46 <RRSAgent> RRSAgent has joined #wot-sec
14:02:51 <RRSAgent> logging to https://www.w3.org/2023/11/27-wot-sec-irc
14:02:51 <kaz> meeting: WoT Security
14:03:08 <kaz> present+ Kaz_Ashimura, Michael_McCool, Mahda_Noura, Tomoaki_Mizushima
14:06:10 <mahda-noura> ScribeNick: Mahda_Noura
14:06:20 <kaz> rrsagent, make log public
14:06:24 <kaz> rrsagent, draft minutes
14:06:26 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/27-wot-sec-minutes.html kaz
14:06:33 <mahda-noura> Topic: Minutes overview
14:06:56 <kaz> -> https://www.w3.org/2023/11/20-wot-sec-minutes.html Nov-20
14:07:20 <mahda-noura> mm: published minutes
14:07:36 <mahda-noura> ...lets look on the requirement issue
14:07:50 <McCool> https://github.com/w3c/wot-usecases/issues/243
14:08:16 <mahda-noura> mm: no open PR this time for security
14:08:17 <McCool> https://github.com/w3c/wot-usecases/pull/233
14:08:41 <mahda-noura> mm: we should talk about what to do next and make a todo list
14:10:07 <mahda-noura> mahda: I looked at Jan's work from the discovery, would be good to discuss how to map the use cases to requirements
14:11:00 <mahda-noura> mm: using the links facilitate automatic links and sections
14:11:10 <McCool> https://pr-preview.s3.amazonaws.com/w3c/wot-usecases/pull/233.html
14:11:19 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#27_November_2023
14:11:22 <kaz> chair: McCool
14:11:30 <kaz> rrsagent, draft minutes
14:11:31 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/27-wot-sec-minutes.html kaz
14:11:51 <kaz> i/published/scribenick: mahda-noura/
14:11:52 <kaz> rrsagent, draft minutes
14:11:53 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/27-wot-sec-minutes.html kaz
14:11:59 <mahda-noura> mm: there are four categories, the simple first step is to restructure this to follow the discovery template
14:12:20 <kaz> i|lets look|topic: Requirements|
14:12:57 <kaz> rrsagent, draft minutes
14:12:59 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/27-wot-sec-minutes.html kaz
14:15:14 <mahda-noura> mm: next: each category tries to capture the use cases it relates to
14:16:05 <mahda-noura> mm: do each in single PR's
14:17:27 <mahda-noura> mm: after we do the categories, we need to (the requirements should be mitigations)
14:17:53 <mahda-noura> mm: we want to mitigate each threat
14:18:35 <kaz> s/lets/let's/
14:20:20 <mahda-noura> ...first formatting, then the categories, while going through the use cases we might find new categories, then we can try to align the security requirements to the threats we already have. A path from security considerations to the threats
14:20:40 <kaz> q+
14:21:11 <mahda-noura> ...in the next meeting when the first one is done, we can try to start the next step
14:22:20 <mahda-noura> ...we had a table with the use cases from the past
14:23:51 <mahda-noura> ...we can update the existing table and update it
14:24:52 <mahda-noura> ...we can limit the scope of the work to focus for now on the security and not privacy
14:26:39 <McCool> https://github.com/w3c/wot-usecases/issues/246
14:26:41 <kaz> q?
14:27:12 <mahda-noura> kaz: this should be probably be next step, after this re-organization we need to gather more feedback or use cases from various industries
14:28:01 <mahda-noura> mm: there are two things, first we can assign categories, secondly we may find gaps where we have a clear mitigation
14:28:20 <kaz> ack k
14:29:39 <mahda-noura> mm: i think in general the use case contributors can look at the requirements, and then think about gaps rather than starting from scratch
14:32:54 <mahda-noura> mm: lets look at the use case file and see whether it is up to date
14:36:04 <kaz> q+
14:37:29 <mahda-noura> ...the table is outdated
14:37:59 <mahda-noura> kaz: after looking at the use case documents, I started to fear the current structure of the use case document, it's not understandable
14:38:31 <mahda-noura> mm: I totally agree, if we have decent id's, we can move things around and re-organize things
14:39:03 <mahda-noura> kaz: we need somebody else to moderate the use case discussions
14:39:49 <kaz> ack k
14:39:50 <mahda-noura> mm: all I want is to update the security part
14:41:13 <kaz> kaz: yeah, so we need to concentrate on the security portion within the Use Cases/Requirements descriptions
14:41:20 <kaz> i/yeah/scribenick: kaz/
14:41:30 <kaz> scribenick: mahda-noura
14:43:21 <mahda-noura> ...we can have two categories, yes, no, and maybe
14:44:35 <mahda-noura> ...in general lets only do the leaf nodes of a main category e.g. retail
14:46:31 <mahda-noura> ...will create a PR under use cases
14:49:18 <kaz> q+
14:49:51 <kaz> ack k
14:50:03 <mahda-noura> kaz: digging into existing use cases would make sense, this work would be time-consuming and maybe we need additional help from the other participants of the group
14:50:15 <kaz> s/would/would still/
14:50:22 <kaz> s/this work/but this work/
14:50:56 <mahda-noura> mm: I think we should go through the obvious ones and ask for input from others, in the next hour we can go through them, and later ask confirmation from the rest of the members
14:51:30 <kaz> rrsagent, draft minutes
14:51:31 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/27-wot-sec-minutes.html kaz
14:52:51 <McCool> https://github.com/w3c/wot-usecases/pull/247
14:53:25 <kaz> s/https/-> https/
14:53:34 <kaz> s/247/247 PR 247 - Define Security Category Template/
14:53:41 <kaz> rrsagent, draft minutes
14:53:42 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/27-wot-sec-minutes.html kaz
14:53:57 <McCool> https://github.com/w3c/wot-usecases/blob/main/USE-CASES/security-categories.csv
14:54:51 <kaz> q?
14:55:02 <kaz> [adjourned]
14:55:03 <kaz> rrsagent, draft minutes
14:55:05 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/27-wot-sec-minutes.html kaz
17:07:26 <Zakim> Zakim has left #wot-sec