IRC log of wot-sec on 2023-12-04

Timestamps are in UTC.

14:03:44 [RRSAgent]
RRSAgent has joined #wot-sec
14:03:48 [RRSAgent]
logging to https://www.w3.org/2023/12/04-wot-sec-irc
14:03:54 [kaz]
agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#4_December_2023
14:05:02 [kaz]
chair: McCool
14:05:15 [kaz]
present+ Kaz_Ashimura, Michael_McCool, Mahda_Noura
14:06:04 [Mizushima]
Mizushima has joined #wot-sec
14:06:24 [kaz]
rrsagent, make log public
14:06:29 [kaz]
rrsagent, draft minutes
14:06:30 [RRSAgent]
I have made the request to generate https://www.w3.org/2023/12/04-wot-sec-minutes.html kaz
14:08:10 [kaz]
topic: Minutes
14:08:22 [kaz]
-> https://www.w3.org/2023/11/27-wot-sec-minutes.html Nov-27
14:08:23 [kaz]
approved
14:08:29 [kaz]
topic: Cancellations
14:08:58 [kaz]
-> https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf#Cancellations Cancellations (from the main wiki)
14:09:23 [kaz]
mm: like the impact for Discovery, the Nordic Chapter CG will have their meeting on Dec 18 again
14:09:36 [kaz]
... how to deal with the collaboration in the future?
14:09:45 [kaz]
q+
14:10:11 [kaz]
... regarding Dec-18, we've already made a decision to cancel our meetings, though
14:10:20 [kaz]
q?
14:11:17 [kaz]
kaz: they're a CG while we're a WG, so we should prioritize our own work
14:11:34 [kaz]
... let's talk with their Chairs about the future collaboration a bit more
14:11:36 [kaz]
ack k
14:12:27 [kaz]
mm: note Jan 10 will be the first call of 2024 for WoT
14:12:31 [kaz]
... not calls on Jan 8
14:12:59 [kaz]
topic: How to accelerate the Security discussion
14:13:14 [kaz]
mm: we need more people for Security/Privacy
14:13:18 [kaz]
... but how to do that?
14:13:46 [kaz]
... human resources for security/privacy is limited
14:14:02 [kaz]
... several possibilities
14:14:09 [kaz]
... search for people from Members
14:14:18 [kaz]
... or from Academic
14:14:32 [kaz]
q+
14:15:22 [kaz]
ack k
14:15:48 [kaz]
kaz: for that purpose, we need to clarify our "need" and "requirement"
14:15:58 [kaz]
... e.g., IoT security expert
14:16:09 [kaz]
mh: somebody in mind
14:16:36 [McCool_]
https://vsr.informatik.tu-chemnitz.de/about/people/siegert/
14:16:43 [kaz]
q+
14:16:59 [kaz]
s|https://vsr.informatik.tu-chemnitz.de/about/people/siegert/||
14:17:55 [kaz]
mm: we need a security expert and also a privacy expert
14:18:54 [kaz]
ack k
14:18:55 [kaz]
q+
14:23:17 [kaz]
ack k
14:25:08 [kaz]
kaz: btw, we need to get more participants from the Membership as well
14:25:12 [kaz]
mm: yeah
14:26:03 [kaz]
q+
14:27:16 [kaz]
ack k
14:28:38 [kaz]
topic: PR 249
14:29:17 [kaz]
-> https://github.com/w3c/wot-usecases/pull/249 PR 249 - Update links in security use case categories using triple-square
14:30:33 [kaz]
mm: would merge this PR
14:30:48 [kaz]
merged
14:30:52 [kaz]
rrsagent, draft minutes
14:30:54 [RRSAgent]
I have made the request to generate https://www.w3.org/2023/12/04-wot-sec-minutes.html kaz
14:31:23 [kaz]
topic: Issue 243
14:31:42 [kaz]
-> https://github.com/w3c/wot-usecases/issues/243 Issue 243 - Update Security Requirements #243
14:32:00 [kaz]
s/topic: PR/subtopic: PR/
14:32:01 [kaz]
s/topic: PR/subtopic: PR/
14:32:18 [kaz]
i|topic: PR 249|topic: Use Cases PRs|
14:32:20 [kaz]
rrsagent, draft minutes
14:32:22 [RRSAgent]
I have made the request to generate https://www.w3.org/2023/12/04-wot-sec-minutes.html kaz
14:32:43 [kaz]
mm: (adds comments)
14:32:49 [kaz]
-> https://github.com/w3c/wot-usecases/issues/243#issuecomment-1838759002 McCool's comments
14:33:42 [kaz]
topic: Security Categories
14:33:54 [kaz]
-> https://github.com/w3c/wot-usecases/blob/main/USE-CASES/security-categories.csv security-categories.csv
14:35:17 [kaz]
mm: (goes through the CSV table and the use Cases document)
14:35:48 [kaz]
-> https://w3c.github.io/wot-usecases/ WoT Use Cases and Requirements Editor's Draft
14:37:07 [kaz]
mm: (shows the example of "Smart Agriculture")
14:40:55 [kaz]
q+
14:43:03 [kaz]
kaz: technically, date/time and location could be also privacy information
14:44:16 [kaz]
mm: probably should split "Private Information" category into "Private Information (for PII)"
14:44:35 [kaz]
... and "Confidential Information" (e.g., business confidential)
14:45:50 [kaz]
kaz: in that case, "business Confidential" implies "Private Information" as an organization/entity
14:46:26 [kaz]
... so thinking about level of entities, e.g., person and organization, would make sense
14:48:31 [kaz]
i|technically|-> https://w3c.github.io/wot-usecases/#UC-open-field-agriculture-1 WoT Use Cases and Requirements - 2.1.2 Open-field Agriculture|
14:48:59 [kaz]
q+
14:52:01 [kaz]
ack k
14:52:38 [kaz]
mm: "business confidential" information would cause damage of money/cost
14:53:18 [kaz]
kaz: in that case, maybe it would be clearer to handle the impact and damage itself, e.g., "damage of cost", instead of "business confidential"
14:54:25 [kaz]
subtopic: Livestock Health Management
14:54:52 [kaz]
-> https://w3c.github.io/wot-usecases/#UC-livestock-health-management-1 2.1.6 Livestock Health Management
14:55:22 [kaz]
mm: it's an interesting use case since these days we get issues on chicken flu, etc.
14:56:24 [kaz]
q?
14:56:51 [kaz]
s/chicken flu/bird flu/
14:57:49 [kaz]
subtopic: Agricultural Machinery Management
14:58:11 [kaz]
-> https://w3c.github.io/wot-usecases/#UC-agricultural-machinery-management-1 2.1.7 Agricultural Machinery Management
14:58:46 [kaz]
q+
14:59:08 [kaz]
ack k
15:00:42 [kaz]
kaz: probably we need to think about the whole lifecycle of the machinery to discuss the potential damages
15:00:49 [kaz]
... when to have what kind of damages
15:02:13 [kaz]
... not only within the field but also the lifecycle, e.g., getting the machinery from the shop to the field by a truck
15:03:01 [kaz]
mm: we're out of time. let's continue the discussion next week.
15:03:04 [kaz]
[adjourned]
15:03:10 [kaz]
rrsagent, draft minutes
15:03:11 [RRSAgent]
I have made the request to generate https://www.w3.org/2023/12/04-wot-sec-minutes.html kaz
17:15:48 [Zakim]
Zakim has left #wot-sec