W3C

– DRAFT –
WoT Security

04 December 2023

Attendees

Present
Kaz_Ashimura, Mahda_Noura, Michael_McCool
Regrets
-
Chair
McCool
Scribe
kaz

Meeting minutes

Minutes

Nov-27

approved

Cancellations

Cancellations (from the main wiki)

McCool: like the impact for Discovery, the Nordic Chapter CG will have their meeting on Dec 18 again
… how to deal with the collaboration in the future?
… regarding Dec-18, we've already made a decision to cancel our meetings, though

Kaz: they're a CG while we're a WG, so we should prioritize our own work
… let's talk with their Chairs about the future collaboration a bit more

McCool: note Jan 10 will be the first call of 2024 for WoT
… not calls on Jan 8

How to accelerate the Security discussion

McCool: we need more people for Security/Privacy
… but how to do that?
… human resources for security/privacy is limited
… several possibilities
… search for people from Members
… or from Academic

Kaz: for that purpose, we need to clarify our "need" and "requirement"
… e.g., IoT security expert

Mahda: somebody in mind

McCool: we need a security expert and also a privacy expert

Kaz: btw, we need to get more participants from the Membership as well

McCool: yeah

Use Cases PRs

subsubtopic: PR 249

PR 249 - Update links in security use case categories using triple-square

McCool: would merge this PR

merged

Issue 243

Issue 243 - Update Security Requirements #243

McCool: (adds comments)

McCool's comments

Security Categories

security-categories.csv

McCool: (goes through the CSV table and the use Cases document)

WoT Use Cases and Requirements Editor's Draft

McCool: (shows the example of "Smart Agriculture")

WoT Use Cases and Requirements - 2.1.2 Open-field Agriculture

Kaz: technically, date/time and location could be also privacy information

McCool: probably should split "Private Information" category into "Private Information (for PII)"
… and "Confidential Information" (e.g., business confidential)

Kaz: in that case, "business Confidential" implies "Private Information" as an organization/entity
… so thinking about level of entities, e.g., person and organization, would make sense

McCool: "business confidential" information would cause damage of money/cost

Kaz: in that case, maybe it would be clearer to handle the impact and damage itself, e.g., "damage of cost", instead of "business confidential"

Livestock Health Management

2.1.6 Livestock Health Management

McCool: it's an interesting use case since these days we get issues on bird flu, etc.

Agricultural Machinery Management

2.1.7 Agricultural Machinery Management

Kaz: probably we need to think about the whole lifecycle of the machinery to discuss the potential damages
… when to have what kind of damages
… not only within the field but also the lifecycle, e.g., getting the machinery from the shop to the field by a truck

McCool: we're out of time. let's continue the discussion next week.

[adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 221 (Fri Jul 21 14:01:30 2023 UTC).