14:01:01 <RRSAgent> RRSAgent has joined #wot-sec
14:01:05 <RRSAgent> logging to https://www.w3.org/2023/12/11-wot-sec-irc
14:01:11 <mahda-noura> mahda-noura has joined #wot-sec
14:01:15 <McCool_> McCool_ has joined #wot-sec
14:01:35 <kaz> meeting: WoT Security
14:02:26 <kaz> present+ Kaz_Ashimura, Michael_McCool, Jan_Romann, Mahda_Noura
14:02:42 <JKRhb> JKRhb has joined #wot-sec
14:05:48 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#11_December_2023
14:06:13 <kaz> scribenick: mahda-noura
14:06:19 <mahda-noura> ScribeNick: mahda-noura
14:06:25 <mahda-noura> Topic: Minutes
14:06:31 <kaz> -> https://www.w3.org/2023/12/04-wot-sec-minutes.html Dec-4
14:06:45 <Mizushima> Mizushima has joined #wot-sec
14:08:21 <mahda-noura> mccool: additional links required to be added to the meeting notes from last week
14:09:02 <kaz> s/mccool: additional links required to be added to the meeting notes from last week//
14:09:13 <kaz> rrsagent, make log public
14:09:16 <kaz> rrsagent, draft minutes
14:09:18 <RRSAgent> I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz
14:09:26 <kaz> chair: McCool
14:09:28 <mahda-noura> mm: approved minutes
14:09:29 <kaz> present+ Tomoaki_Mizushima
14:09:40 <kaz> q+
14:09:48 <mahda-noura> Topic: Logistics
14:10:10 <mahda-noura> mm: next week there will be no meeting due to the conflict with nordict meeting
14:10:25 <mahda-noura> mm: we should find a solution for this to not require to cancel the meetings
14:10:40 <mahda-noura> Topic: Requirements and Use Cases
14:10:59 <mahda-noura> mm: We will continue on the use case document today and completing the table
14:11:47 <kaz> q-
14:11:59 <kaz> i|We will|-> https://github.com/w3c/wot-usecases/blob/main/USE-CASES/security-categories.csv security-categories.csv
14:12:04 <kaz> rrsagent, make log public
14:12:08 <kaz> rrsagent, draft minutes
14:12:09 <RRSAgent> I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz
14:13:08 <mahda-noura> mm: for later we need to create a new column to split the private information column
14:13:33 <kaz> q+
14:13:53 <mahda-noura> https://w3c.github.io/wot-usecases/#UC-smartcity-geolocation-1
14:16:14 <mahda-noura> mm: it's not really PII, safety critical - geo location might be safety critical in cases like an emergency, business critical- yes due to managing infrastructure
14:17:00 <mahda-noura> kaz: I am not sure if it would be the best to use this existing use case from Signapoor without having the original people
14:17:39 <kaz> s/Signapoor/Singapore/
14:17:51 <mahda-noura> mm: we will do a draft and ask them, for now we are reading through what we have and try to extract requirements. But certaintly we haven't clarified what this geolocation device is and the use case is ambigious
14:18:03 <kaz> s/original people/original proposer or the other stakeholders from smart cities/
14:18:41 <mahda-noura> kaz: I would like to strongly suggest that we should focus on better template instead of putting content into it
14:19:08 <mahda-noura> mm: we will be creating a link from the requirements to the category, so this table is a different form of these links
14:19:25 <kaz> s/I am not/I'm OK with working on Smart Cities use cases, but I'm not/
14:19:46 <mahda-noura> mm: so, this is really us going through use cases and taking notes on what we think is true
14:20:05 <mahda-noura> kaz: I can talk again with some members for further collaboration for the use cases
14:20:37 <mahda-noura> mm: we haven't commited any change on the document itself, and eventually we will contact the original contributors
14:20:52 <kaz> s/some members for further/key stakeholders from smart cities and ask them about their possible/
14:21:03 <kaz> rrsagent, make log public
14:21:10 <kaz> rrsagent, draft minutes
14:21:11 <RRSAgent> I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz
14:21:21 <mahda-noura> https://w3c.github.io/wot-usecases/#UC-smartcity-dashboard-1
14:23:28 <mahda-noura> https://w3c.github.io/wot-usecases/#UC-interactive-public-spaces-1
14:24:33 <mahda-noura> mm: it is a public service, in community service we may have different events and personalized information, a mixture of public and private information. maybe you want to rent a room and provide personalization
14:25:23 <mahda-noura> ...also about a blind person walking to a map, and telling it that he/she is blind, this needs to be done secure
14:26:07 <mahda-noura> https://w3c.github.io/wot-usecases/#UC-meeting-room-event-assistance-1
14:26:24 <mahda-noura> mm: it's not a public service and it's similar to the previous use case
14:26:55 <kaz> q+
14:27:14 <mahda-noura> ...I walk into a meeting room and it doesn't load my preferences is not a big deal, but if I manage to mess around the settings than it is critical
14:27:59 <mahda-noura> kaz: what we have been doing, the method might have been correct, at this stage of our charter we should try to get interesting analysis from other SDOs
14:28:16 <mahda-noura> mm: I am not against that, but we have 73 use cases and we need to extract the information
14:28:35 <mahda-noura> kaz: yes, how we extract the information is key, if there is a guideline it would be nicer
14:29:53 <mahda-noura> mm: that is true, extracting useful information from that and turn it into requirements, there is multiple source of inputs for requirements, we have to look at each individually, this is essentially sumarizing the requirements that are required to do this.
14:30:37 <mahda-noura> ...we could spend years looking at existing documents and extracting information out of them
14:30:46 <mahda-noura> kaz: we could also ask people for help
14:31:03 <mahda-noura> mm: sure, but that does not excuse us from our own existing use cases
14:31:33 <mahda-noura> kaz: I am not objecting analyzing our own use cases, but regarding the methods we should and can consult
14:32:33 <mahda-noura> mm: totally agree, but right now we have work items, for future we can also look at different use cases and link them to what we are currently doing
14:33:30 <mahda-noura> mm: for retail use case we could invite the original contributors
14:33:42 <mahda-noura> mm: the building use cases were done mainly by siemens
14:34:07 <mahda-noura> kaz: as Ege mentioned during the main call and TD call, think about the coverage of existing specification
14:34:34 <mahda-noura> mm: for the discovery spec we have requirements, thats related to coverage, full, partiall, or no coverage
14:34:52 <mahda-noura> ...I think for security there are some things that are not adequately satsified
14:35:22 <mahda-noura> ...only counting the number of satsified items are also not enough
14:35:37 <mahda-noura> kaz: we can concentrate on what is missing, gap analysis
14:36:13 <mahda-noura> mm: we won't know that until we don't finish our current task
14:36:33 <mahda-noura> kaz: from my viewpoint, the current categorization could help us speed the coverage at the end
14:36:40 <kaz> s/my/your/
14:36:56 <kaz> s/at the end/at the end, couldn't it?/
14:37:17 <mahda-noura> mm: for security we are linking through categories, and we only have 5 categories, however for discovery it is more difficult because we have a 1:1 mapping
14:38:25 <mahda-noura> mm: is this activity something that we should all do, or some do it and review it
14:38:50 <mahda-noura> kaz: we should clarify the gap analysis and what has been updated
14:39:46 <kaz> s/updated/updated from which version how/
14:39:59 <mahda-noura> mm: we need to be concrete, we feel this use cases needs a mitigation of x, is this correct. I want to create a sumarry then ask for input to get more concrete input
14:40:32 <mahda-noura> mm: I think we should do this task outside this meeting, I can do a PR
14:41:05 <mahda-noura> ...we can merge the current ones we did together as a baseline
14:41:28 <mahda-noura> any obection to merging?
14:41:44 <mahda-noura> ...updating the csv file
14:41:47 <mahda-noura> (none)
14:44:33 <mahda-noura> mm: will do the rest offline and discuss it in a use case call
14:45:59 <mahda-noura> mahda: I can provide help in some of the categories
14:46:50 <mahda-noura> mm: Mahda is assigned 2.3, 2.4 and 2.7 use cases
14:48:34 <mahda-noura> https://github.com/w3c/wot-usecases/pull/255
14:48:46 <kaz> q?
14:48:48 <kaz> q-
14:49:05 <kaz> q+
14:49:39 <mahda-noura> mm: document requirements from use cases is really a use case, but I think we can still propose a table of requirements. We should only merge it after review
14:50:18 <mahda-noura> ...in our next security we should have that table ready and than have a use call for review
14:50:41 <mahda-noura> ...Kaz we need to schedule a use case call, how do we want to do that?
14:51:36 <mahda-noura> kaz: before knowing the availability of people, we need to make announcement as part of the IG charter discussion that we need to look into existing use cases as a starting point for the WoT 2.0
14:52:04 <mahda-noura> mm: I think updating the use case document is an output to the IG charter not input
14:52:57 <mahda-noura> kaz: regarding the IG, we don't necessarily care what is what, we of course need to care about the charter definition, what is required for the wot group is a clear gap analysis
14:53:23 <mahda-noura> mm: we don't need to wait for the new charter to start
14:53:33 <mahda-noura> ...we can go ahead and schedule a meeting in January
14:53:55 <mahda-noura> ...we announce it in the main call, and then send an email
14:55:20 <kaz> scribenick: kaz
14:55:22 <kaz> kaz: right
14:55:42 <kaz> ... that's why I've been suggesting we relaunch the IG's Use Cases TF asap.
14:56:13 <kaz> q-
14:56:17 <kaz> [adjourned]
14:58:43 <kaz> s/kaz: before knowing the availability of people, we need to make announcement as part of the IG charter discussion that we need to look into existing use cases as a starting point for the WoT 2.0/We can create a Doodle poll to get people's availability, but before that, we should make an announcement as part of the IG Charter discussion that we should look into the existing use cases as a starting point for gap analysis./
15:00:16 <kaz> s/is an output to the IG charter not input/is not input but output of the current IG Charter/
15:02:45 <kaz> s/regarding the IG, we don't necessarily care what is what, we of course need to care about the charter definition, what is required for the wot group is a clear gap analysis/We don't need to care about when the new IG Charter starts, because there is no gap between the current IG Charter and the next IG Charter as usual. Also clarifying use cases and requirements for WoT specs is already the task of the WoT IG. What is important is clarifying the
15:02:45 <kaz> gaps between the existing WoT standards and our use cases for WoT 2.0 standardization./
15:02:56 <kaz> rrsagent, draft minutes
15:02:57 <RRSAgent> I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz
15:03:59 <kaz> s|gaps between the existing WoT standards and our use cases for WoT 2.0 standardization./||
15:04:51 <kaz> s/important is clarifying the/important is clarifying the gaps between the existing WoT 1.1 standards and our use cases for WoT 2.0 standardization./
15:05:20 <kaz> rrsagent, draft minutes
15:05:22 <RRSAgent> I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz
15:07:48 <kaz> s/already the task of the WoT IG/already the task of the current WoT IG/
15:07:49 <kaz> rrsagent, draft minutes
15:07:51 <RRSAgent> I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz