IRC log of wot-sec on 2023-12-11

Timestamps are in UTC.

14:01:01 [RRSAgent]

RRSAgent has joined #wot-sec

14:01:05 [RRSAgent]

logging to https://www.w3.org/2023/12/11-wot-sec-irc

14:01:11 [mahda-noura]

mahda-noura has joined #wot-sec

14:01:15 [McCool_]

McCool_ has joined #wot-sec

14:01:35 [kaz]

meeting: WoT Security

14:02:26 [kaz]

present+ Kaz_Ashimura, Michael_McCool, Jan_Romann, Mahda_Noura

14:02:42 [JKRhb]

JKRhb has joined #wot-sec

14:05:48 [kaz]

agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#11_December_2023

14:06:13 [kaz]

scribenick: mahda-noura

14:06:19 [mahda-noura]

ScribeNick: mahda-noura

14:06:25 [mahda-noura]

Topic: Minutes

14:06:31 [kaz]

-> https://www.w3.org/2023/12/04-wot-sec-minutes.html Dec-4

14:06:45 [Mizushima]

Mizushima has joined #wot-sec

14:08:21 [mahda-noura]

mccool: additional links required to be added to the meeting notes from last week

14:09:02 [kaz]

s/mccool: additional links required to be added to the meeting notes from last week//

14:09:13 [kaz]

rrsagent, make log public

14:09:16 [kaz]

rrsagent, draft minutes

14:09:18 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz

14:09:26 [kaz]

chair: McCool

14:09:28 [mahda-noura]

mm: approved minutes

14:09:29 [kaz]

present+ Tomoaki_Mizushima

14:09:40 [kaz]

q+

14:09:48 [mahda-noura]

Topic: Logistics

14:10:10 [mahda-noura]

mm: next week there will be no meeting due to the conflict with nordict meeting

14:10:25 [mahda-noura]

mm: we should find a solution for this to not require to cancel the meetings

14:10:40 [mahda-noura]

Topic: Requirements and Use Cases

14:10:59 [mahda-noura]

mm: We will continue on the use case document today and completing the table

14:11:47 [kaz]

q-

14:11:59 [kaz]

i|We will|-> https://github.com/w3c/wot-usecases/blob/main/USE-CASES/security-categories.csv security-categories.csv

14:12:04 [kaz]

rrsagent, make log public

14:12:08 [kaz]

rrsagent, draft minutes

14:12:09 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz

14:13:08 [mahda-noura]

mm: for later we need to create a new column to split the private information column

14:13:33 [kaz]

q+

14:13:53 [mahda-noura]

https://w3c.github.io/wot-usecases/#UC-smartcity-geolocation-1

14:16:14 [mahda-noura]

mm: it's not really PII, safety critical - geo location might be safety critical in cases like an emergency, business critical- yes due to managing infrastructure

14:17:00 [mahda-noura]

kaz: I am not sure if it would be the best to use this existing use case from Signapoor without having the original people

14:17:39 [kaz]

s/Signapoor/Singapore/

14:17:51 [mahda-noura]

mm: we will do a draft and ask them, for now we are reading through what we have and try to extract requirements. But certaintly we haven't clarified what this geolocation device is and the use case is ambigious

14:18:03 [kaz]

s/original people/original proposer or the other stakeholders from smart cities/

14:18:41 [mahda-noura]

kaz: I would like to strongly suggest that we should focus on better template instead of putting content into it

14:19:08 [mahda-noura]

mm: we will be creating a link from the requirements to the category, so this table is a different form of these links

14:19:25 [kaz]

s/I am not/I'm OK with working on Smart Cities use cases, but I'm not/

14:19:46 [mahda-noura]

mm: so, this is really us going through use cases and taking notes on what we think is true

14:20:05 [mahda-noura]

kaz: I can talk again with some members for further collaboration for the use cases

14:20:37 [mahda-noura]

mm: we haven't commited any change on the document itself, and eventually we will contact the original contributors

14:20:52 [kaz]

s/some members for further/key stakeholders from smart cities and ask them about their possible/

14:21:03 [kaz]

rrsagent, make log public

14:21:10 [kaz]

rrsagent, draft minutes

14:21:11 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz

14:21:21 [mahda-noura]

https://w3c.github.io/wot-usecases/#UC-smartcity-dashboard-1

14:23:28 [mahda-noura]

https://w3c.github.io/wot-usecases/#UC-interactive-public-spaces-1

14:24:33 [mahda-noura]

mm: it is a public service, in community service we may have different events and personalized information, a mixture of public and private information. maybe you want to rent a room and provide personalization

14:25:23 [mahda-noura]

...also about a blind person walking to a map, and telling it that he/she is blind, this needs to be done secure

14:26:07 [mahda-noura]

https://w3c.github.io/wot-usecases/#UC-meeting-room-event-assistance-1

14:26:24 [mahda-noura]

mm: it's not a public service and it's similar to the previous use case

14:26:55 [kaz]

q+

14:27:14 [mahda-noura]

...I walk into a meeting room and it doesn't load my preferences is not a big deal, but if I manage to mess around the settings than it is critical

14:27:59 [mahda-noura]

kaz: what we have been doing, the method might have been correct, at this stage of our charter we should try to get interesting analysis from other SDOs

14:28:16 [mahda-noura]

mm: I am not against that, but we have 73 use cases and we need to extract the information

14:28:35 [mahda-noura]

kaz: yes, how we extract the information is key, if there is a guideline it would be nicer

14:29:53 [mahda-noura]

mm: that is true, extracting useful information from that and turn it into requirements, there is multiple source of inputs for requirements, we have to look at each individually, this is essentially sumarizing the requirements that are required to do this.

14:30:37 [mahda-noura]

...we could spend years looking at existing documents and extracting information out of them

14:30:46 [mahda-noura]

kaz: we could also ask people for help

14:31:03 [mahda-noura]

mm: sure, but that does not excuse us from our own existing use cases

14:31:33 [mahda-noura]

kaz: I am not objecting analyzing our own use cases, but regarding the methods we should and can consult

14:32:33 [mahda-noura]

mm: totally agree, but right now we have work items, for future we can also look at different use cases and link them to what we are currently doing

14:33:30 [mahda-noura]

mm: for retail use case we could invite the original contributors

14:33:42 [mahda-noura]

mm: the building use cases were done mainly by siemens

14:34:07 [mahda-noura]

kaz: as Ege mentioned during the main call and TD call, think about the coverage of existing specification

14:34:34 [mahda-noura]

mm: for the discovery spec we have requirements, thats related to coverage, full, partiall, or no coverage

14:34:52 [mahda-noura]

...I think for security there are some things that are not adequately satsified

14:35:22 [mahda-noura]

...only counting the number of satsified items are also not enough

14:35:37 [mahda-noura]

kaz: we can concentrate on what is missing, gap analysis

14:36:13 [mahda-noura]

mm: we won't know that until we don't finish our current task

14:36:33 [mahda-noura]

kaz: from my viewpoint, the current categorization could help us speed the coverage at the end

14:36:40 [kaz]

s/my/your/

14:36:56 [kaz]

s/at the end/at the end, couldn't it?/

14:37:17 [mahda-noura]

mm: for security we are linking through categories, and we only have 5 categories, however for discovery it is more difficult because we have a 1:1 mapping

14:38:25 [mahda-noura]

mm: is this activity something that we should all do, or some do it and review it

14:38:50 [mahda-noura]

kaz: we should clarify the gap analysis and what has been updated

14:39:46 [kaz]

s/updated/updated from which version how/

14:39:59 [mahda-noura]

mm: we need to be concrete, we feel this use cases needs a mitigation of x, is this correct. I want to create a sumarry then ask for input to get more concrete input

14:40:32 [mahda-noura]

mm: I think we should do this task outside this meeting, I can do a PR

14:41:05 [mahda-noura]

...we can merge the current ones we did together as a baseline

14:41:28 [mahda-noura]

any obection to merging?

14:41:44 [mahda-noura]

...updating the csv file

14:41:47 [mahda-noura]

(none)

14:44:33 [mahda-noura]

mm: will do the rest offline and discuss it in a use case call

14:45:59 [mahda-noura]

mahda: I can provide help in some of the categories

14:46:50 [mahda-noura]

mm: Mahda is assigned 2.3, 2.4 and 2.7 use cases

14:48:34 [mahda-noura]

https://github.com/w3c/wot-usecases/pull/255

14:48:46 [kaz]

q?

14:48:48 [kaz]

q-

14:49:05 [kaz]

q+

14:49:39 [mahda-noura]

mm: document requirements from use cases is really a use case, but I think we can still propose a table of requirements. We should only merge it after review

14:50:18 [mahda-noura]

...in our next security we should have that table ready and than have a use call for review

14:50:41 [mahda-noura]

...Kaz we need to schedule a use case call, how do we want to do that?

14:51:36 [mahda-noura]

kaz: before knowing the availability of people, we need to make announcement as part of the IG charter discussion that we need to look into existing use cases as a starting point for the WoT 2.0

14:52:04 [mahda-noura]

mm: I think updating the use case document is an output to the IG charter not input

14:52:57 [mahda-noura]

kaz: regarding the IG, we don't necessarily care what is what, we of course need to care about the charter definition, what is required for the wot group is a clear gap analysis

14:53:23 [mahda-noura]

mm: we don't need to wait for the new charter to start

14:53:33 [mahda-noura]

...we can go ahead and schedule a meeting in January

14:53:55 [mahda-noura]

...we announce it in the main call, and then send an email

14:55:20 [kaz]

scribenick: kaz

14:55:22 [kaz]

kaz: right

14:55:42 [kaz]

... that's why I've been suggesting we relaunch the IG's Use Cases TF asap.

14:56:13 [kaz]

q-

14:56:17 [kaz]

[adjourned]

14:58:43 [kaz]

s/kaz: before knowing the availability of people, we need to make announcement as part of the IG charter discussion that we need to look into existing use cases as a starting point for the WoT 2.0/We can create a Doodle poll to get people's availability, but before that, we should make an announcement as part of the IG Charter discussion that we should look into the existing use cases as a starting point for gap analysis./

15:00:16 [kaz]

s/is an output to the IG charter not input/is not input but output of the current IG Charter/

15:02:45 [kaz]

s/regarding the IG, we don't necessarily care what is what, we of course need to care about the charter definition, what is required for the wot group is a clear gap analysis/We don't need to care about when the new IG Charter starts, because there is no gap between the current IG Charter and the next IG Charter as usual. Also clarifying use cases and requirements for WoT specs is already the task of the WoT IG. What is important is clarifying the

15:02:45 [kaz]

gaps between the existing WoT standards and our use cases for WoT 2.0 standardization./

15:02:56 [kaz]

rrsagent, draft minutes

15:02:57 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz

15:03:59 [kaz]

s|gaps between the existing WoT standards and our use cases for WoT 2.0 standardization./||

15:04:51 [kaz]

s/important is clarifying the/important is clarifying the gaps between the existing WoT 1.1 standards and our use cases for WoT 2.0 standardization./

15:05:20 [kaz]

rrsagent, draft minutes

15:05:22 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz

15:07:48 [kaz]

s/already the task of the WoT IG/already the task of the current WoT IG/

15:07:49 [kaz]

rrsagent, draft minutes

15:07:51 [RRSAgent]

I have made the request to generate https://www.w3.org/2023/12/11-wot-sec-minutes.html kaz