W3C

– DRAFT –
WoT Security

26 February 2024

Attendees

Present
Jan_Romann, Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
kaz

Meeting minutes

Minutes

Jan-15

approved

Logistics

McCool: Security calls will be cancelled on April 1 and 8

Cancellations section on the main wiki

Publication schedule

schedule.md

McCool: when to publish an updated Security/Privacy Note?

Kaz: some time similar to the UC Note, e.g., Sep?

McCool: would propose September, 2025

Kaz: would be better to have it a bit earlier given Security/Privacy consideration is a basis of the other specs
… also we should think about which content to be dealt with the Security/Privacy Note side, and which to be dealt with the spec side

McCool: right

Use Cases and Requirements

wot-usecases/USE-CASES/security-categories.csv

McCool: we've been discussing how to deal with the security categories

Use Cases/Requirements Note (ED)

McCool: (shows security description within the Use Cases/Requirements Note)
… the question is how to proceed
… should we wait until the template is ready?
… this table (security-categories.csv) shows the general categories

Kaz: would suggest we (Sec TF) wait until the UC TF clarifies the procedure
… specifically, what/how to describe the Functional Requirements and the Technical Requirements
… I believe Mizushima-san is working on that for the discussion tomorrow
… and we can revisit this CSV table on security categories at that time
… maybe we can start with Mizushima-san's example on smart home

McCool: ok

mizu: agree with Kaz
… we need concrete template for requirements description as well
… otherwise people tend to get confused

McCool: agree
… note that I think each requirement following the template and clarify what kind of threat to be mitigated for which category
… let's see how the new updated template would fit

Issues

Issue 231

Issue 231 - Wot-sec ontology

McCool: would be better to get Mahda's participation for this
… splitting security terms into a smaller ontology
… should this issue be moved to the wot-thing-description repo?

Kaz: we need to think about the whole ontology design first

McCool: that's true but this proposal itself is part of the TD ontology

wot-thing-description/ontology/wotsec.ttl

jr: maybe we could consider to create a project around security to collect security issues from all the related repos

McCool: think we already have that mechanism

Kaz: given the resource is currently handled within the wot-thing-description repo, I'm OK to move this issue itself to the wot-thing-description repo

McCool: (moved the issue to wot-thing-repository repo)

transferred to wot-thing-description Issue 1978 - Wot-sec ontology

Kaz: you might want to add a label on "security" to this issue too.

<McCool_> w3c/wot-thing-description#1978

McCool: yes
… (adds "Security" label to wot-thing-description Issue 1978)

[adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 221 (Fri Jul 21 14:01:30 2023 UTC).