13:03:02 <RRSAgent> RRSAgent has joined #wot-sec
13:03:06 <RRSAgent> logging to https://www.w3.org/2024/03/18-wot-sec-irc
13:03:12 <kaz> meeting: WoT Security
13:03:31 <kaz> present+ Kaz_Ashimura, Jan_Romann, Michael_McCool
13:03:53 <McCool_> McCool_ has joined #wot-sec
13:06:19 <kaz> topic: Minutes
13:06:35 <kaz> -> https://www.w3.org/2024/03/11-wot-sec-minutes.html Mar-11
13:06:49 <kaz> present+ Tomoaki_Mizushima
13:07:38 <kaz> mm: would check Mahda's availability
13:09:43 <kaz> approved
13:10:12 <kaz> topic: Security Categories
13:10:15 <McCool_> https://github.com/w3c/wot-usecases/blob/mmccool-patch-2/USE-CASES/security-categories.csv
13:10:45 <McCool_> https://github.com/w3c/wot-usecases/pull/255
13:11:21 <kaz> s|https://github.com/w3c/wot-usecases/pull/255|-> https://github.com/w3c/wot-usecases/pull/255 PR 255 - @@@
13:11:28 <kaz> mm: added some edits
13:12:08 <kaz> ... (goes through the updates within PR 255)
13:12:29 <kaz> s/@@@/Update security-categories.csv/
13:12:56 <kaz> ... related issue on wot-usecases repo
13:14:08 <kaz> ... want to bring up is security/privacy consideration within the Use Case template
13:15:12 <kaz> ... to see if each use case correspond to each categorization, e.g, Public Service or not
13:15:18 <kaz> s/e.g,/e.g.,/
13:17:07 <kaz> jr: what's the different between "Private Information" and "Confidential Information"?
13:17:45 <kaz> mm: PII and business confidential
13:17:46 <kaz> q+
13:18:59 <kaz> q+ That could be an initial definition, but "Private Information" is not equal to "PII"...
13:19:06 <kaz> kaz: That could be an initial definition, but "Private Information" is not equal to "PII"...
13:19:09 <kaz> q?
13:19:11 <kaz> ack k
13:22:20 <kaz> ... PII is basically information to identify the user
13:22:51 <kaz> ... while "private information" could be broader and include "my shopping history"
13:22:56 <kaz> ack k
13:23:19 <kaz> mm: should say "private/PII" instead then
13:24:36 <kaz> kaz: "business confidential" also could have several levels, e.g., personal level and company level
13:25:00 <kaz> mm: we could think about several sub-categories to handle those levels
13:27:12 <kaz> q?
13:27:55 <kaz> ... would work with David, etc., for further discussion
13:29:40 <kaz> ... also would add another column to capture if the submitter confirms the categorization
13:30:54 <kaz> [adjourned]
13:30:58 <kaz> rrsagent, make log public
13:31:02 <kaz> rrsagent, draft minutes
13:31:04 <RRSAgent> I have made the request to generate https://www.w3.org/2024/03/18-wot-sec-minutes.html kaz
13:41:21 <JKRhb> JKRhb has joined #wot-sec
15:02:09 <JKRhb> JKRhb has joined #wot-sec
15:26:26 <JKRhb> JKRhb has joined #wot-sec
15:28:43 <Zakim> Zakim has left #wot-sec
17:28:03 <JKRhb> JKRhb has joined #wot-sec
17:56:39 <JKRhb> JKRhb has joined #wot-sec
19:58:00 <JKRhb> JKRhb has joined #wot-sec
20:19:29 <JKRhb> JKRhb has joined #wot-sec
20:36:54 <JKRhb> JKRhb has joined #wot-sec
20:47:19 <JKRhb> JKRhb has joined #wot-sec
21:06:37 <JKRhb> JKRhb has joined #wot-sec
21:48:15 <JKRhb> JKRhb has joined #wot-sec
21:52:16 <JKRhb> JKRhb has joined #wot-sec
21:57:07 <JKRhb> JKRhb has joined #wot-sec