Security, Privacy and Resilience

This is the landing page for work on security and privacy (short: SP) in the WoT IG.

Working Hypotheses

Initial working hypotheses on WoT security and privacy are:

• There will be no one-size-fits-all solution for security and privacy it WoT – the given use cases and constraints do vary too much along WoT scenarios
• Work does not start on an empty page – there are existing patterns, (standard) protocols, mechanisms, components that can be re-used (with or without adaptation)
• Work can not assume to find reusables for every WoT security and privacy requirement – the set of available offerings will have whitespots
• Rather than a (single, normative) reference architecture for WoT security and privacy there will be a suite of artifacts from which WoT products/projects will serve themselves. Think of this suite as a chocolate box ;-)

• 
  Chocolate Box

Deliverables

The proposed work items and deliverables for a first phase (say 3-4 months) of WoT IG work on security and privacy are:

• Security&Privacy Challenges: traditional Web and office IT established practices in security and privacy but it is not sufficient to just translate them to to WoT. This deliverable identifies challenges that drive security and privacy in WoT
• Security&Privacy Requirements: an identification of security and privacy requirements in the use cases that are considered by the WoT IG.
• Landscape of Security&Privacy Means: surveys the landscape of security&privacy means for WoT.
• Security&Privacy Advanced Concepts: complements the atomic view of the requirements catalogue and mechanism candidates with a composite view. This addresses notions such as end-to-end security
• Security&Privacy Glossary: a means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience
• Security&Privacy References: another means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience

The work items and deliverables for a subsequent phase remain to-be-defined

Other Task Forces

Work on WoT security and privacy will be conducted in close interactions with other WoT IG task forces:

• Use cases and requirements across business sector: our “customer”, using Security&Privacy Mechanism Candidates
• Liaison with external organisations: our „suppliers“, underpinning “eligible bodies” in Security&Privacy Mechanism Candidates
• Web of Things Framework: a WoT security and privacy framework builds upon Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts and obviously need to match the overall WoT framework
• Business to Consumer: the case of „consumer goods“ as e.g. WoT devices (such as: health wristband) which needs to be covered by Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts
• Business to Business: the case of „capital or investment goods“ as e.g. WoT devices (such as: industrial controllers) which needs to be covered by Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts
• WoT Devices: similar as for Web of Things Framework

Conf Calls

[IG-SP] conf calls happen in a biweekly schedule starting Aug, 20, 2015. I.e. in the weeks with even numbers throughout calender year 2015 During these weeks conf calls are conducted on Thursdays at 14:00 - 15:30 BST / 15:00 - 16:30 CEST / 6:00 - 7:30 PDT / 22:00 - 23:30 JST, webex, host key 353799

Conf call minutes will be taken on the IRC channel http://irc.w3.org/?channels=wot-sp