Security, Privacy and Resilience: Difference between revisions
Oliverpfaff (talk | contribs) |
Oliverpfaff (talk | contribs) No edit summary |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 11: | Line 11: | ||
== Deliverables == | == Deliverables == | ||
The proposed work items and deliverables for a first phase (say 3-4 months) of WoT IG work on security and privacy are: | The proposed work items and deliverables for a first phase (say 3-4 months) of WoT IG work on security and privacy are: | ||
* [[Security&Privacy Requirements]]: an identification of security and privacy requirements in the use cases that are considered by the WoT IG. | * [[Security&Privacy Challenges]]: traditional Web and office IT established practices in security and privacy but it is not sufficient to just translate them to to WoT. This deliverable identifies challenges that drive security and privacy in WoT | ||
* [[Security&Privacy Requirements]]: an identification of security and privacy requirements in the use cases that are considered by the WoT IG. | |||
* [[Landscape of Security&Privacy Means]]: surveys the landscape of security&privacy means for WoT. | * [[Landscape of Security&Privacy Means]]: surveys the landscape of security&privacy means for WoT. | ||
* [[Security&Privacy Advanced Concepts]]: complements the atomic view of the requirements catalogue and mechanism candidates with a composite view. This addresses notions such as end-to-end security | * [[Security&Privacy Advanced Concepts]]: complements the atomic view of the requirements catalogue and mechanism candidates with a composite view. This addresses notions such as end-to-end security | ||
* [[Security&Privacy Glossary]]: a means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience | * [[Security&Privacy Glossary]]: a means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience | ||
* [[Security&Privacy References]]: another means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience | * [[Security&Privacy References]]: another means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience | ||
The work items and deliverables for a subsequent phase remain to-be-defined | The work items and deliverables for a subsequent phase remain to-be-defined | ||
== Other Task Forces == | == Other Task Forces == | ||
Work on WoT security and privacy will be conducted in close interactions with other WoT IG task forces: | Work on WoT security and privacy will be conducted in close interactions with other WoT IG task forces: | ||
| Line 29: | Line 30: | ||
[IG-SP] conf calls happen in a biweekly schedule starting Aug, 20, 2015. I.e. in the weeks with even numbers throughout calender year 2015 | [IG-SP] conf calls happen in a biweekly schedule starting Aug, 20, 2015. I.e. in the weeks with even numbers throughout calender year 2015 | ||
During these weeks conf calls are conducted on Thursdays at [http://www.worldtimebuddy.com/?qm=1&lid=8,12,1850147,100&h=2&date=2015-8-20&sln=6-7.5 14:00 - 15:30 BST / 15:00 - 16:30 CEST / 6:00 - 7:30 PDT / 22:00 - 23:30 JST], [https://mit.webex.com/mit/j.php?MTID=m0339f31ea9c8135f874f993c8d6bd231 webex], host key 353799 | During these weeks conf calls are conducted on Thursdays at [http://www.worldtimebuddy.com/?qm=1&lid=8,12,1850147,100&h=2&date=2015-8-20&sln=6-7.5 14:00 - 15:30 BST / 15:00 - 16:30 CEST / 6:00 - 7:30 PDT / 22:00 - 23:30 JST], [https://mit.webex.com/mit/j.php?MTID=m0339f31ea9c8135f874f993c8d6bd231 webex], host key 353799 | ||
Conf call minutes will be taken on the IRC channel http://irc.w3.org/?channels=wot-sp | |||
Latest revision as of 20:02, 10 December 2015
This is the landing page for work on security and privacy (short: SP) in the WoT IG.
Working Hypotheses
Initial working hypotheses on WoT security and privacy are:
- There will be no one-size-fits-all solution for security and privacy it WoT – the given use cases and constraints do vary too much along WoT scenarios
- Work does not start on an empty page – there are existing patterns, (standard) protocols, mechanisms, components that can be re-used (with or without adaptation)
- Work can not assume to find reusables for every WoT security and privacy requirement – the set of available offerings will have whitespots
- Rather than a (single, normative) reference architecture for WoT security and privacy there will be a suite of artifacts from which WoT products/projects will serve themselves. Think of this suite as a chocolate box ;-)
-
Chocolate Box
Deliverables
The proposed work items and deliverables for a first phase (say 3-4 months) of WoT IG work on security and privacy are:
- Security&Privacy Challenges: traditional Web and office IT established practices in security and privacy but it is not sufficient to just translate them to to WoT. This deliverable identifies challenges that drive security and privacy in WoT
- Security&Privacy Requirements: an identification of security and privacy requirements in the use cases that are considered by the WoT IG.
- Landscape of Security&Privacy Means: surveys the landscape of security&privacy means for WoT.
- Security&Privacy Advanced Concepts: complements the atomic view of the requirements catalogue and mechanism candidates with a composite view. This addresses notions such as end-to-end security
- Security&Privacy Glossary: a means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience
- Security&Privacy References: another means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience
The work items and deliverables for a subsequent phase remain to-be-defined
Other Task Forces
Work on WoT security and privacy will be conducted in close interactions with other WoT IG task forces:
- Use cases and requirements across business sector: our “customer”, using Security&Privacy Mechanism Candidates
- Liaison with external organisations: our „suppliers“, underpinning “eligible bodies” in Security&Privacy Mechanism Candidates
- Web of Things Framework: a WoT security and privacy framework builds upon Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts and obviously need to match the overall WoT framework
- Business to Consumer: the case of „consumer goods“ as e.g. WoT devices (such as: health wristband) which needs to be covered by Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts
- Business to Business: the case of „capital or investment goods“ as e.g. WoT devices (such as: industrial controllers) which needs to be covered by Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts
- WoT Devices: similar as for Web of Things Framework
Conf Calls
[IG-SP] conf calls happen in a biweekly schedule starting Aug, 20, 2015. I.e. in the weeks with even numbers throughout calender year 2015 During these weeks conf calls are conducted on Thursdays at 14:00 - 15:30 BST / 15:00 - 16:30 CEST / 6:00 - 7:30 PDT / 22:00 - 23:30 JST, webex, host key 353799
Conf call minutes will be taken on the IRC channel http://irc.w3.org/?channels=wot-sp