On 13 October 2016 at 01:51, Martin Thomson <m...@mozilla.com> wrote:
> I agree with this sentiment, but I don't think that we need to insist > that a new W3C group solve these issues. I'm very much concerned with > the question of how a new "thing" might be authenticated, even how > clients of the thing are authenticated, those are definitely well > within their remit and it should be an important consideration. > > We shouldn't hold the group responsible for the failings of the > industry at large though, no matter how egregious those failings. > Yes, and let's not be so quick to criticise without an alternative to propose. *Building the Web of Things* has a chapter on "Securing and sharing web Things" which covers encryption (TLS, HTTPS, WSS), authentication (OAuth), authorization and access control (API tokens and ACLs). EVRYTHNG have a white paper <https://evrythng.com/resources/white-papers/securing-the-internet-of-things/> on this topic which also touches on other areas like network layer encryption, firmware vulnerabilities, ISO 27001, SOC 1/2/3, PCI DSS and addresses the "OWASP Internet of Things Top Ten vulnerabilities". That seems like a good foundation to build on. I mention this because EVRYTHNG is one of the members of the Interest Group so I think the expertise is there, it's just a bit buried at the moment in all the noise. Maybe that's something we can help with. This is probably OK. I would start with this though: > * insufficiently precise statement of goals; needs more research and > incubation time > I hope we can come up with something a bit more constructive than "insufficiently precise statement of goals". I suggest moving this discussion to dev-iot <https://mail.mozilla.org/pipermail/mozilla.dev.iot/2016-October/thread.html#24>. dev-platform is now only really about the back end of Firefox which isn't very relevant here. WoT mainly concerns the server side of the web stack. Ben _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
