- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 18 Aug 2020 20:35:56 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2020/08/10-wot-sec-minutes.html also as text below. Thanks a lot for taking the minutes, Oliver! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 10 Aug 2020 Attendees Present Kaz_Ashimura, Farshid_Tavakolizadeh, Michael_McCool, Oliver_Pfaff, Clerley_Silveira, Cristiano_Aguzzi, Tomoaki_Mizushima, David_Ezell Regrets Elena_Reshetova Chair McCool Scribe Oliver Contents * [2]Topics 1. [3]Prev minutes 2. [4]OAuth2 updates 3. [5]Issue 166 - TD Issue 940 4. [6]TD Issue 901 5. [7]Issue 170 6. [8]Issue 168 * [9]Summary of Action Items * [10]Summary of Resolutions __________________________________________________________ <kaz> scribenick: Oliver Minutes to be taken by Oliver Prev minutes <kaz> [11]August-3 [11] https://www.w3.org/2020/08/03-wot-sec-minutes.html <kaz> [12]Issue 169 - Security review of Lifecycle model and diagram [12] https://github.com/w3c/wot-security/issues/169 Minutes of the meeting on 2020-08-03 reviewed with no objections; they are considered published Oliver to review issue #169 on the component lifecycle and provide feedback OAuth2 updates <kaz> [13]wot-thing-description PR 927 [13] https://github.com/w3c/wot-thing-description/pull/927 <kaz> [14]Preview - 5.3.3.8 OAuth2SecurityScheme [14] https://pr-preview.s3.amazonaws.com/mmccool/wot-thing-description/pull/927.html#oauth2securityscheme Status of the issue #927 about the OAuth2SecurityScheme section (WoT Description) reviewed; notes therein added. Some minor cleanup is still needed then merging can happen <kaz> (McCool changed the state of PR927 to "Draft") Issue 166 - TD Issue 940 Issue #166 in WoT Security (Integrity protection for TDs) was cloned to #940 in WoT Description to create awareness in TD <inserted> [15]Issue 166 [15] https://github.com/w3c/wot-security/issues/166 <kaz> [16]wot-thing-description TD Issue 940 [16] https://github.com/w3c/wot-thing-description/issues/940 <kaz> [17]Linked Data Proofs 1.0 draft [17] https://w3c-ccg.github.io/ld-proofs/ Note added to TD Issue #940 about Id-proof (planned section on "proofChains") <kaz> [18]McCool's comments to TD Issue 940 [18] https://github.com/w3c/wot-thing-description/issues/940#issuecomment-671325684 Team comments to be provided as notes to #940 TD Issue 901 <kaz> [19]TD Issue 901 [19] https://github.com/w3c/wot-thing-description/issues/901 Issue #901 in WoT Thing Description repo about multiple security schemes reviewed (esp. with respect OR/AND) Options: 1. Array of arrays: [["sc1","sc2"],"sc3"]. Problem: nesting depth changes AND to OR; special rule that array of one element can be treated as a string may not work 2. Wrapper object: { "and": ["sc1", "sc2"], "or": "sc3"}. Breaks compatibility. 3. Farshid's suggestion above: {"scheme1": { "scheme2": {}}}. This is like a LISP CADR list... breaks compatibility. 4. Another option would be to define "or" (and maybe "and" for completeness) schemes in "securityDefinitions" Proposed next step: create PR for option 4, this PR should be incorporated in TD 1.1 Additional consideration: can be array-of-flows be made compatible? Other additional consideration: more compact notion for AND/OR The alternative notations come with challenges with respect to backward compatibility and parsing complexity. Closer examinations are needed Michael to care about creating the above mentioned PR <kaz> [20]McCool's updated comments [20] https://github.com/w3c/wot-thing-description/issues/901#issuecomment-671334655 Issue 170 Reviewed issue #170 (WoT Security) about the Conexxus Security&Privacy use case <kaz> [21]Issue 170 [21] https://github.com/w3c/wot-security/issues/170 <kaz> [22]Conexxus documents [22] https://www.conexxus.org/documentation-guidelines-templates Added a note providing a link to a (publicly available) developer document on conexxus.com <kaz> [23]McCool's comment including links to Conexxus Threat Model template documents [23] https://github.com/w3c/wot-security/issues/170#issuecomment-671336193 Issue 168 <kaz> [24]Issue 168 [24] https://github.com/w3c/wot-security/issues/168 With respect to issue #168, the current understanding is to add the HTML file from now on McCool will create a PR for HTML to include "security and privacy considerations" sections (as blank sections at the moment) <inserted> [25]McCool's comment about that point [25] https://github.com/w3c/wot-security/issues/168#issuecomment-671338489 Meeting closed [adjourned] Summary of Action Items Summary of Resolutions [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [26]scribe.perl version ([27]CVS log) $Date: 2020/08/11 07:33:43 $ [26] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [27] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 18 August 2020 11:36:05 UTC