[wot-security] minutes - 23 November 2020 from Kazuyuki Ashimura on 2020-12-07 (public-wot-ig@w3.org from December 2020)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 07 Dec 2020 21:13:13 +0900
To: public-wot-ig@w3.org, public-wot-wg@w3.org
Message-ID: <87ft4hvmp2.wl-ashimura@w3.org>
available at:
  https://www.w3.org/2020/11/23-wot-sec-minutes.html

also as text below.

Thanks a lot for taking the minutes, Elena!

Kazuyuki

---
   [1]W3C

      [1] http://www.w3.org/

                              WoT Security

23 Nov 2020

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Jack_Dickinson, Tomoaki_Mizushima

   Regrets

   Chair
          McCool

   Scribe
          elena

Contents

     * [2]Topics
         1. [3]meeting minutes from last week's call
         2. [4]publication updates
         3. [5]signing
     * [6]Summary of Action Items
     * [7]Summary of Resolutions
     __________________________________________________________

   <kaz> [8]Nov-19 Architecture minutes

      [8] https://www.w3.org/2020/11/19-wot-arch-minutes.html

meeting minutes from last week's call

   <kaz> [9]Nov-16

      [9] https://www.w3.org/2020/11/16-wot-sec-minutes.html

   McCool: any objections accepting the minutes?
   ... no objections, approved

publication updates

   McCool: do we have some changes in security docs that we want
   to publish?
   ... we have changes in end-to-end security section. But maybe
   we can wait for reviews longer and not rush publishing changes
   ... anyone has objections to wait before publishing the delta?

   No objections from anyone

signing

   McCool: in the last week arch call there was a discussion on
   signing
   ... TD and arch guys want to have signing defined pretty soon
   ... we need to review existing JSON documentation on signing
   and also coordinate issues on signing

   <inserted> [10]Nov-19 wot-arch minutes

     [10] https://www.w3.org/2020/11/19-wot-arch-minutes.html

   McCool presenting wot-arch meetings

   McCool: trying to find the relevant issue on signing created
   during arch call

   McCool found the issue in wot-profile repo

   <McCool> [11]https://github.com/w3c/wot-profile/issues/55

     [11] https://github.com/w3c/wot-profile/issues/55

   <McCool> see also existing issues

   <McCool>
   [12]https://github.com/w3c/wot-thing-description/issues/940

     [12] https://github.com/w3c/wot-thing-description/issues/940

   <McCool> [13]https://github.com/w3c/wot-security/issues/166

     [13] https://github.com/w3c/wot-security/issues/166

   <McCool> which should be cross-referenced

   McCool writes down some notes in
   [14]https://github.com/w3c/wot-profile/issues/55

     [14] https://github.com/w3c/wot-profile/issues/55

   <kaz> [15]Nov-19 wot-arch minutes

     [15] https://www.w3.org/2020/11/19-wot-arch-minutes.html

   McCool: JWS might simply sign the string expression, but there
   has to be a process to produce this string from the data to be
   signed
   ... rfc 8785 talks about canonicalization of JSON objects
   ... can be a good start for our work
   ... but there are some issues with a number of points
   ... puts a list under issue
   [16]https://github.com/w3c/wot-profile/issues/55
   ... in security, security element is an array, but array is
   deprecated, so my preference is to simplify the syntax as much
   as possible
   ... I would prefer to wait for JSON-LD to finish their work
   before defining our own signing, but canonicalization is a good
   discussion to have in the meanwhile

     [16] https://github.com/w3c/wot-profile/issues/55

   <McCool> [17]https://tools.ietf.org/html/rfc7515

     [17] https://tools.ietf.org/html/rfc7515

   <McCool> [18]https://tools.ietf.org/html/rfc8785 - JCS

     [18] https://tools.ietf.org/html/rfc8785

   <McCool> [19]https://www.w3.org/TR/vc-data-model/ - VC data
   model

     [19] https://www.w3.org/TR/vc-data-model/

   McCool: if anyone would have time to read through the above and
   provide the feedback on how we can define canonicalization form
   for TD, it would be great
   ... last week we had a discussion on Hubs and Platforms and
   marked some issues with these labels
   ... makes a list of platforms under wot-security issue 66
   ... we are out of time, wanted to remind that Michael is away
   second part of december

   <kaz> [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [20]scribe.perl version
    1.152 ([21]CVS log)
    $Date: 2020/12/07 12:09:17 $

     [20] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [21] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 7 December 2020 12:13:21 UTC