- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 02 Mar 2020 23:20:13 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2020/02/24-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT-Security
24 Feb 2020
[2]Agenda
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#24_Feb_2020
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Oliver_Pfaff, Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
kaz
Contents
* [3]Topics
1. [4]Review minutes
2. [5]PING feedback
3. [6]DID review
4. [7]PRs
5. [8]Issue 160
* [9]Summary of Action Items
* [10]Summary of Resolutions
__________________________________________________________
McCool: agenda at:
[11]https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf
... any other topics?
[11] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf
(none)
Review minutes
[12]Feb-17 minutes
[12] https://www.w3.org/2020/02/17-wot-sec-minutes.html
McCool: (goes through the previous minutes)
... review minutes, DID review and remaining issues
... any objections to accept them?
(none)
McCool: the minutes have been accepted
PING feedback
[13]PING Issue 17
[13] https://github.com/w3cping/privacy-threat-model/issues/17
McCool: no feedback yet
... will poke them
DID review
<McCool>
[14]https://github.com/w3c/wot-architecture/blob/master/proposa
ls/2020-02-WoT-DID.pdf
[14] https://github.com/w3c/wot-architecture/blob/master/proposals/2020-02-WoT-DID.pdf
McCool: presented slides during the architecture call last week
(slides above)
... (adds the URL to the wot-security wiki as well)
... went through the DID use cases and the DID core spec
... in terms of security, there were a couple of interesting
things
... public key, authentication
... useful way for certification
... document may describe the service end point
... how to deal with the discovery mechanism for WoT would be
the question for the next steps
... (creates an issue on wot-security)
<McCool> new
issue:[15]https://github.com/w3c/wot-security/issues/161
[15] https://github.com/w3c/wot-security/issues/161
McCool: should I go through the slides?
... let me skim them
... [DIDs and DID Documents: Simple Example]
... did example and did document
... DID document is a JSON-LD document
... every block include an ID
... implementation could be done by blockchain, etc.
... [Basic Requirements]
... [Design Goals]
... bunch of goals
... [Key Terminology]
... DID document, DID method, DID subject, ...
... DID controller
... service endpoint
... could be anything which has API
... WoT could be an end point
... [DID Actions Related to CRUD Verbs]
... diagram from the DID core spec including create, read,
use/update, delete
... subject would be "Thing" for WoT
... [Applicable Use Case]
... [DID URLs]
... detail here
... did:method: identifier{;params}{/path}{#fragment}{?query}
... identifiers should be globally unique and immutable
... no collisions
... however, entities can have nore than one identifier
... not sure about "/path" here
... paths can identify resources
... [DID Documents]
... JSON-LD 1.1 features used
... "id" and "type" as alias of "@id" and "@type"
... [Service Endpoint Examples]
... [Possible Applicability to WoT]
... didn't dig into this
... use of DIDs as Thing ids
... question: what should the DID document related to a Thing
contain?
... should we list all the possible interactions?
... what is allowed there?
... would be probably dangerous
... probably reasonable to consider TDs as service end points?
... what about TD directories as service end points?
... DID documents' service lists are similar to CoRE RD data
... we probably should discuss discovery topics
... starting with the wot-discovery calls first
... and then wot-security calls as well
... [Other References and Related Standards]
... DID Resolution, DID WG minutes, DID Primer, DID WG pages
... DID Implementation Guide
... referring to the wikipedia page of "Privacy by design"
... created an issue (issue 161)
Oliver: pretty interesting
... would like to see follow-up discussions
McCool: yes
... DID documents based on distributed public keys
... should follow up this topic using the GitHub issue
... have been asking the DID guys to have collaborative
discussion
... need to confirm the concrete date/time
[16]Online f2f wiki
[16] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_16-19_March_2020,_Online
McCool: will confirm the date/time with them
... at least 2 hours
... and need to see how much to give their talk
PRs
[17]PRs
[17] https://github.com/w3c/wot-security/pulls
McCool: 4 PRs there
[18]PR 156
[18] https://github.com/w3c/wot-security/pull/156
[19]Changes
[19] https://github.com/w3c/wot-security/pull/156/files
McCool: made a comment
... but I'm OK with the updated text
... any other comments?
(none)
McCool: PR 156 merged
... btw, we need some housekeeping about the files on GitHub
... e.g., index.html vs Overview.html
Kaz: we need to apply the change to index.html as well. right?
McCool: yeah
... let's quickly check the files
... we don't use "Overview.html" any more
... Oliver, can you make the same change for index.html as
well?
Oliver: yes
McCool: (checks the files at
[20]https://github.com/w3c/wot-scripting-api)
... maybe we should archive obsolete files
... security-best-practices, etc.
... will look into the detail later
[20] https://github.com/w3c/wot-scripting-api
[21]PR 157
[21] https://github.com/w3c/wot-security/pull/157
McCool: next PR 157
... any objections to merge it?
(none)
McCool: merged
[22]PR 158
[22] https://github.com/w3c/wot-security/pull/158
McCool: we can merge this since it's typo fixing
... OK with merging this and then archiving
Kaz: +1
McCool: (add comments and then merge it)
[23]PR 159
[23] https://github.com/w3c/wot-security/pull/159
McCool: btw, would suggest people insert break lines for diff
purposes
[24]Rendered version
[24] https://cdn.statically.io/gh/OliverPfaff/wot-security/patch-6/index.html
McCool: we should apply this PR to not the "working" branch but
the "master" branch
... will check it later
Issue 160
[25]Issue 160
[25] https://github.com/w3c/wot-security/issues/160
McCool: Zoltan is not here today
... will talk with him later
... seems there is some misunderstanding
... we can discuss it during the wot-discovery call as well
... (creates a new issue for wot-discovery)
[26]wot-discovery issue 2
[26] https://github.com/w3c/wot-discovery/issues/2
[adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [27]scribe.perl version 1.154 ([28]CVS log)
$Date: 2020/03/02 13:08:49 $
[27] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[28] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 2 March 2020 14:20:22 UTC