W3C home > Mailing lists > Public > public-wot-ig@w3.org > November 2020

[wot-security][DRAFT] minutes - 9 November 2020

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 16 Nov 2020 17:29:58 +0900
Message-ID: <873619iu0p.wl-ashimura@w3.org>
To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:

also as text below.

Thanks a lot for taking the minutes, Oliver!



      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

09 Nov 2020


          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Jack_Dickinson, Oliver_Pfaff, Tomoaki_Mizushima,





     * [2]Topics
     * [3]Summary of Action Items
     * [4]Summary of Resolutions

   <scribe> Scribe: Oliver

   <kaz> [5]Sep-21

      [5] https://www.w3.org/2020/09/21-wot-sec-minutes.html

   <kaz> [6]vTPAC

      [6] https://www.w3.org/2020/10/05-22-wot-minutes.html

   Last meeting was Sept. 21, 2020

   Today about reviewing what happened in the meanwhile and plan
   next steps

   McCool: (continue to) coordinate with IRTF T2TRG
   ... some WoT Security document cleanups needed including but
   not limited to life-cycle


      [7] https://www.w3.org/2020/10/05-22-wot-minutes.html#item06

   No objection for publishing WoT Security meeting minutes for
   Sept. 21, 2020 => get published


      [8] https://github.com/w3c/wot/blob/master/PRESENTATIONS/2020-10-online-f2f/2020-10-22-WoT-F2F-Security-McCool.pdf

   Review of TPAC esp. the WoT Security slides for TPAC

   WoT Security status presentation was delivered at TPAC by M.
   McCool and recap'ed during this call

   Discussion on whether 'order' is meaningful in combo schemes
   and should be elaborated more

   Issue shall be created to care about whether (and how) or not
   to make 'order' meaningful in combo security schemes

   <McCool> [9]https://github.com/w3c/wot-security/issues/193

      [9] https://github.com/w3c/wot-security/issues/193

   OAuth presentation was delivered at TPAC by C. Aguzzi and
   recap'ed during this call

   Modulo Client Grant Type/Flow most OAuth flows are not
   well-suited for WoT. This should be explicitly addressed in
   guidance info

   Issue #194 created for creating such guidance

   Composition is a concern: API dedicated to application resp.
   security functionality. Which mixture? Which relationship? What
   for which usage? What to call/enforce when?...

   <McCool> proposal: accept the Security sections (Overview and
   OAuth2) sections of the TPAC 2020 minutes as revised and

   No objections against publishing the WoT Security-specific
   portion of the TPAC meeting notes => get published

   RESOLUTION: accept the Security sections (Overview and OAuth2)
   sections of the TPAC 2020 minutes as revised and reviewed.

   Manifest of next step items collected and captured in the call

   <McCool> [10]https://github.com/w3c/wot-security/issues/195

     [10] https://github.com/w3c/wot-security/issues/195

   Dec 7 will probably be the last WoT Security call this year

   Meeting closed

Summary of Action Items

Summary of Resolutions

    1. [11]accept the Security sections (Overview and OAuth2)
       sections of the TPAC 2020 minutes as revised and reviewed.

   [End of minutes]

    Minutes manually created (not a transcript), formatted by
    David Booth's [12]scribe.perl version ([13]CVS log)
    $Date: 2020/11/16 08:14:20 $

     [12] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [13] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 16 November 2020 08:30:04 UTC

This archive was generated by hypermail 2.4.0 : Monday, 16 November 2020 08:30:05 UTC