- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 17 Nov 2020 16:02:20 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2020/11/09-wot-sec-minutes.html
also as text below.
Thanks a lot for taking the minutes, Oliver!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WoT Security
09 Nov 2020
Attendees
Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
Jack_Dickinson, Oliver_Pfaff, Tomoaki_Mizushima,
Zoltan_Kis
Regrets
Cristiano_Aguzzi
Chair
McCool
Scribe
Oliver
Contents
* [2]Topics
* [3]Summary of Action Items
* [4]Summary of Resolutions
__________________________________________________________
<scribe> Scribe: Oliver
<kaz> [5]Sep-21
[5] https://www.w3.org/2020/09/21-wot-sec-minutes.html
<kaz> [6]vTPAC
[6] https://www.w3.org/2020/10/05-22-wot-minutes.html
Last meeting was Sept. 21, 2020
Today about reviewing what happened in the meanwhile and plan
next steps
McCool: (continue to) coordinate with IRTF T2TRG
... some WoT Security document cleanups needed including but
not limited to life-cycle
<McCool>
[7]https://www.w3.org/2020/10/05-22-wot-minutes.html#item06
[7] https://www.w3.org/2020/10/05-22-wot-minutes.html#item06
No objection for publishing WoT Security meeting minutes for
Sept. 21, 2020 => get published
<McCool>
[8]https://github.com/w3c/wot/blob/master/PRESENTATIONS/2020-10
-online-f2f/2020-10-22-WoT-F2F-Security-McCool.pdf
[8] https://github.com/w3c/wot/blob/master/PRESENTATIONS/2020-10-online-f2f/2020-10-22-WoT-F2F-Security-McCool.pdf
Review of TPAC esp. the WoT Security slides for TPAC
WoT Security status presentation was delivered at TPAC by M.
McCool and recap'ed during this call
Discussion on whether 'order' is meaningful in combo schemes
and should be elaborated more
Issue shall be created to care about whether (and how) or not
to make 'order' meaningful in combo security schemes
<McCool> [9]https://github.com/w3c/wot-security/issues/193
[9] https://github.com/w3c/wot-security/issues/193
OAuth presentation was delivered at TPAC by C. Aguzzi and
recap'ed during this call
Modulo Client Grant Type/Flow most OAuth flows are not
well-suited for WoT. This should be explicitly addressed in
guidance info
Issue #194 created for creating such guidance
Composition is a concern: API dedicated to application resp.
security functionality. Which mixture? Which relationship? What
for which usage? What to call/enforce when?...
<McCool> proposal: accept the Security sections (Overview and
OAuth2) sections of the TPAC 2020 minutes as revised and
reviewed.
No objections against publishing the WoT Security-specific
portion of the TPAC meeting notes => get published
RESOLUTION: accept the Security sections (Overview and OAuth2)
sections of the TPAC 2020 minutes as revised and reviewed.
Manifest of next step items collected and captured in the call
meetings
<McCool> [10]https://github.com/w3c/wot-security/issues/195
[10] https://github.com/w3c/wot-security/issues/195
Dec 7 will probably be the last WoT Security call this year
Meeting closed
Summary of Action Items
Summary of Resolutions
1. [11]accept the Security sections (Overview and OAuth2)
sections of the TPAC 2020 minutes as revised and reviewed.
[End of minutes]
__________________________________________________________
Minutes manually created (not a transcript), formatted by
David Booth's [12]scribe.perl version ([13]CVS log)
$Date: 2020/11/16 08:14:20 $
[12] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[13] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 17 November 2020 07:02:28 UTC