- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 26 Apr 2021 20:14:30 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2021/02/22-wot-sec-minutes.html
also as text below.
Thanks a lot for taking the minutes, Phiipp!
Kazuyuki
---
[1]W3C
[1] https://www.w3.org/
WoT Security
22 February 2021
[2]Agenda. [3]IRC log.
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#22_February_2021
[3] https://www.w3.org/2021/02/22-wot-sec-irc
Attendees
Present
Cristiano_Aguzzi, Elena_Reshetova, Kaz_Ashimura,
Michael_McCool, Philipp_Blum, Tomoaki_Mizushima
Regrets
Oliver
Chair
McCool
Scribe
citrullin
Contents
1. [4]Add Json pointer assertion
2. [5]Proofs and Proofs of Chains
3. [6]Issue 196 - Consider security issues in Discovery
Meeting minutes
<kaz> [7]Feb-15
[7] https://www.w3.org/2021/02/15-wot-sec-minutes.html
McCool: Checking minutes from last time.
Philipp: Doesn't make it sense to have the discussion about
MCUs etc. in Architecture.
McCool: Yes, that is part of it.
Any objections for the minutes?
No objections
McCool: Any quick updates?
None
<McCool> [8]https://github.com/w3c/wot-thing-description/pull/
1058
[8] https://github.com/w3c/wot-thing-description/pull/1058
Add Json pointer assertion
<kaz> [9]wot-thing-description PR 1058 - Add JSON pointer
assertion to definition of body sec location
[9] https://github.com/w3c/wot-thing-description/pull/1058
<kaz> [10]5.3.3.1 SecurityScheme
[10] https://pr-preview.s3.amazonaws.com/mmccool/wot-thing-description/pull/1058.html#securityscheme
McCool: Any comments?
Cristiano: This is a good solution.
Cristiano: Can you add "type": "object"?
mc adds it to the PR
McCool: Any other comments?
Cristiano: It should be a common practice to use the same place
for the key.
McCool: I thought about that. It is a 10% case.
McCool: We have to leave it the way it is for backwards
compatibility.
Proofs and Proofs of Chains
McCool: Next big topic for us is probably Proofs and Proofs of
Chains.
Philipp: I added a PR for this topic. The security hardware.
<kaz> [11]Issue 166 - Add integrity protection (proof section)
to TDs
[11] https://github.com/w3c/wot-security/issues/166
<kaz> [12]PR 199 - Add crypto hardware survey in /background
[12] https://github.com/w3c/wot-security/pull/199
Philipp: Should I add a link to references in the Readme or in
the table?
McCool: Should be enough to add it in the Readme.
mc adds some comments in the PR.
McCool: I am going replicate the ld-proofs community proposal
and add a list of crypto functions available for it.
[13]ld proofs
[13] https://w3c-ccg.github.io/ld-proofs/#linked-data-signatures
McCool: YANG defined names for the crypto functions. It would
be reasonable to use it.
[14]YANG
[14] https://tools.ietf.org/html/draft-ietf-netconf-crypto-types-12
[15]mc adds comment to 166
[15] https://github.com/w3c/wot-security/issues/166
McCool: Anyone else having comments about signing?
No responses
Issue 196 - Consider security issues in Discovery
[16]Issue 196 - Consider security issues in Discovery
[16] https://github.com/w3c/wot-security/issues/196
McCool is going through the PR he created
[17]PR 113 - Security and Privacy Considerations
[17] https://github.com/w3c/wot-discovery/pull/113
<kaz>[18] 7. Security and Privacy Considerations from the
preview of the above PR 113
[18] https://pr-preview.s3.amazonaws.com/mmccool/wot-discovery/pull/113.html#security-considerations
McCool: I think this is a work in progress.
<McCool> [19]https://github.com/w3c/wot-discovery/pull/113
[19] https://github.com/w3c/wot-discovery/pull/113
McCool: Any comments?
No comments. mac adds some thoughts as a comment he had while
going through it.
McCool: Any other topics?
No answers
<kaz> [adjourned]
Minutes manually created (not a transcript), formatted by
[20]scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).
[20] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 26 April 2021 11:15:33 UTC