- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 12 Jul 2021 12:09:18 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2021/05/17-wot-sec-minutes.html
also as text below.
Thanks a lot for taking the minutes, Oliver!
Kazuyuki
---
[1]W3C
[1] https://www.w3.org/
¡V DRAFT ¡V
WoT Security
17 May 2021
[2]IRC log.
[2] https://www.w3.org/2021/05/17-wot-sec-irc
Attendees
Present
Kaz_Ashimura, Michael_McCool, Oliver_Pfaff,
Philipp_Blum, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
Oliver
Contents
1. [3]Minutes
2. [4]TD Issue 940
Meeting minutes
Minutes
McCool: wording change needed for TD Issue 940
<McCool> for example, LDS might choose to use full URLs for
JSON-LD canonical form, which would be problematic for us
McCool: wording change needed in Signature section (attribute
comment about Lagally action to OAuth)
<McCool> change "Michael Lagally will look into those points"
to "Regarding moving the detailed OAuth2 description and
recommendations to the security best practices document, I will
follow up with Michael Lagally"
McCool: change for Signature section was reconsidered: remove
the line about the above mentioned action
McCool: one more wording change needed for TD Issue 940
McCool: minutes approved with the mentioned changes
TD Issue 940
[5]https://github.com/w3c/wot-thing-description/issues/940
wot-thing-description issue 940 - Add optional proof section to
TDs
[5] https://github.com/w3c/wot-thing-description/issues/940
<kaz> [6]McCool's comment to the strategy issue 262
[6] https://github.com/w3c/strategy/issues/262#issuecomment-834479963
<kaz> [7]McCool's issue on lds-wg-charter - W3C Web of Things
(WoT) WG supports the W3C LDS WG
[7] https://github.com/w3c/lds-wg-charter/issues/78
[8]https://github.com/w3c/wot-thing-description/issues/940: W3C
LDS WG adoption was considered and likely to happen
[8] https://github.com/w3c/wot-thing-description/issues/940:
[9]https://github.com/w3c/wot-thing-description/issues/940:
timeline is an issue. W3C LDS WG probably needs 2 years; TD
signatures can probably not wait 2 years
[9] https://github.com/w3c/wot-thing-description/issues/940:
[10]https://github.com/w3c/wot-security/issues/166: discussion
about ciphers. current proposal: SHA256 and ECDSA
[10] https://github.com/w3c/wot-security/issues/166:
[11]https://github.com/w3c/wot-security/issues/166: "ECDSA" was
meant in sense of the NIST curves (secp)
[11] https://github.com/w3c/wot-security/issues/166:
[12]https://github.com/w3c/wot-security/issues/166: NIST curves
enjoy broad support (SW/FW/HW) but are subject of some
concerns. Not all communities are equally happy with the NIST
curves
[12] https://github.com/w3c/wot-security/issues/166:
An alternative is Curve25519 aka x25519. See [13]https://
ianix.com/pub/curve25519-deployment.html for "Things that use
Curve25519"
[13] https://ianix.com/pub/curve25519-deployment.html
[14]https://github.com/w3c/wot-security/issues/166: likely
starting points for elliptic curves for digital signatures:
NIST P-256 and x25519
[14] https://github.com/w3c/wot-security/issues/166:
[15]https://github.com/w3c/wot-security/issues/168: Use case
questionaire status review
[15] https://github.com/w3c/wot-security/issues/168:
[16]https://github.com/w3c/wot-security/issues/166: review and
comments by all particpants is invited
[16] https://github.com/w3c/wot-security/issues/166:
<McCool> [17]https://github.com/w3c/
wot-security-best-practices/pulls
[17] https://github.com/w3c/wot-security-best-practices/pulls
WoT security best practices: discussed a PR "Move OAuth2 flows
from Use Cases to Best Practices"
A merger shall be made to cover this PR
<McCool> [18]https://github.com/w3c/
wot-security-best-practices/issues/11
[18] https://github.com/w3c/wot-security-best-practices/issues/11
Meeting closed
Minutes manually created (not a transcript), formatted by
[19]scribe.perl version 131 (Sat Apr 24 15:23:43 2021 UTC).
[19] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 12 July 2021 03:09:31 UTC