[wot-security] minutes - 12 April 2021

• From: Kazuyuki Ashimura <ashimura@w3.org>
• Date: Mon, 24 May 2021 18:20:05 +0900
• To: public-wot-ig@w3.org, public-wot-wg@w3.org
• Message-ID: <87wnrowksa.wl-ashimura@w3.org>

availabl at:
  https://www.w3.org/2021/04/12-wot-sec-minutes.html

also as text below.

Thanks a lot for taking the minutes, Elena!

Kazuyuki

---
   [1]W3C

      [1] https://www.w3.org/

                              WoT Security

12 April 2021

   [2]IRC log.

      [2] https://www.w3.org/2021/04/12-wot-sec-irc

Attendees

   Present
          Elena_Reshetova, Kaz_Ashimura, Michael_McCol,
          Philipp_Blum, Tomoaki_Mizushima

   Regrets
          -

   Chair
          McCool

   Scribe
          elena

Contents

    1. [3]minutes from March 8
    2. [4]PR 1086 for TD canonicalization
    3. [5]issues

Meeting minutes

  minutes from March 8

   [6]March-8

      [6] https://www.w3.org/2021/03/08-wot-sec-minutes.html

   <citrullin> Michael, you are not in the call anymore

   minutes accepted

  PR 1086 for TD canonicalization

   <kaz> [7]PR 1086

      [7] https://github.com/w3c/wot-thing-description/pull/1086

  issues

   <McCool> [8]https://github.com/w3c/wot-security/issues/194
   wot-security Issue 194 - Provide guidance on use of OAuth 2
   flows

      [8] https://github.com/w3c/wot-security/issues/194

   <McCool> [9]->

      [9] https://w3c.github.io/wot-usecases/#oauth

   McCool: what is the good location for this text? It is
   currently in use cases

   <kaz> s/#oauth|#oauth WoT Use Cases Editor's draft - 5.7.1
   OAuth2 Flows|

   Philipp: is it the intention of best practices only for
   recommendation or as must?

   McCool: Best Practices are suggestions, but if you want to
   satisfy a profile, they would be normative

   McCool: profiles are normative, so we have to do a capital must

   McCool: but we might have to copy assertions to normative
   profile doc

   McCool: what should our recommendations be?

   McCool puts possible recommendations to the issue comment

   these recommendations should part of security best practices
   doc

   McCool: can anyone volunteer to extract the relevant parts and
   move it to the Best Practices doc?

   McCool: we still have to decide if we publish Best Practices
   separately

   Philipp volunteers

   McCool: object security, issue 185, putting a comment

   [10]https://github.com/w3c/wot-security/issues/185

     [10] https://github.com/w3c/wot-security/issues/185

   McCool: do you have any examples where you would want to use
   object security?

   <citrullin> Sorry, I got a package

   McCool: somebody needs to think about object security

   McCool mentions Ben in the issue comment, maybe Ben can also
   take a look on this

   McCool: next issue is PR [11]https://github.com/w3c/
   wot-thing-description/pull/1058

     [11] https://github.com/w3c/wot-thing-description/pull/1058

   <citrullin> I wanted to take a look into signing objects.
   Combining it it with DIDs and a DLT (Hyperledger for example).
   Taking a look into WebThings is a good idea. Will do that in
   the future.

   McCool: this should be ok and hopefully merged soon

   McCool: PR [12]https://github.com/w3c/wot-security/issues/196
   still has some confusion between DoS and DDoS

     [12] https://github.com/w3c/wot-security/issues/196

   McCool puts a comment there


    Minutes manually created (not a transcript), formatted by
    [13]scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).

     [13] https://w3c.github.io/scribe2/scribedoc.html

Received on Monday, 24 May 2021 09:20:11 UTC