[wot-security] minutes - 10 May 2021

available at:
  https://www.w3.org/2021/05/10-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---
   [1]W3C

      [1] https://www.w3.org/

                              WoT Security

10 May 2021

   [2]Agenda. [3]IRC log.

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#10_May_2021
      [3] https://www.w3.org/2021/05/10-wot-sec-irc

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Philipp_Blum,
          Tomoaki_Mizushima

   Regrets
          Cristiano, Oliver

   Chair
          McCool

   Scribe
          kaz

Contents

    1. [4]TD Issue 940
    2. [5]Prev minutes
    3. [6]Signing
    4. [7]Use Case Questionnaire

Meeting minutes

  TD Issue 940

   [8]wot-thing-description Issue 940 - Add optional proof section
   to TDs

      [8] https://github.com/w3c/wot-thing-description/issues/940

   McCool: (adds comments)

   [9]McCool's comments

      [9] https://github.com/w3c/wot-thing-description/issues/940#issuecomment-836625186

   McCool: LDS might choose to use full URLs for JSON-LD canonical
   form, which would be problematic for us

   Philipp: Can we influence this? So that we can also use their
   standard?

   McCool: Yes and yes :)

  Prev minutes

   [10]May-03

     [10] https://www.w3.org/2021/05/03-wot-sec-minutes.html

   McCool: (goes through the minutes)

   approved

  Signing

   McCool: have to reverse the alias...
   … have to figure out how to handle the names
   … discussions around TD issue 940

   [11]wot-thing-description issue 940 (McCool's latest comments)

     [11] https://github.com/w3c/wot-thing-description/issues/940#issuecomment-836625186

   McCool: note that there is discussion on a new proposed group
   on Liked Data Signature

   [12]Strategy Issue 262 - Linked Data Signature Charter proposal

     [12] https://github.com/w3c/strategy/issues/262

   McCool: it would take long time to resolve it
   … need some signing mechanism
   … any opinions?

   Philipp: JSON Web Signature heavily used

   [13]Issue 166 - Add integrity protection (proof section) to TDs

     [13] https://github.com/w3c/wot-security/issues/166

   Philipp: SHA256 AES and ECDSA

   McCool: SHA256 is a HASH mechanism. right?

   Philipp: yes

   [14]ECDSA (wikipedia)

     [14] https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

  Use Case Questionnaire

   [15]Issue 168 - Add "Security and Privacy Considerations" to
   all use cases (or requirements)

     [15] https://github.com/w3c/wot-security/issues/168

   McCool: what would be the requirements?

   [16]Self-Review Questionnaire: Security and Privacy

     [16] https://www.w3.org/TR/security-privacy-questionnaire/

   McCool: need some brainstorming
   … (provides a list of possible points on the GitHub comment)

   [17]McCool's comments

     [17] https://github.com/w3c/wot-security/issues/168#issuecomment-836667052

   McCool: let's see the questions on the self-review
   questionnaire
   … (goes through the questions)

   [18]Self-Review Questionnaire: Security and Privacy - "2.
   Questions to Consider"

     [18] https://www.w3.org/TR/security-privacy-questionnaire/#questions

   Philipp: what about OAuth2 topics?
   … would it be OK if I create a PR?

   McCool: yeah
   … OAuth2 is a way to manage security

   Philipp: another question on Signature

   McCool: we still need to see the proposed Charter, etc.

   Kaz: we as the WoT as a whole should think about liaison with
   that group

   McCool: right

   [adjourned]


    Minutes manually created (not a transcript), formatted by
    [19]scribe.perl version 131 (Sat Apr 24 15:23:43 2021 UTC).

     [19] https://w3c.github.io/scribe2/scribedoc.html

Received on Monday, 24 May 2021 09:27:52 UTC