- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 24 May 2021 18:27:45 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2021/05/10-wot-sec-minutes.html
also as text below.
Thanks,
Kazuyuki
---
[1]W3C
[1] https://www.w3.org/
WoT Security
10 May 2021
[2]Agenda. [3]IRC log.
[2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#10_May_2021
[3] https://www.w3.org/2021/05/10-wot-sec-irc
Attendees
Present
Kaz_Ashimura, Michael_McCool, Philipp_Blum,
Tomoaki_Mizushima
Regrets
Cristiano, Oliver
Chair
McCool
Scribe
kaz
Contents
1. [4]TD Issue 940
2. [5]Prev minutes
3. [6]Signing
4. [7]Use Case Questionnaire
Meeting minutes
TD Issue 940
[8]wot-thing-description Issue 940 - Add optional proof section
to TDs
[8] https://github.com/w3c/wot-thing-description/issues/940
McCool: (adds comments)
[9]McCool's comments
[9] https://github.com/w3c/wot-thing-description/issues/940#issuecomment-836625186
McCool: LDS might choose to use full URLs for JSON-LD canonical
form, which would be problematic for us
Philipp: Can we influence this? So that we can also use their
standard?
McCool: Yes and yes :)
Prev minutes
[10]May-03
[10] https://www.w3.org/2021/05/03-wot-sec-minutes.html
McCool: (goes through the minutes)
approved
Signing
McCool: have to reverse the alias...
… have to figure out how to handle the names
… discussions around TD issue 940
[11]wot-thing-description issue 940 (McCool's latest comments)
[11] https://github.com/w3c/wot-thing-description/issues/940#issuecomment-836625186
McCool: note that there is discussion on a new proposed group
on Liked Data Signature
[12]Strategy Issue 262 - Linked Data Signature Charter proposal
[12] https://github.com/w3c/strategy/issues/262
McCool: it would take long time to resolve it
… need some signing mechanism
… any opinions?
Philipp: JSON Web Signature heavily used
[13]Issue 166 - Add integrity protection (proof section) to TDs
[13] https://github.com/w3c/wot-security/issues/166
Philipp: SHA256 AES and ECDSA
McCool: SHA256 is a HASH mechanism. right?
Philipp: yes
[14]ECDSA (wikipedia)
[14] https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
Use Case Questionnaire
[15]Issue 168 - Add "Security and Privacy Considerations" to
all use cases (or requirements)
[15] https://github.com/w3c/wot-security/issues/168
McCool: what would be the requirements?
[16]Self-Review Questionnaire: Security and Privacy
[16] https://www.w3.org/TR/security-privacy-questionnaire/
McCool: need some brainstorming
… (provides a list of possible points on the GitHub comment)
[17]McCool's comments
[17] https://github.com/w3c/wot-security/issues/168#issuecomment-836667052
McCool: let's see the questions on the self-review
questionnaire
… (goes through the questions)
[18]Self-Review Questionnaire: Security and Privacy - "2.
Questions to Consider"
[18] https://www.w3.org/TR/security-privacy-questionnaire/#questions
Philipp: what about OAuth2 topics?
… would it be OK if I create a PR?
McCool: yeah
… OAuth2 is a way to manage security
Philipp: another question on Signature
McCool: we still need to see the proposed Charter, etc.
Kaz: we as the WoT as a whole should think about liaison with
that group
McCool: right
[adjourned]
Minutes manually created (not a transcript), formatted by
[19]scribe.perl version 131 (Sat Apr 24 15:23:43 2021 UTC).
[19] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 24 May 2021 09:27:52 UTC