[wot-security] minutes - 20 September 2021

available at:

also as text below.




      [1] https://www.w3.org/

                              WoT Security

20 September 2021

   [2]IRC log.

      [2] https://www.w3.org/2021/09/20-wot-sec-irc


          Kaz_Ashimura, Michael_McCool Philipp_Blum,





    1. [3]Preliminary
    2. [4]Minutes
    3. [5]Best Practices document
    4. [6]DID-related issues
    5. [7]Signature
    6. [8]Best Practices (revisited)
    7. [9]Signature (revisited)

Meeting minutes


   McCool: would cancel the calls during Plugfest and vF2F weeks

   [10]meeting cancellations

     [10] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Cancellations



     [11] https://www.w3.org/2021/09/13-wot-sec-minutes.html

   McCool: detailed issues on signature?

   Kaz: on TD issue 1151

   [12]TD Issue 1151

     [12] https://github.com/w3c/wot-thing-description/pull/1151

   <McCool> [13]https://github.com/w3c/wot-thing-description/pull/

     [13] https://github.com/w3c/wot-thing-description/pull/1151#issuecomment-913621245


   1. (Kaz) Set up a repo for the new document. Something generic
   like enveloped-json-signatures; note, not associated with wot.
   If using wot prefix is required, then it can be
   wot-enveloped-json-signatures (or how about wot-ejs, since will
   be easier to share).

   2. (McCool) Extract the current spec for signatures and put it
   in a separate document. Will just copy the TD spec, delete
   everything not related to signatures, make it a W3C (Draft)
   Note, etc.

   3. (McCool) Cleanup, following Oliver's suggestions. In
   particular, relate explicitly to XML Signatures and JWS,
   explain motivation, put in tables to compare and map features,

   4. (Kaz, McCool) Reach out to W3C TAG to discuss.

   5. (Oliver, McCool) Reach out to IETF, JOSE/COSE/JWS community
   to get alignment, and converge on a standard. IETF 112 is Nov
   6-12, and/or we could invite someone (Carsten Bormann would be
   good to reach out to) to our F2F.

   We still want implementations for IETF "working code" process.
   Need at least one to drive discussion at IETF, two if we want
   to proceed to a W3C REC. Two would be a good idea to test
   interop even if doing an IETF RFC.

   Discuss (e.g. at F2F) whether this should go into our next WoT
   WG charter. McCool's opinion: not critical to be in our charter
   if our goal is to make it an IETF RFC that we can just cite,
   then our only action will be to cite it for TD 2.0. For TD 1.x
   it would be optional/experimental and invokable by using an
   extension vocabulary.


   McCool: Kaz did 1
   … myself did 2

   McCool: (creates another issue on wot-ejs itself)

   [14]wot-ejs Issue 6 - Cleanup (referring to the TD Issue 1151's
   action items)

     [14] https://github.com/w3c/wot-ejs/issues/6

   McCool: (continues to review the prev minutes)
   … minutes seem to be fine
   … any objections?

   <McCool> change "contribution" to "contribution to
   wot-security-best-practices acks"

   (the above clarification added)

   and minutes approved

  Best Practices document

   [15]PR 25 - Add content to Acks

     [15] https://github.com/w3c/wot-security-best-practices/pull/25

   McCool: (goes through the PR)
   … reasonably accurate

   <citrullin> Philipp-Alexander Blum

   Philipp: to be strict, my official name is "Philipp_Alexander"

   McCool: ok
   … fixed
   … and merged

  DID-related issues

   McCool: added "DID" label to Issue 14 and 13

   [16]Issue 14 - TD Signatures, Key Management, and Object

     [16] https://github.com/w3c/wot-security-best-practices/issues/14

   [17]Issue 13 - Update Secure Local Transport

     [17] https://github.com/w3c/wot-security-best-practices/issues/13

   [18]related wot issue 982 - Joint call with DID

     [18] https://github.com/w3c/wot/issues/982

   McCool: would discuss those points during the joint call at
   … any other groups for security discussion?

   Kaz: not specifically
   … had a chat with Ajitomi-san and Igarashi-san as the co-Chairs
   of the HTTP Local CG
   … they were also interested in this topic, though they didn't
   think a separate meeting with the CG would be needed

   McCool: ok


   [19]wot-ejs repo

     [19] https://github.com/w3c/wot-ejs

   McCool: have updated the repo
   … GH pages is also available now

   [20]GH page version

     [20] https://w3c.github.io/wot-ejs/

   McCool: there is a vocabulary
   … and processing procedure
   … wondering about "canonical TD" at step 4 and 5
   … the Acknowledgements section has Ege and Oliver now
   … will add Philipp

   [21]Issue 7 - Update Acks (to include Philipp-Alexander)

     [21] https://github.com/w3c/wot-ejs/issues/7

   McCool: also context URL to be defined

   [22]Issue 8 - Define context URL

     [22] https://github.com/w3c/wot-ejs/issues/8

  Best Practices (revisited)

   [23]Issue 13 - Update Secure Local Transport

     [23] https://github.com/w3c/wot-security-best-practices/issues/13

   McCool: looked at the DID Test Suite

   [24]DID Test Suite

     [24] https://w3c.github.io/did-test-suite/

   McCool: which methods listed here would make sense for WoT

   Philipp: would get suggestions from the DID WG guys

   [25]4.3 Summary by Method Implementation

     [25] https://w3c.github.io/did-test-suite/#implementation-summary

  Signature (revisited)

   [26]Issue 5 - Consider extending to also supporting enveloping

     [26] https://github.com/w3c/wot-ejs/issues/5

   McCool: change the title to "Extended JSON Signature", etc.?
   … would suggest "Embedded JSON Signature"
   … (adds an example code on Issue 5)

   [27]McCool's comments including example codes

     [27] https://github.com/w3c/wot-ejs/issues/5#issuecomment-922896640

   McCool: (adds clarification that for TD, we'd use the 2nd

   Kaz: do you have anybody from the IETF side to discuss this
   topic with?

   McCool: no, not yet
   … would start with Carsten, Ari, etc.

   Kaz: will we mention this point as well during the expected
   joint meeting with DID?

   McCool: good point


    Minutes manually created (not a transcript), formatted by
    [28]scribe.perl version 136 (Thu May 27 13:50:24 2021 UTC).

     [28] https://w3c.github.io/scribe2/scribedoc.html

Received on Monday, 10 January 2022 08:41:06 UTC