[wot-security] minutes - 17 February 2020

available at:
  https://www.w3.org/2020/02/17-wot-sec-minutes.html

also as text below.

Thanks,

Kazuyuki

---
   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

17 Feb 2020

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Tomoaki_Mizushima, David_Ezell

   Regrets

   Chair
          McCool

   Scribe
          kaz

Contents

     * [2]Topics
         1. [3]Review minutes
         2. [4]DID review
         3. [5]Remaining issues
     * [6]Summary of Action Items
     * [7]Summary of Resolutions
     __________________________________________________________

   <scribe> scribenick: kaz

Review minutes

   [8]Feb-10 minutes

      [8] https://www.w3.org/2020/02/10-wot-sec-minutes.html

   McCool: any objections to accept them?

   (no objections)

   McCool: minutes approved

DID review

   McCool: still working on it

   David: there was a session on IoT and DID during the DID
   meeting
   ... shall I paste the link?

   McCool: maybe helpful

   <dezell> DIDs and IoT (from 29 January 2020)

   <dezell>
   [9]https://www.w3.org/2019/did-wg/Meetings/Minutes/2020-01-29-d
   id#section4

      [9] https://www.w3.org/2019/did-wg/Meetings/Minutes/2020-01-29-did#section4

   <McCool> [10]https://www.w3.org/TR/did-core/

     [10] https://www.w3.org/TR/did-core/

   <McCool>
   [11]https://www.w3.org/TR/2020/WD-did-use-cases-20200130/

     [11] https://www.w3.org/TR/2020/WD-did-use-cases-20200130/

   McCool: (goes through the minutes from the DID f2f meeting)
   ... think IDs may be managed by some distributed system like
   blockchain

   David: a lot of messages there

   McCool: blockchains are not explicitly required but some
   systems expect it
   ... the minutes mention IETF/TCG - Device ID - Impllicit
   Identifier
   ... this is typical for provisioning, etc.

   Kaz: as I mentioned the other day, I also talked with Ivan
   Herman, the DID-WG Team Contact, and we agreed further
   collaboration between WoT and DID would be important
   ... so probably having a joint call would be useful

   McCool: make sense
   ... (updates the WoT Main call wiki with a possible joint call
   with DID)

   [12]WoT Main call wiki

     [12] https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf

   McCool: having a joint call would be a good idea
   ... Manu Sporny, the main Editor should be also included

   Kaz: happy to contact the DID guys about the possible joint
   call

   McCool: David, do you know if they have any survey documents
   about existing standards, etc.?

   <dezell> [13]https://www.w3.org/2019/did-wg/

     [13] https://www.w3.org/2019/did-wg/

   Kaz: maybe we can look at the references sections of the Use
   cases document and the DID spec document

   McCool: that's true
   ... would see the abstract first
   ... e.g., Thing Description could be related to the
   "resolvable" feature
   ... also section "2.4 Accessing service endpoints"

   [14]2.4 Accessing service endpoints

     [14] https://www.w3.org/TR/did-use-cases/#accessingServiceEndpoints

   McCool: but would see more concrete use cases for IoT purposes

   David: right
   ... that is one of the reasons Sam made a presentation on IoT
   use cases

   McCool: and also "2.5 Identifiers in an ecosystem of verifiable
   credentials (VCs)"

   [15]2.5 Identifiers in an ecosystem of verifiable credentials
   (VCs)

     [15] https://www.w3.org/TR/did-use-cases/#vcEcosystem

   McCool: (looks into the diagram at "3. DID Actions")

   [16]3. DID Actions

     [16] https://www.w3.org/TR/did-use-cases/#actions

   McCool: don't see any "registration" action here

   David: resolution is key point of the decentralized identifiers

   McCool: what if we expect some controller which manages the
   access
   ... there is "ISSUE 14" saying [[What does it mean for a DID to
   be "recorded in a registry"?]]

   [17]did-use-cases Issue 14

     [17] https://github.com/w3c/did-use-cases/issues/14

   McCool: let me capture this issue on my todo list
   ... next "3.3 Authenticate"

   [18]3.3 Authenticate

     [18] https://www.w3.org/TR/did-use-cases/#authenticate

   McCool: prove control typically through some sort of
   challenge-response
   ... need to read through this document
   ... there is also "3.13 Deactivate"
   ... we might want to include it into our lifecycle diagram

   David: some of the DID guys are active on TLS standardizaton
   within IETF

   McCool: can see that
   ... then "4. feature/Benefit Grid"

   [19]4. Feature/Benefit Grid

     [19] https://www.w3.org/TR/did-use-cases/#featureBenefitGrid

   McCool: let's see "7. Focal Use Cases"

   [20]7. Focal Use Cases

     [20] https://www.w3.org/TR/did-use-cases/#focalUseCases

   McCool: (goes through the use cases)
   ... "7.5 Single Sign On" might be relevant for IoT purposes

   [21]7.5 Single Sign On (security)

     [21] https://www.w3.org/TR/did-use-cases/#sso

   McCool: (also look at the "DID Resolution" doc)

   [22]DID Resolution draft

     [22] https://w3c-ccg.github.io/did-resolution/

   McCool: (then visit the references section of the did-core spec
   draft)

   [23]D. References (did-core)

     [23] https://www.w3.org/TR/did-core/#references

   McCool: several relevant links below

   <McCool>
   [24]https://medium.com/metadium/decentralized-identifiers-the-e
   asy-guide-fb96429e8b24

     [24] https://medium.com/metadium/decentralized-identifiers-the-easy-guide-fb96429e8b24

   <McCool>
   [25]https://medium.com/@adam_14796/understanding-decentralized-
   ids-dids-839798b91809

     [25] https://medium.com/@adam_14796/understanding-decentralized-ids-dids-839798b91809

   <McCool>
   [26]https://ldapwiki.com/wiki/W3C%20Decentralized%20Identifiers

     [26] https://ldapwiki.com/wiki/W3C Decentralized Identifiers

   <McCool>
   [27]https://ldapwiki.com/wiki/W3C%20Decentralized%20Identifiers

     [27] https://ldapwiki.com/wiki/W3C Decentralized Identifiers

   <McCool> [28]https://w3c-ccg.github.io/did-primer/

     [28] https://w3c-ccg.github.io/did-primer/

   McCool: suspect some of them might be out-of-date now

   <McCool> [29]https://github.com/w3c-ccg/w3c-ccg.github.io

     [29] https://github.com/w3c-ccg/w3c-ccg.github.io

   <McCool> [30]https://w3c-ccg.github.io/

     [30] https://w3c-ccg.github.io/

   [31]Credential CG repo

     [31] https://github.com/w3c-ccg

   [32]Credentials CG page

     [32] https://www.w3.org/community/credentials/

   McCool: (revisit the Decentralized Identifiers (did-core)
   document)

   [33]Decentralized Identifiers (DIDs) v1.0

     [33] https://www.w3.org/TR/did-core/

   David: (mentions the DID WG page again)

   [34]DID WG page

     [34] https://www.w3.org/2019/did-wg/

   McCool: here is a link to "did-imp-guide"

   [35]did-imp-guide

     [35] https://github.com/w3c/did-imp-guide

   [36]HTML rendered version

     [36] https://w3c.github.io/did-imp-guide/

Remaining issues

   McCool: will take a glance at the remaining issues

   [37]wot-security issues

     [37] https://github.com/w3c/wot-security/issues

   McCool: need Oliver's clarification
   ... next issue 160

   [38]Issue 160

     [38] https://github.com/w3c/wot-security/issues/160

   McCool: Zoltan gave comments
   ... will catch up with Zoltan

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes manually created (not a transcript), formatted by
    David Booth's [39]scribe.perl version 1.154 ([40]CVS log)
    $Date: 2020/02/18 13:49:01 $

     [39] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [40] http://dev.w3.org/cvsweb/2002/scribe/

Received on Tuesday, 25 February 2020 00:06:25 UTC