[wot-security] minutes - 17 February 2020

available at:

also as text below.




      [1] http://www.w3.org/

                               - DRAFT -

                              WoT Security

17 Feb 2020


          Kaz_Ashimura, Michael_McCool, Elena_Reshetova,
          Tomoaki_Mizushima, David_Ezell





     * [2]Topics
         1. [3]Review minutes
         2. [4]DID review
         3. [5]Remaining issues
     * [6]Summary of Action Items
     * [7]Summary of Resolutions

   <scribe> scribenick: kaz

Review minutes

   [8]Feb-10 minutes

      [8] https://www.w3.org/2020/02/10-wot-sec-minutes.html

   McCool: any objections to accept them?

   (no objections)

   McCool: minutes approved

DID review

   McCool: still working on it

   David: there was a session on IoT and DID during the DID
   ... shall I paste the link?

   McCool: maybe helpful

   <dezell> DIDs and IoT (from 29 January 2020)


      [9] https://www.w3.org/2019/did-wg/Meetings/Minutes/2020-01-29-did#section4

   <McCool> [10]https://www.w3.org/TR/did-core/

     [10] https://www.w3.org/TR/did-core/


     [11] https://www.w3.org/TR/2020/WD-did-use-cases-20200130/

   McCool: (goes through the minutes from the DID f2f meeting)
   ... think IDs may be managed by some distributed system like

   David: a lot of messages there

   McCool: blockchains are not explicitly required but some
   systems expect it
   ... the minutes mention IETF/TCG - Device ID - Impllicit
   ... this is typical for provisioning, etc.

   Kaz: as I mentioned the other day, I also talked with Ivan
   Herman, the DID-WG Team Contact, and we agreed further
   collaboration between WoT and DID would be important
   ... so probably having a joint call would be useful

   McCool: make sense
   ... (updates the WoT Main call wiki with a possible joint call
   with DID)

   [12]WoT Main call wiki

     [12] https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf

   McCool: having a joint call would be a good idea
   ... Manu Sporny, the main Editor should be also included

   Kaz: happy to contact the DID guys about the possible joint

   McCool: David, do you know if they have any survey documents
   about existing standards, etc.?

   <dezell> [13]https://www.w3.org/2019/did-wg/

     [13] https://www.w3.org/2019/did-wg/

   Kaz: maybe we can look at the references sections of the Use
   cases document and the DID spec document

   McCool: that's true
   ... would see the abstract first
   ... e.g., Thing Description could be related to the
   "resolvable" feature
   ... also section "2.4 Accessing service endpoints"

   [14]2.4 Accessing service endpoints

     [14] https://www.w3.org/TR/did-use-cases/#accessingServiceEndpoints

   McCool: but would see more concrete use cases for IoT purposes

   David: right
   ... that is one of the reasons Sam made a presentation on IoT
   use cases

   McCool: and also "2.5 Identifiers in an ecosystem of verifiable
   credentials (VCs)"

   [15]2.5 Identifiers in an ecosystem of verifiable credentials

     [15] https://www.w3.org/TR/did-use-cases/#vcEcosystem

   McCool: (looks into the diagram at "3. DID Actions")

   [16]3. DID Actions

     [16] https://www.w3.org/TR/did-use-cases/#actions

   McCool: don't see any "registration" action here

   David: resolution is key point of the decentralized identifiers

   McCool: what if we expect some controller which manages the
   ... there is "ISSUE 14" saying [[What does it mean for a DID to
   be "recorded in a registry"?]]

   [17]did-use-cases Issue 14

     [17] https://github.com/w3c/did-use-cases/issues/14

   McCool: let me capture this issue on my todo list
   ... next "3.3 Authenticate"

   [18]3.3 Authenticate

     [18] https://www.w3.org/TR/did-use-cases/#authenticate

   McCool: prove control typically through some sort of
   ... need to read through this document
   ... there is also "3.13 Deactivate"
   ... we might want to include it into our lifecycle diagram

   David: some of the DID guys are active on TLS standardizaton
   within IETF

   McCool: can see that
   ... then "4. feature/Benefit Grid"

   [19]4. Feature/Benefit Grid

     [19] https://www.w3.org/TR/did-use-cases/#featureBenefitGrid

   McCool: let's see "7. Focal Use Cases"

   [20]7. Focal Use Cases

     [20] https://www.w3.org/TR/did-use-cases/#focalUseCases

   McCool: (goes through the use cases)
   ... "7.5 Single Sign On" might be relevant for IoT purposes

   [21]7.5 Single Sign On (security)

     [21] https://www.w3.org/TR/did-use-cases/#sso

   McCool: (also look at the "DID Resolution" doc)

   [22]DID Resolution draft

     [22] https://w3c-ccg.github.io/did-resolution/

   McCool: (then visit the references section of the did-core spec

   [23]D. References (did-core)

     [23] https://www.w3.org/TR/did-core/#references

   McCool: several relevant links below


     [24] https://medium.com/metadium/decentralized-identifiers-the-easy-guide-fb96429e8b24


     [25] https://medium.com/@adam_14796/understanding-decentralized-ids-dids-839798b91809


     [26] https://ldapwiki.com/wiki/W3C Decentralized Identifiers


     [27] https://ldapwiki.com/wiki/W3C Decentralized Identifiers

   <McCool> [28]https://w3c-ccg.github.io/did-primer/

     [28] https://w3c-ccg.github.io/did-primer/

   McCool: suspect some of them might be out-of-date now

   <McCool> [29]https://github.com/w3c-ccg/w3c-ccg.github.io

     [29] https://github.com/w3c-ccg/w3c-ccg.github.io

   <McCool> [30]https://w3c-ccg.github.io/

     [30] https://w3c-ccg.github.io/

   [31]Credential CG repo

     [31] https://github.com/w3c-ccg

   [32]Credentials CG page

     [32] https://www.w3.org/community/credentials/

   McCool: (revisit the Decentralized Identifiers (did-core)

   [33]Decentralized Identifiers (DIDs) v1.0

     [33] https://www.w3.org/TR/did-core/

   David: (mentions the DID WG page again)

   [34]DID WG page

     [34] https://www.w3.org/2019/did-wg/

   McCool: here is a link to "did-imp-guide"


     [35] https://github.com/w3c/did-imp-guide

   [36]HTML rendered version

     [36] https://w3c.github.io/did-imp-guide/

Remaining issues

   McCool: will take a glance at the remaining issues

   [37]wot-security issues

     [37] https://github.com/w3c/wot-security/issues

   McCool: need Oliver's clarification
   ... next issue 160

   [38]Issue 160

     [38] https://github.com/w3c/wot-security/issues/160

   McCool: Zoltan gave comments
   ... will catch up with Zoltan


Summary of Action Items

Summary of Resolutions

   [End of minutes]

    Minutes manually created (not a transcript), formatted by
    David Booth's [39]scribe.perl version 1.154 ([40]CVS log)
    $Date: 2020/02/18 13:49:01 $

     [39] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [40] http://dev.w3.org/cvsweb/2002/scribe/

Received on Tuesday, 25 February 2020 00:06:25 UTC