- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 02 Mar 2020 23:20:13 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2020/02/24-wot-sec-minutes.html also as text below. Thanks, Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT-Security 24 Feb 2020 [2]Agenda [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#24_Feb_2020 Attendees Present Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Oliver_Pfaff, Tomoaki_Mizushima Regrets Chair McCool Scribe kaz Contents * [3]Topics 1. [4]Review minutes 2. [5]PING feedback 3. [6]DID review 4. [7]PRs 5. [8]Issue 160 * [9]Summary of Action Items * [10]Summary of Resolutions __________________________________________________________ McCool: agenda at: [11]https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf ... any other topics? [11] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf (none) Review minutes [12]Feb-17 minutes [12] https://www.w3.org/2020/02/17-wot-sec-minutes.html McCool: (goes through the previous minutes) ... review minutes, DID review and remaining issues ... any objections to accept them? (none) McCool: the minutes have been accepted PING feedback [13]PING Issue 17 [13] https://github.com/w3cping/privacy-threat-model/issues/17 McCool: no feedback yet ... will poke them DID review <McCool> [14]https://github.com/w3c/wot-architecture/blob/master/proposa ls/2020-02-WoT-DID.pdf [14] https://github.com/w3c/wot-architecture/blob/master/proposals/2020-02-WoT-DID.pdf McCool: presented slides during the architecture call last week (slides above) ... (adds the URL to the wot-security wiki as well) ... went through the DID use cases and the DID core spec ... in terms of security, there were a couple of interesting things ... public key, authentication ... useful way for certification ... document may describe the service end point ... how to deal with the discovery mechanism for WoT would be the question for the next steps ... (creates an issue on wot-security) <McCool> new issue:[15]https://github.com/w3c/wot-security/issues/161 [15] https://github.com/w3c/wot-security/issues/161 McCool: should I go through the slides? ... let me skim them ... [DIDs and DID Documents: Simple Example] ... did example and did document ... DID document is a JSON-LD document ... every block include an ID ... implementation could be done by blockchain, etc. ... [Basic Requirements] ... [Design Goals] ... bunch of goals ... [Key Terminology] ... DID document, DID method, DID subject, ... ... DID controller ... service endpoint ... could be anything which has API ... WoT could be an end point ... [DID Actions Related to CRUD Verbs] ... diagram from the DID core spec including create, read, use/update, delete ... subject would be "Thing" for WoT ... [Applicable Use Case] ... [DID URLs] ... detail here ... did:method: identifier{;params}{/path}{#fragment}{?query} ... identifiers should be globally unique and immutable ... no collisions ... however, entities can have nore than one identifier ... not sure about "/path" here ... paths can identify resources ... [DID Documents] ... JSON-LD 1.1 features used ... "id" and "type" as alias of "@id" and "@type" ... [Service Endpoint Examples] ... [Possible Applicability to WoT] ... didn't dig into this ... use of DIDs as Thing ids ... question: what should the DID document related to a Thing contain? ... should we list all the possible interactions? ... what is allowed there? ... would be probably dangerous ... probably reasonable to consider TDs as service end points? ... what about TD directories as service end points? ... DID documents' service lists are similar to CoRE RD data ... we probably should discuss discovery topics ... starting with the wot-discovery calls first ... and then wot-security calls as well ... [Other References and Related Standards] ... DID Resolution, DID WG minutes, DID Primer, DID WG pages ... DID Implementation Guide ... referring to the wikipedia page of "Privacy by design" ... created an issue (issue 161) Oliver: pretty interesting ... would like to see follow-up discussions McCool: yes ... DID documents based on distributed public keys ... should follow up this topic using the GitHub issue ... have been asking the DID guys to have collaborative discussion ... need to confirm the concrete date/time [16]Online f2f wiki [16] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_16-19_March_2020,_Online McCool: will confirm the date/time with them ... at least 2 hours ... and need to see how much to give their talk PRs [17]PRs [17] https://github.com/w3c/wot-security/pulls McCool: 4 PRs there [18]PR 156 [18] https://github.com/w3c/wot-security/pull/156 [19]Changes [19] https://github.com/w3c/wot-security/pull/156/files McCool: made a comment ... but I'm OK with the updated text ... any other comments? (none) McCool: PR 156 merged ... btw, we need some housekeeping about the files on GitHub ... e.g., index.html vs Overview.html Kaz: we need to apply the change to index.html as well. right? McCool: yeah ... let's quickly check the files ... we don't use "Overview.html" any more ... Oliver, can you make the same change for index.html as well? Oliver: yes McCool: (checks the files at [20]https://github.com/w3c/wot-scripting-api) ... maybe we should archive obsolete files ... security-best-practices, etc. ... will look into the detail later [20] https://github.com/w3c/wot-scripting-api [21]PR 157 [21] https://github.com/w3c/wot-security/pull/157 McCool: next PR 157 ... any objections to merge it? (none) McCool: merged [22]PR 158 [22] https://github.com/w3c/wot-security/pull/158 McCool: we can merge this since it's typo fixing ... OK with merging this and then archiving Kaz: +1 McCool: (add comments and then merge it) [23]PR 159 [23] https://github.com/w3c/wot-security/pull/159 McCool: btw, would suggest people insert break lines for diff purposes [24]Rendered version [24] https://cdn.statically.io/gh/OliverPfaff/wot-security/patch-6/index.html McCool: we should apply this PR to not the "working" branch but the "master" branch ... will check it later Issue 160 [25]Issue 160 [25] https://github.com/w3c/wot-security/issues/160 McCool: Zoltan is not here today ... will talk with him later ... seems there is some misunderstanding ... we can discuss it during the wot-discovery call as well ... (creates a new issue for wot-discovery) [26]wot-discovery issue 2 [26] https://github.com/w3c/wot-discovery/issues/2 [adjourned] Summary of Action Items Summary of Resolutions [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [27]scribe.perl version 1.154 ([28]CVS log) $Date: 2020/03/02 13:08:49 $ [27] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [28] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 2 March 2020 14:20:21 UTC