[wot-security] minutes - 9 March 2020

available at:

also as text below.




      [1] http://www.w3.org/

                               - DRAFT -


09 Mar 2020


      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#9_Mar_2020


          Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima,





     * [3]Topics
         1. [4]Agenda
         2. [5]Previous minutes
         3. [6]PING issue
         4. [7]PR 164
         5. [8]Minutes (revisited)
         6. [9]PR 164 (revisited)
         7. [10]Online F2F plans
         8. [11]Issues
     * [12]Summary of Action Items
     * [13]Summary of Resolutions


   McCool: let's go through the agenda
   ... unfortunately, have not got response from DID guys

   Kaz: shall I respond to your message pinging them?

   McCool: yes, please
   ... 30-min slot is proposed

   [14]online f2f agenda

     [14] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_16-19_March_2020,_Online

   McCool: (shows the agenda for today's call)

   [15]today's agenda

     [15] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#9_Mar_2020

Previous minutes

   [16]Mar-2 minutes

     [16] https://www.w3.org/2020/03/02-wot-sec-minutes.html

   McCool: repo reorg
   ... PING issue
   ... f2f face planning
   ... PRs
   ... I have no objections
   ... do we approve the minutes?

   (Elena has problem with audio connection, so minutes review
   will be revisited later)

PING issue

   McCool: we haven't got response yet

   [17]PING issue

     [17] https://github.com/w3cping/privacy-threat-model/issues/17

PR 164

   [18]PR 164

     [18] https://github.com/w3c/wot-security/pull/164

   (Elena's audio issue is resolved, and we revisit the previous
   minutes review)

Minutes (revisited)

   Elena: the minutes are fine

   McCool: ok approved

PR 164 (revisited)

   [19]PR 164

     [19] https://github.com/w3c/wot-security/pull/164

   McCool: Oliver has created an updated PR on end-to-end security
   ... but he is not available today
   ... so let's discuss this next week in detail
   ... we have a newly proposed paragraph here
   ... but "end" might be a bit misleading

   Elena: quite generic

   McCool: (adds a comment)
   ... maybe a bit confusing
   ... would be better to have a common "examples' subsection
   ... each example should define what the "ends" are
   ... we could merge this and then add edits later
   ... but would be better integration of the existing text and
   new contribution
   ... (add some comments to the original PR 159)

   [20]McCool's comments to PR 159

     [20] https://github.com/w3c/wot-security/pull/159#issuecomment-596498298

   McCool: let's check with Oliver next week

Online F2F plans

   [21]Online f2f agenda

     [21] https://www.w3.org/WoT/IG/wiki/F2F_meeting,_16-19_March_2020,_Online

   McCool: had some discussion on the agenda
   ... would like to have Elena and Lagally at once

   Elena: what time/date would fit with him?

   McCool: the current Security slot is not good
   ... maybe we could start with adding known conflicts to the
   ... now we can look at Thursday
   ... there will be an online discussion for IETF topics but just
   3 hours

   Elena: you mean next week. right?

   McCool: yes

   Elena: I can make it on Thursday before 3pm EET

   McCool: (adds a line about that to the "Known Conflicts"

   Elena: Wed after 5pm EET is not good either
   ... Tue after 4pm also
   ... Mon after 4pm as well
   ... if needed, may try to get adjusted, though

   McCool: will ask Lagally about his availability/conflict too


   [22]Issue 152

     [22] https://github.com/w3c/wot-security/issues/152

   McCool: no response to the PING issue yet

   [23]Issue 161

     [23] https://github.com/w3c/wot-security/issues/161

   McCool: OAuth2 would be important for some of the new use cases
   ... (creates a new issue to re-introduce OAuth2)

   [24]Issue 165 on re-introducing OAuth2

     [24] https://github.com/w3c/wot-security/issues/165

   McCool: we need to set up an authentication server for tests
   ... would be great to have it before the Helsinki f2f meeting
   ... would like to get an implementer to implement OAuth2
   capability for node-wot
   ... starting with one producer and one consumer
   ... need to see what the adequate test would be too
   ... would like to have another implementation in addition to
   ... need to see how many implementations we need
   ... (updates comments on Issue 165)

   [25]updated comments

     [25] https://github.com/w3c/wot-security/issues/165#issue-577882416

   McCool: (also adds another comment)

   [26]new comment to create a PR

     [26] https://github.com/w3c/wot-security/issues/165#issuecomment-596505610


     [27] https://github.com/w3c/wot-security/issues/161

   McCool: (adds a comment to Issue 161 as well)
   ... ACTION: Create a PR into the TD spec for discussion. Note
   however that DIDs are still in flight, so...

   [28]new comment on Issue 161

     [28] https://github.com/w3c/wot-security/issues/161#issuecomment-596506210

   McCool: but have conflicts with the TD call (after US DST
   ... (and then creates a new issue on "Integrity protection to

   [29]Issue 166 on integrity protection

     [29] https://github.com/w3c/wot-security/issues/166

   McCool: (shows the "7.9 Proof" section of the DID draft)

   [30]Decentralized Identifiers v1.0

     [30] https://www.w3.org/TR/did-core/#proof

   McCool: (adds reference to the "Linked Data Proofs" draft)

   [31]Linked Data Proofs 1.0 (CG draft)

     [31] https://w3c-ccg.github.io/ld-proofs/

   McCool: wondering about the relationship between those

   Kaz: we can ask the DID-WG guys for clarification


Summary of Action Items

Summary of Resolutions

   [End of minutes]

    Minutes formatted by David Booth's [32]scribe.perl version
    1.152 ([33]CVS log)
    $Date: 2020/03/23 12:12:21 $

     [32] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [33] http://dev.w3.org/cvsweb/2002/scribe/

Received on Monday, 23 March 2020 19:58:20 UTC