- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 16 Nov 2020 17:29:58 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2020/11/09-wot-sec-minutes.html also as text below. Thanks a lot for taking the minutes, Oliver! Kazuyuki --- [1]W3C [1] http://www.w3.org/ - DRAFT - WoT Security 09 Nov 2020 Attendees Present Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Jack_Dickinson, Oliver_Pfaff, Tomoaki_Mizushima, Zoltan_Kis Regrets Cristiano_Aguzzi Chair McCool Scribe Oliver Contents * [2]Topics * [3]Summary of Action Items * [4]Summary of Resolutions __________________________________________________________ <scribe> Scribe: Oliver <kaz> [5]Sep-21 [5] https://www.w3.org/2020/09/21-wot-sec-minutes.html <kaz> [6]vTPAC [6] https://www.w3.org/2020/10/05-22-wot-minutes.html Last meeting was Sept. 21, 2020 Today about reviewing what happened in the meanwhile and plan next steps McCool: (continue to) coordinate with IRTF T2TRG ... some WoT Security document cleanups needed including but not limited to life-cycle <McCool> [7]https://www.w3.org/2020/10/05-22-wot-minutes.html#item06 [7] https://www.w3.org/2020/10/05-22-wot-minutes.html#item06 No objection for publishing WoT Security meeting minutes for Sept. 21, 2020 => get published <McCool> [8]https://github.com/w3c/wot/blob/master/PRESENTATIONS/2020-10 -online-f2f/2020-10-22-WoT-F2F-Security-McCool.pdf [8] https://github.com/w3c/wot/blob/master/PRESENTATIONS/2020-10-online-f2f/2020-10-22-WoT-F2F-Security-McCool.pdf Review of TPAC esp. the WoT Security slides for TPAC WoT Security status presentation was delivered at TPAC by M. McCool and recap'ed during this call Discussion on whether 'order' is meaningful in combo schemes and should be elaborated more Issue shall be created to care about whether (and how) or not to make 'order' meaningful in combo security schemes <McCool> [9]https://github.com/w3c/wot-security/issues/193 [9] https://github.com/w3c/wot-security/issues/193 OAuth presentation was delivered at TPAC by C. Aguzzi and recap'ed during this call Modulo Client Grant Type/Flow most OAuth flows are not well-suited for WoT. This should be explicitly addressed in guidance info Issue #194 created for creating such guidance Composition is a concern: API dedicated to application resp. security functionality. Which mixture? Which relationship? What for which usage? What to call/enforce when?... <McCool> proposal: accept the Security sections (Overview and OAuth2) sections of the TPAC 2020 minutes as revised and reviewed. No objections against publishing the WoT Security-specific portion of the TPAC meeting notes => get published RESOLUTION: accept the Security sections (Overview and OAuth2) sections of the TPAC 2020 minutes as revised and reviewed. Manifest of next step items collected and captured in the call meetings <McCool> [10]https://github.com/w3c/wot-security/issues/195 [10] https://github.com/w3c/wot-security/issues/195 Dec 7 will probably be the last WoT Security call this year Meeting closed Summary of Action Items Summary of Resolutions 1. [11]accept the Security sections (Overview and OAuth2) sections of the TPAC 2020 minutes as revised and reviewed. [End of minutes] __________________________________________________________ Minutes manually created (not a transcript), formatted by David Booth's [12]scribe.perl version ([13]CVS log) $Date: 2020/11/16 08:14:20 $ [12] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [13] http://dev.w3.org/cvsweb/2002/scribe/
Received on Monday, 16 November 2020 08:30:03 UTC