- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 12 Jul 2021 12:09:18 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2021/05/17-wot-sec-minutes.html also as text below. Thanks a lot for taking the minutes, Oliver! Kazuyuki --- [1]W3C [1] https://www.w3.org/ ¡V DRAFT ¡V WoT Security 17 May 2021 [2]IRC log. [2] https://www.w3.org/2021/05/17-wot-sec-irc Attendees Present Kaz_Ashimura, Michael_McCool, Oliver_Pfaff, Philipp_Blum, Tomoaki_Mizushima Regrets - Chair McCool Scribe Oliver Contents 1. [3]Minutes 2. [4]TD Issue 940 Meeting minutes Minutes McCool: wording change needed for TD Issue 940 <McCool> for example, LDS might choose to use full URLs for JSON-LD canonical form, which would be problematic for us McCool: wording change needed in Signature section (attribute comment about Lagally action to OAuth) <McCool> change "Michael Lagally will look into those points" to "Regarding moving the detailed OAuth2 description and recommendations to the security best practices document, I will follow up with Michael Lagally" McCool: change for Signature section was reconsidered: remove the line about the above mentioned action McCool: one more wording change needed for TD Issue 940 McCool: minutes approved with the mentioned changes TD Issue 940 [5]https://github.com/w3c/wot-thing-description/issues/940 wot-thing-description issue 940 - Add optional proof section to TDs [5] https://github.com/w3c/wot-thing-description/issues/940 <kaz> [6]McCool's comment to the strategy issue 262 [6] https://github.com/w3c/strategy/issues/262#issuecomment-834479963 <kaz> [7]McCool's issue on lds-wg-charter - W3C Web of Things (WoT) WG supports the W3C LDS WG [7] https://github.com/w3c/lds-wg-charter/issues/78 [8]https://github.com/w3c/wot-thing-description/issues/940: W3C LDS WG adoption was considered and likely to happen [8] https://github.com/w3c/wot-thing-description/issues/940: [9]https://github.com/w3c/wot-thing-description/issues/940: timeline is an issue. W3C LDS WG probably needs 2 years; TD signatures can probably not wait 2 years [9] https://github.com/w3c/wot-thing-description/issues/940: [10]https://github.com/w3c/wot-security/issues/166: discussion about ciphers. current proposal: SHA256 and ECDSA [10] https://github.com/w3c/wot-security/issues/166: [11]https://github.com/w3c/wot-security/issues/166: "ECDSA" was meant in sense of the NIST curves (secp) [11] https://github.com/w3c/wot-security/issues/166: [12]https://github.com/w3c/wot-security/issues/166: NIST curves enjoy broad support (SW/FW/HW) but are subject of some concerns. Not all communities are equally happy with the NIST curves [12] https://github.com/w3c/wot-security/issues/166: An alternative is Curve25519 aka x25519. See [13]https:// ianix.com/pub/curve25519-deployment.html for "Things that use Curve25519" [13] https://ianix.com/pub/curve25519-deployment.html [14]https://github.com/w3c/wot-security/issues/166: likely starting points for elliptic curves for digital signatures: NIST P-256 and x25519 [14] https://github.com/w3c/wot-security/issues/166: [15]https://github.com/w3c/wot-security/issues/168: Use case questionaire status review [15] https://github.com/w3c/wot-security/issues/168: [16]https://github.com/w3c/wot-security/issues/166: review and comments by all particpants is invited [16] https://github.com/w3c/wot-security/issues/166: <McCool> [17]https://github.com/w3c/ wot-security-best-practices/pulls [17] https://github.com/w3c/wot-security-best-practices/pulls WoT security best practices: discussed a PR "Move OAuth2 flows from Use Cases to Best Practices" A merger shall be made to cover this PR <McCool> [18]https://github.com/w3c/ wot-security-best-practices/issues/11 [18] https://github.com/w3c/wot-security-best-practices/issues/11 Meeting closed Minutes manually created (not a transcript), formatted by [19]scribe.perl version 131 (Sat Apr 24 15:23:43 2021 UTC). [19] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 12 July 2021 03:09:26 UTC