[wot-security] minutes - 17 May 2021

available at:
  https://www.w3.org/2021/05/17-wot-sec-minutes.html


also as text below.

Thanks a lot for taking the minutes, Oliver!

Kazuyuki

---
   [1]W3C

      [1] https://www.w3.org/


                             ¡V DRAFT ¡V
                              WoT Security

17 May 2021

   [2]IRC log.

      [2] https://www.w3.org/2021/05/17-wot-sec-irc


Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Oliver_Pfaff,
          Philipp_Blum, Tomoaki_Mizushima

   Regrets
          -

   Chair
          McCool

   Scribe
          Oliver

Contents

    1. [3]Minutes
    2. [4]TD Issue 940

Meeting minutes

  Minutes

   McCool: wording change needed for TD Issue 940

   <McCool> for example, LDS might choose to use full URLs for
   JSON-LD canonical form, which would be problematic for us

   McCool: wording change needed in Signature section (attribute
   comment about Lagally action to OAuth)

   <McCool> change "Michael Lagally will look into those points"
   to "Regarding moving the detailed OAuth2 description and
   recommendations to the security best practices document, I will
   follow up with Michael Lagally"

   McCool: change for Signature section was reconsidered: remove
   the line about the above mentioned action

   McCool: one more wording change needed for TD Issue 940

   McCool: minutes approved with the mentioned changes

  TD Issue 940

   [5]https://github.com/w3c/wot-thing-description/issues/940

   wot-thing-description issue 940 - Add optional proof section to
   TDs

      [5] https://github.com/w3c/wot-thing-description/issues/940


   <kaz> [6]McCool's comment to the strategy issue 262

      [6] https://github.com/w3c/strategy/issues/262#issuecomment-834479963


   <kaz> [7]McCool's issue on lds-wg-charter - W3C Web of Things
   (WoT) WG supports the W3C LDS WG

      [7] https://github.com/w3c/lds-wg-charter/issues/78


   [8]https://github.com/w3c/wot-thing-description/issues/940: W3C
   LDS WG adoption was considered and likely to happen

      [8] https://github.com/w3c/wot-thing-description/issues/940:

   [9]https://github.com/w3c/wot-thing-description/issues/940:

   timeline is an issue. W3C LDS WG probably needs 2 years; TD
   signatures can probably not wait 2 years

      [9] https://github.com/w3c/wot-thing-description/issues/940:


   [10]https://github.com/w3c/wot-security/issues/166: discussion
   about ciphers. current proposal: SHA256 and ECDSA

     [10] https://github.com/w3c/wot-security/issues/166:


   [11]https://github.com/w3c/wot-security/issues/166: "ECDSA" was
   meant in sense of the NIST curves (secp)

     [11] https://github.com/w3c/wot-security/issues/166:


   [12]https://github.com/w3c/wot-security/issues/166: NIST curves
   enjoy broad support (SW/FW/HW) but are subject of some
   concerns. Not all communities are equally happy with the NIST
   curves

     [12] https://github.com/w3c/wot-security/issues/166:


   An alternative is Curve25519 aka x25519. See [13]https://
   ianix.com/pub/curve25519-deployment.html for "Things that use
   Curve25519"

     [13] https://ianix.com/pub/curve25519-deployment.html


   [14]https://github.com/w3c/wot-security/issues/166: likely
   starting points for elliptic curves for digital signatures:
   NIST P-256 and x25519

     [14] https://github.com/w3c/wot-security/issues/166:


   [15]https://github.com/w3c/wot-security/issues/168: Use case
   questionaire status review

     [15] https://github.com/w3c/wot-security/issues/168:


   [16]https://github.com/w3c/wot-security/issues/166: review and
   comments by all particpants is invited

     [16] https://github.com/w3c/wot-security/issues/166:


   <McCool> [17]https://github.com/w3c/

   wot-security-best-practices/pulls

     [17] https://github.com/w3c/wot-security-best-practices/pulls


   WoT security best practices: discussed a PR "Move OAuth2 flows
   from Use Cases to Best Practices"

   A merger shall be made to cover this PR

   <McCool> [18]https://github.com/w3c/

   wot-security-best-practices/issues/11

     [18] https://github.com/w3c/wot-security-best-practices/issues/11


   Meeting closed


    Minutes manually created (not a transcript), formatted by
    [19]scribe.perl version 131 (Sat Apr 24 15:23:43 2021 UTC).

     [19] https://w3c.github.io/scribe2/scribedoc.html

Received on Monday, 12 July 2021 03:09:26 UTC