- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 20 Sep 2021 20:02:26 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2021/08/30-wot-sec-minutes.html
also as text below.
Thanks a lot for taking the minutes, Philipp!
Kazuyuki
---
[1]W3C
[1] https://www.w3.org/
WoT Security
30 August 2021
[2]IRC log.
[2] https://www.w3.org/2021/08/30-wot-sec-irc
Attendees
Present
Kaz_Ashimura, Michael_McCool, Philipp_Blum,
Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
citrullin
Contents
1. [3]Review minutes
2. [4]Cleaning up issues and PRs
1. [5]Issue 16
2. [6]Issue 14
3. [7]Issue 13
3. [8]Issue 11
4. [9]Issue 9
Meeting minutes
Review minutes
<kaz> [10]July-26
[10] https://www.w3.org/2021/07/26-wot-sec-minutes.html
McCool: Minutes are reasonable. Any objections publishing them?
No objections
Cleaning up issues and PRs
<kaz> s|[11]https://www.w3.org/WoT/IG/wiki/
WG_WoT_Scripting_API_WebConf#30_August_2021|https://www.w3.org/
WoT/IG/wiki/IG_Security_WebConf#30_August_2021|
[11] https://www.w3.org/WoT/IG/wiki/WG_WoT_Scripting_API_WebConf#30_August_2021|https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#30_August_2021|
Issue 16
<kaz> [12]Issue 16 - Expand Acknowledgements|
[12] https://github.com/w3c/wot-security-best-practices/issues/16
<kaz> ("PR needed" label added)
Issue 14
[13]Issue 14 - TD Signatures and Object Security
[13] https://github.com/w3c/wot-security-best-practices/issues/14
mc adds comment and assignes Oliver Pfaff.
Issue 13
[14]Issue 13 - Update Secure Local Transport|
[14] https://github.com/w3c/wot-security-best-practices/issues/13
mc adds comments to issue 13.
<kaz> [15]FYI, Decentralized Identifiers (DIDs) v1.0 is now a
Proposed REC
[15] https://www.w3.org/TR/2021/PR-did-core-20210803/
McCool: Did is a proposal, which is solid and we can use it.
Problem is only that not all did methods are secure enough.
Philipp: can't we mention some properties which have to
fulfilled in order to be secure enough for our purposes?
McCool: That is a reasonable point. Can you look into the local
security topic?
mc adds a comment to the issue.
<kaz> [16]DID implementation report
[16] https://w3c.github.io/did-test-suite/
McCool: Not all implementations support all feature. pointing
out the feature needed is a good idea here. The did:key method
is, as far as I know, just a simple local implementation which
we might be able to use for this purpose.
<McCool> [17]https://w3c-ccg.github.io/did-method-web/
[17] https://w3c-ccg.github.io/did-method-web/
McCool: Let's study this.
Issue 11
<kaz> [18]Issue 11 - Define interpretation of MUST, SHOULD
[18] https://github.com/w3c/wot-security-best-practices/issues/11
<kaz> [19]related Issue 5 - Recommended OAuth2 flows
[19] https://github.com/w3c/wot-security-best-practices/issues/5
<kaz> mc adds a comment to Issue 5
<kaz> [20]McCool's comment
[20] https://github.com/w3c/wot-security-best-practices/issues/5#issuecomment-908312346
Issue 9
<kaz> [21]Issue 9|Publish as a Note
[21] https://github.com/w3c/wot-security-best-practices/issues/9
McCool: We should focus on key distribution, TD signing and
local security. That would be major step forward.
McCool: as a start cleaning up OAuth is good.
McCool: pb, it would be good, if you can do take a look into
the did part. So we can describe the problem and some potential
solutions.
Philipp: I will take a look into it.
<kaz> [adjourned]
Minutes manually created (not a transcript), formatted by
[22]scribe.perl version 131 (Sat Apr 24 15:23:43 2021 UTC).
[22] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 20 September 2021 11:02:30 UTC