- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Mon, 20 Sep 2021 20:02:26 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2021/08/30-wot-sec-minutes.html also as text below. Thanks a lot for taking the minutes, Philipp! Kazuyuki --- [1]W3C [1] https://www.w3.org/ WoT Security 30 August 2021 [2]IRC log. [2] https://www.w3.org/2021/08/30-wot-sec-irc Attendees Present Kaz_Ashimura, Michael_McCool, Philipp_Blum, Tomoaki_Mizushima Regrets - Chair McCool Scribe citrullin Contents 1. [3]Review minutes 2. [4]Cleaning up issues and PRs 1. [5]Issue 16 2. [6]Issue 14 3. [7]Issue 13 3. [8]Issue 11 4. [9]Issue 9 Meeting minutes Review minutes <kaz> [10]July-26 [10] https://www.w3.org/2021/07/26-wot-sec-minutes.html McCool: Minutes are reasonable. Any objections publishing them? No objections Cleaning up issues and PRs <kaz> s|[11]https://www.w3.org/WoT/IG/wiki/ WG_WoT_Scripting_API_WebConf#30_August_2021|https://www.w3.org/ WoT/IG/wiki/IG_Security_WebConf#30_August_2021| [11] https://www.w3.org/WoT/IG/wiki/WG_WoT_Scripting_API_WebConf#30_August_2021|https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#30_August_2021| Issue 16 <kaz> [12]Issue 16 - Expand Acknowledgements| [12] https://github.com/w3c/wot-security-best-practices/issues/16 <kaz> ("PR needed" label added) Issue 14 [13]Issue 14 - TD Signatures and Object Security [13] https://github.com/w3c/wot-security-best-practices/issues/14 mc adds comment and assignes Oliver Pfaff. Issue 13 [14]Issue 13 - Update Secure Local Transport| [14] https://github.com/w3c/wot-security-best-practices/issues/13 mc adds comments to issue 13. <kaz> [15]FYI, Decentralized Identifiers (DIDs) v1.0 is now a Proposed REC [15] https://www.w3.org/TR/2021/PR-did-core-20210803/ McCool: Did is a proposal, which is solid and we can use it. Problem is only that not all did methods are secure enough. Philipp: can't we mention some properties which have to fulfilled in order to be secure enough for our purposes? McCool: That is a reasonable point. Can you look into the local security topic? mc adds a comment to the issue. <kaz> [16]DID implementation report [16] https://w3c.github.io/did-test-suite/ McCool: Not all implementations support all feature. pointing out the feature needed is a good idea here. The did:key method is, as far as I know, just a simple local implementation which we might be able to use for this purpose. <McCool> [17]https://w3c-ccg.github.io/did-method-web/ [17] https://w3c-ccg.github.io/did-method-web/ McCool: Let's study this. Issue 11 <kaz> [18]Issue 11 - Define interpretation of MUST, SHOULD [18] https://github.com/w3c/wot-security-best-practices/issues/11 <kaz> [19]related Issue 5 - Recommended OAuth2 flows [19] https://github.com/w3c/wot-security-best-practices/issues/5 <kaz> mc adds a comment to Issue 5 <kaz> [20]McCool's comment [20] https://github.com/w3c/wot-security-best-practices/issues/5#issuecomment-908312346 Issue 9 <kaz> [21]Issue 9|Publish as a Note [21] https://github.com/w3c/wot-security-best-practices/issues/9 McCool: We should focus on key distribution, TD signing and local security. That would be major step forward. McCool: as a start cleaning up OAuth is good. McCool: pb, it would be good, if you can do take a look into the did part. So we can describe the problem and some potential solutions. Philipp: I will take a look into it. <kaz> [adjourned] Minutes manually created (not a transcript), formatted by [22]scribe.perl version 131 (Sat Apr 24 15:23:43 2021 UTC). [22] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 20 September 2021 11:02:30 UTC