[wot-security] minutes - 30 August 2021

available at:
  https://www.w3.org/2021/08/30-wot-sec-minutes.html

also as text below.

Thanks a lot for taking the minutes, Philipp!

Kazuyuki

---
   [1]W3C

      [1] https://www.w3.org/

                              WoT Security

30 August 2021

   [2]IRC log.

      [2] https://www.w3.org/2021/08/30-wot-sec-irc

Attendees

   Present
          Kaz_Ashimura, Michael_McCool, Philipp_Blum,
          Tomoaki_Mizushima

   Regrets
          -

   Chair
          McCool

   Scribe
          citrullin

Contents

    1. [3]Review minutes
    2. [4]Cleaning up issues and PRs
         1. [5]Issue 16
         2. [6]Issue 14
         3. [7]Issue 13
    3. [8]Issue 11
    4. [9]Issue 9

Meeting minutes

  Review minutes

   <kaz> [10]July-26

     [10] https://www.w3.org/2021/07/26-wot-sec-minutes.html

   McCool: Minutes are reasonable. Any objections publishing them?

   No objections

  Cleaning up issues and PRs

   <kaz> s|[11]https://www.w3.org/WoT/IG/wiki/
   WG_WoT_Scripting_API_WebConf#30_August_2021|https://www.w3.org/
   WoT/IG/wiki/IG_Security_WebConf#30_August_2021|

     [11] https://www.w3.org/WoT/IG/wiki/WG_WoT_Scripting_API_WebConf#30_August_2021|https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#30_August_2021|

    Issue 16

   <kaz> [12]Issue 16 - Expand Acknowledgements|

     [12] https://github.com/w3c/wot-security-best-practices/issues/16

   <kaz> ("PR needed" label added)

    Issue 14

   [13]Issue 14 - TD Signatures and Object Security

     [13] https://github.com/w3c/wot-security-best-practices/issues/14

   mc adds comment and assignes Oliver Pfaff.

    Issue 13

   [14]Issue 13 - Update Secure Local Transport|

     [14] https://github.com/w3c/wot-security-best-practices/issues/13

   mc adds comments to issue 13.

   <kaz> [15]FYI, Decentralized Identifiers (DIDs) v1.0 is now a
   Proposed REC

     [15] https://www.w3.org/TR/2021/PR-did-core-20210803/

   McCool: Did is a proposal, which is solid and we can use it.
   Problem is only that not all did methods are secure enough.

   Philipp: can't we mention some properties which have to
   fulfilled in order to be secure enough for our purposes?

   McCool: That is a reasonable point. Can you look into the local
   security topic?

   mc adds a comment to the issue.

   <kaz> [16]DID implementation report

     [16] https://w3c.github.io/did-test-suite/

   McCool: Not all implementations support all feature. pointing
   out the feature needed is a good idea here. The did:key method
   is, as far as I know, just a simple local implementation which
   we might be able to use for this purpose.

   <McCool> [17]https://w3c-ccg.github.io/did-method-web/

     [17] https://w3c-ccg.github.io/did-method-web/

   McCool: Let's study this.

  Issue 11

   <kaz> [18]Issue 11 - Define interpretation of MUST, SHOULD

     [18] https://github.com/w3c/wot-security-best-practices/issues/11

   <kaz> [19]related Issue 5 - Recommended OAuth2 flows

     [19] https://github.com/w3c/wot-security-best-practices/issues/5

   <kaz> mc adds a comment to Issue 5

   <kaz> [20]McCool's comment

     [20] https://github.com/w3c/wot-security-best-practices/issues/5#issuecomment-908312346

  Issue 9

   <kaz> [21]Issue 9|Publish as a Note

     [21] https://github.com/w3c/wot-security-best-practices/issues/9

   McCool: We should focus on key distribution, TD signing and
   local security. That would be major step forward.

   McCool: as a start cleaning up OAuth is good.

   McCool: pb, it would be good, if you can do take a look into
   the did part. So we can describe the problem and some potential
   solutions.

   Philipp: I will take a look into it.

   <kaz> [adjourned]


    Minutes manually created (not a transcript), formatted by
    [22]scribe.perl version 131 (Sat Apr 24 15:23:43 2021 UTC).

     [22] https://w3c.github.io/scribe2/scribedoc.html

Received on Monday, 20 September 2021 11:02:30 UTC