TF-SP
See also: IRC log
Oliver: today's agenda:
... 1. Proposal for security-enabling the Plugfest@Eurecom F2F:
overview of security-related deliverables and their status,
hands-on session with Postman/Copper
... 2. Security and privacy artifacts in Github
(https://github.com/w3c/wot)
... 3. Status of SP work
items, next steps
... 4. AOB
... any comments on the agenda?
Carsten: could you post the presentation you showed yesterday?
Oliver: I will use the same slides as in yesterday meeting. I could post it in the afternoon.
Oliver shows the presentation slides: Overview of security-enabling
Oliver: the Plugfest in Sapporo
is successful. we would like to continue and carry out the
security aspects.
... We would like include more people.
... we have only 8 weeks left before Christmas.
... So We could not demand the details of
security domain knowledge.
... We need to do what is
possible.
... we would like to have security communications.
... We don't want to finish the whole security functionality.
... We would add components to get instructions on security aspects.
... the trick is to rely on existing standards as much as
possible.
... here is a layout of components showed in Sapporo.
... we would introduce additional components.
... there would be supporting components. communication
protection and security token could be included.
... The servient component has a security token
processing.
... Cleint and RS implementations are like what was done in Sapporo.
... Siemens volunteers to provide AM and AS. And we also
welcome other companies to join it.
... We need to avoid that AM and AS are implemented by
different companies.
... here is the list of materials we would be able to
provide.
... overview, howto and cheatsheet are already existed.
... Cheatsheet includes some code snippets.
... we are willing to give handson help.
Oliver shows the howto document, a 10 pages doc.
Oliver: there is "protected
interaction" chapter.
... We need to do some shortcut.
... there are 10-15 footnotes along the doc.
... we are working with Postman which is a Google Chrome plugin.
... there are some code examples and texts in the howto.
Oliver uses the Postman to show some example.
Oliver: Postman is a google chrome plugin.
... I will show you the registration.
... in the example, we need to give the client_name and grant_types.
... you can select Curl, or Java as the language as you prefer to.
... then you get 201 for the response.
... it is very straightforward to use.
... the only dynamic is the authentication header.
... which is a piece of client code to do.
... you get the 200 response. and you get the access
token.
... it's not a tricky part.
Oliver shows the JWT.
Oliver: we have the type of the
token.
... there is something like as_token.
Oliver explains the minimum data in the payload.
Oliver: this is about the
proposal for the plugfest.
... there is a list of libs. We use the ES256 as default but you could also
select others.
Carsten: the communications between Cllient and AS are protected by other methods that are not covered here?
Oliver: the server has some
authentication.
... there is some instructions in the howto.
[some discussions on the protection of communication between client, AM and AS]
Carsten: is there any way that we don't need to care what the underlying certificaiton is on-going?
Oliver: It can be done.
[some discussion about DTLS/TLS underneath]
Oliver: the slides should be put in the wiki in
this afternoon. I will fine tune the howto document.
... I can send it to you by end of next week.
Oliver shows the wiki landing page.
Oliver: I started moving the wiki
page content into wot github.
... here you can see some subfolders.
... I created the IG-SP folder.
... it is the same content as in wiki.
... I will not move all. For the advanced concept stuff during brainstorming,
I would like to keep them in wiki
Oliver explains the security privacy challenge page in github.
Oliver: I would invite people to
make the move as well.
... the requirements were moved to github as well.
... I also moved the glossary and references to github.
... I will remove the wiki pages that were moved to
github.
... is that ok?
... I will remove the payload in wiki and add the link to
github.
... next call will be in 4 weeks. It should be Jan 7th.
Oliver: no content changes for these 2 weeks.
... everybody is busy with plugfest.
... and will be no further efforts put on it until end of Jan.
... comments?
[no]
Merry Christmas and Happy New year!
[adjourned]
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/Carsten/Oliver/ Found Scribe: Yingying Inferring ScribeNick: Yingying Present: Oliver_Pfaff Yingying_Chen Carsten_Bormann James_Lynn Tibor_Z_Pardi Toru_Kawaguchi WARNING: No meeting title found! You should specify the meeting title like this: <dbooth> Meeting: Weekly Baking Club Meeting Got date from IRC log name: 10 Dec 2015 Guessing minutes URL: http://www.w3.org/2015/12/10-wot-sp-minutes.html People with action items:[End of scribe.perl diagnostic output]