12:53:25 <RRSAgent> RRSAgent has joined #wot-sp
12:53:25 <RRSAgent> logging to http://www.w3.org/2015/12/10-wot-sp-irc
12:54:02 <trackbot> trackbot has joined #wot-sp
12:54:28 <Zakim> Zakim has joined #wot-sp
12:58:27 <Oliver> Oliver has joined #wot-sp
13:07:18 <Yingying> chair: Oliver
13:07:23 <Yingying> scribe: Yingying
13:07:40 <Yingying> Oliver: today's agenda:
13:08:01 <Yingying> ...1. Proposal for security-enabling the Plugfest@Eurecom F2F: overview of security-related deliverables and their status, hands-on session with Postman/Copper
13:08:14 <Yingying> 2. Security and privacy artifacts in Github (https://github.com/w3c/wot)
13:08:26 <Yingying> ...3. Status of SP work items, next steps
13:08:34 <Yingying> ...4. AOB
13:08:44 <Yingying> ...any comments on the agenda.
13:09:19 <Yingying> Carsten: could you post the presentation showed yesterday?
13:09:51 <Yingying> Oliver: I will use the same slides in yesterday meeting. I can post it in the afternoon.
13:10:12 <Yingying> Oliver shows the presentation slides.
13:10:45 <Yingying> Oliver: the Plugfest in Sapporo is successful. we would like to continue and carry out the security aspects.
13:11:02 <Yingying> ...We would like include more people.
13:11:16 <Yingying> ...we have only 8 weeks left before Christmas.
13:11:48 <Yingying> So We could not do the detail demands of security domain knowledge.
13:12:02 <Yingying> ...We need to do what is possible.
13:12:21 <Yingying> ...we would like to have security communications.
13:12:51 <Yingying> ...We don't want to finish the security.
13:13:18 <Yingying> ...We would add component to instruct where to get instructions on security aspects.
13:13:50 <Yingying> ... the trick is to rely on existing standards as much as possible.
13:14:13 <Yingying> ...here is a layout of components showed in Sapporo.
13:14:35 <Yingying> ...we would introduce additional components.
13:16:04 <Yingying> ...there would be supporting components. communication protection and security token could be included.
13:16:49 <Yingying> ...The servient component has a security token processing.
13:17:49 <Yingying> ...C and RS implementations like in Sapporo.
13:18:47 <Yingying> ...Siemens volunteers to provide AM and AS. And we also welcome other companies to join it.
13:19:31 <Yingying> ...We need to avoid that AM and AS are implemented by different companies.
13:19:51 <Yingying> ...here is the list of materials we would be able to provide.
13:20:41 <Yingying> ...overview, howto and cheatsheet are already existed.
13:21:11 <Yingying> ...Cheatsheet includes some code snippets.
13:21:33 <Yingying> ...we are willing to give handson help.
13:21:55 <Yingying> Oliver shows the howto document, a 10 pages doc.
13:22:28 <Yingying> Oliver: there is "protected interaction" chapter.
13:23:06 <Yingying> ...We need to do some shortcut.
13:23:48 <Yingying> ...there 10-15 footnotes along the doc.
13:24:03 <Yingying> ...we are working with PostMan from Google.
13:24:49 <Yingying> ...there are some code examples and text.
13:25:41 <Yingying> Oliver uses the Postman to show some example.
13:25:58 <J_Lynn> J_Lynn has joined #wot-sp
13:26:02 <Yingying> ...Postman is a google chrome plugin.
13:26:20 <Yingying> ...I will show you the registration.
13:27:17 <Yingying> ...in example, we need to give the client_name and grant_types.
13:27:55 <Yingying> ...you can select Curl, or Java as the language you prefer.
13:28:14 <Yingying> ...then you get 201 for the response.
13:28:42 <Yingying> ...it is very straightforward to use.
13:29:38 <Yingying> ...the only dynamic is the authentication header.
13:29:48 <Yingying> ...which is a piece of client code to do.
13:30:04 <Yingying> ...you get the 200 response. and you get the access token.
13:30:12 <Yingying> ...it's not a tricky part.
13:31:12 <Yingying> Oliver shows the JWT.
13:31:50 <Yingying> Oliver: we have the type of the token.
13:32:17 <Yingying> ...there is something like as_token.
13:32:45 <toru> toru has joined #wot-sp
13:33:35 <Yingying> Oliver explains the minimum data in the payload.
13:34:09 <Yingying> Oliver: this is about the proposal for the plugfest.
13:35:34 <Yingying> ...there is a list of libs. We use the ES256 as default but we could also select others.
13:36:26 <Yingying> Carsten: the communication between C and AS are protected by other methods not covered here.
13:36:33 <Yingying> ...?
13:36:53 <Yingying> Oliver: the server has some authentication.
13:37:14 <Yingying> ...there is some instructions in the howto.
13:39:41 <Yingying> [some discussions on the protection of communication between client, AM and AS]
13:40:38 <Yingying> Carsten: is there any way that we don't need to care the certificaiton is on-going?
13:42:25 <Yingying> Oliver: It can be done.
13:43:42 <Yingying> [some discussion about DTLS/TLS underneath]
13:50:30 <Yingying> Carsten: the slides should be in the wiki this afternoon. I will fine tune the howto document and deliver it in the mid of next week.
13:50:46 <Yingying> s/Carsten/Oliver
13:51:25 <Yingying> Oliver: I can send it to you by end of next week.
13:51:52 <Yingying> Topic: Security and privacy artifacts in Github
13:52:20 <Yingying> Oliver shows the wiki landing page.
13:52:55 <Yingying> Oliver: I started moving the wiki page content into wot github.
13:53:11 <Yingying> ...here you can see some subfolders.
13:53:33 <Yingying> ...I created the IG-SP folder.
13:53:47 <Yingying> ...it is the same content as in wiki.
13:54:51 <Yingying> ...I will not move all. For the advanced concept stuff in brainstorming, I would like to keep them in wiki
13:56:02 <Yingying> Oliver explains the security privacy challenges in github.
13:56:38 <Yingying> Oliver: I would invite people to make the move as well.
13:57:13 <Yingying> ...the requirements were moved to github as well.
13:57:40 <Yingying> ...I also moved the glossary and references to github.
13:58:52 <Yingying> ...I will remove the wiki pages that were moved to github.
13:59:02 <Yingying> ...is that ok?
13:59:35 <Yingying> ...I will remove the payload in wiki and add the link to github.
14:01:09 <J_Lynn> present+
14:01:11 <Yingying> ...next call will be in 4 weeks. It should be Jan 17th.
14:02:09 <Yingying> Topic: Status of SP work items, next steps
14:02:21 <Yingying> Oliver: no content changes
14:02:33 <Yingying> ...since 2 weeks.
14:02:50 <Yingying> ...everybody is busy with plugfest.
14:03:46 <Yingying> ...no further works until end of Jan.
14:04:03 <Yingying> ...comments?
14:04:09 <Yingying> [no]
14:04:34 <Yingying> Merry Christmas and Happy New year!
14:05:00 <Yingying> [adjourned]
14:06:14 <Yingying> present: Oliver_Pfaff, Yingying_Chen, Carsten_Bormann, James_Lynn, Tibor_Z_Pardi, Toru_Kawaguchi
14:06:21 <Yingying> rrsagent, make minutes
14:06:21 <RRSAgent> I have made the request to generate http://www.w3.org/2015/12/10-wot-sp-minutes.html Yingying
14:07:10 <Yingying> rrsagent, make minutes
14:07:10 <RRSAgent> I have made the request to generate http://www.w3.org/2015/12/10-wot-sp-minutes.html Yingying
14:07:19 <Yingying> rrsagent, make log public
15:11:41 <yingying> yingying has joined #wot-sp
16:31:00 <Zakim> Zakim has left #wot-sp
16:51:02 <Yingying> Yingying has joined #wot-sp
17:19:45 <tzp> tzp has joined #wot-sp