<kaz> scribenick: zkis
<kaz> scribe: Zoltan
Elena: were the F2F sessions decided already?
McCool: happening now
https://www.w3.org/WoT/IG/wiki/F2F_meeting,_24-29_March_2018,_Prague,_Czech_Republic
scribe: what to do for preparing
the F2F agenda
... lifecycle, discussion needed on ER's slides
Elena: one more slide to be added
McCool: list the F2F meetings with conflicting time, to be resolved with ER
McCool showing/editing F2F agenda
McCool: need to prepare security metadata discussion
<kaz> WoT Security Metadata
McCool: discussing "type" and "scheme"
Elena: should be unambiguous
MMC recording it in issue #83
https://github.com/w3c/wot-security/issues/83
Elena: also look at other standards
McCool: looked at several, for
scheme we start with generic, and to specifics later
... how to express ACLs
... scheme + protocol should give the final mechanism
Elena: also consider DoS type attacks for the mechanisms above
McCool: the TD will state the supported schemes, and provide links to forms, the other end picks one
Elena: there's been many attacks in
the past in the negotiation phase
... in general, negotiation should be carefully
approached
... but not really related to the scheme per se
McCool: will check other standards
<kaz> f2f topics
Elena: we also need to schedule the Scripting/Security discussion
McCool updating the agenda for including it
ZK will update the F2F agenda expanding Scripting topics
McCool discussing the other F2F agenda topics
scribe: validation, payments etc
<inserted> kaz: McCool, you put "breakouts" to some of the topics, but do we really want to have them as breakout sessions?
Zoltan: security meetings should not be breakouts, all the WG should be present, since security is pervasive
McCool: agree
https://github.com/w3c/wot-security/issues
discussing issue #82 on OCF Security Model
https://github.com/w3c/wot-security/issues/82
comments recorded in the issue
discussing issue #77 on OAuth
https://github.com/w3c/wot-security/issues/77
McCool makes a new issue about metadata versions
issue #85 https://github.com/w3c/wot-security/issues/85, cross-referenced
will close issue #82 with resolution recorded in the issue
discussing issue #81 about metadata proxy
https://github.com/w3c/wot-security/issues/81
the only security metadata example was given by Matthias in https://github.com/w3c/wot-security/issues/73
there proxy is mentioned
[[
"security": {
"authorization": "Proxy",
"proxyAuthorization": "Basic",
"href": "http://plugfest.thingweb.io:8087"
},
]]
McCool: there is the URL,
authorization type etc, but we might need other information as
well
... so the question is whether should proxy be defined on its
own category
MMC is updating https://github.com/w3c/wot-security/issues/81
Elena: proxy might be only needed in the bootstrapping part of communication
McCool: there may be different links to different proxy configurations
McCool will create a strawman, expects comments online
in issue 81
Zoltan: need examples for valid scheme + proxy combinations
McCool: some examples would be basic, oauth, and ocf etc
Elena: we need to test all valid combinations
not sure we can use oauth with coap, likely yes
McCool will create a table for the combinations
McCool: (basic, oauth, ocf) x
(http, coap)
... for now we support (basic, http), (oauth, http) and (ocf,
coap)
discussing issue https://github.com/w3c/wot-security/issues/79
McCool updated the issue with comment
scribe: agreed that API keys are opaque
McCool: over time, let's close the meeting
next week on the F2F open day
<kaz> https://www.w3.org/2018/03/05-wot-sec-minutes.html
<kaz> https://www.w3.org/2018/03/12-wot-sec-minutes.html
McCool: they are looking good
... no issues recorded with the minutes
... objections?
none
minutes accepted
McCool adjourns the meeting