scribenick: kaz
Kaz: is it OK by you to invite Xiaoru to the meeting today?
... note the invited guest also should be aware of the W3C Patent Policy below
... but this is an IG call, so we have less problem
<kaz> https://www.w3.org/Consortium/Patent-Policy-20170801/
<kaz> https://www.w3.org/2003/12/22-pp-faq.html
McCool: OK to invite her
scribenick: nimura
<McCool> https://www.w3.org/2018/08/13-wot-sec-minutes.html
reviewing last minutes.
<kaz> mm: regarding the actions, the second last one on CoAP DTLS is retired. other actions to be carried over for today
<kaz> (minutes accepted)
guest from Baidu, Xiaoru Li
McCool: during TPAC, would have extra meeting in early week, say Monday
<kaz> TD pullrequest 198 - Add CoAP/DTLS "cert" and "public" security schemes
created PR that current TD is checked
<kaz> TD draft - 5.4.1 SecurityScheme
added two new scheme and merged.
CoAP: private, shared, : pre destributed keys
<kaz> TD draft - 5.4.6 PSKSecurityScheme
cert and public key: give identity of system
TD spec does not updated properly yet.
no section for those for public and cert somehow
<kaz> McCool: will check why
<kaz> McCool: need Koster's input
kajiwara san submitted W3C permission for the application
Issue #109
<inserted> issue 109
mostly done, but rendering issue.
<McCool> https://tools.ietf.org/html/rfc7252#section-9.1
<inserted> The Constrained Application Protocol (CoAP)
Section 9.1: defines three schemes
there are some algorithm choices.
this PR is not clitical for current TD
Issue #105
<inserted> issue 105
difficult to prioritize security scheme.
assume implementers work one by one.
security TF does not feel additional feature for prioritize security is necessary.
Issue #102
<kaz> issue 102
Testing TF need to have sets of security recommendation
prioritize CoAP over UDP, but not prioritize others
we will focus on HTTPS-TLS CoAPS-DTLS and MQTT-TLS
but leave out others.
In terms of the recommendation, is there any particular reason to recommend CoAPS-TLS over CoAPS-DTLS?
from the security point of view.
create another md document for collecting those recommendation.
describing wot security best practice.
recommendation for pretty good security and easy to implement
In the current main document, recommendation is high level and good structure.
<McCool> https://github.com/w3c/wot-security/blob/master/wot-security-best-practices.md
will include recommended best practice.
Issue #100
<inserted> issue 100
TD Change and Deletion notification
this relates to immutable identifiers.
Issue #98
<kaz> issue 98
URI template are coming.
Issue #77
<kaz> issue 77
can close this.
kajiwara-san: notification of workshop will be received by this Friday or so.
<kaz> [adjourned]