WoT Security

17 Feb 2020


Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Tomoaki_Mizushima, David_Ezell


<scribe> scribenick: kaz

Review minutes

Feb-10 minutes

McCool: any objections to accept them?

(no objections)

McCool: minutes approved

DID review

McCool: still working on it

David: there was a session on IoT and DID during the DID meeting
... shall I paste the link?

McCool: maybe helpful

<dezell> DIDs and IoT (from 29 January 2020)

<dezell> https://www.w3.org/2019/did-wg/Meetings/Minutes/2020-01-29-did#section4

<McCool> https://www.w3.org/TR/did-core/

<McCool> https://www.w3.org/TR/2020/WD-did-use-cases-20200130/

McCool: (goes through the minutes from the DID f2f meeting)
... think IDs may be managed by some distributed system like blockchain

David: a lot of messages there

McCool: blockchains are not explicitly required but some systems expect it
... the minutes mention IETF/TCG - Device ID - Impllicit Identifier
... this is typical for provisioning, etc.

Kaz: as I mentioned the other day, I also talked with Ivan Herman, the DID-WG Team Contact, and we agreed further collaboration between WoT and DID would be important
... so probably having a joint call would be useful

McCool: make sense
... (updates the WoT Main call wiki with a possible joint call with DID)

WoT Main call wiki

McCool: having a joint call would be a good idea
... Manu Sporny, the main Editor should be also included

Kaz: happy to contact the DID guys about the possible joint call

McCool: David, do you know if they have any survey documents about existing standards, etc.?

<dezell> https://www.w3.org/2019/did-wg/

Kaz: maybe we can look at the references sections of the Use cases document and the DID spec document

McCool: that's true
... would see the abstract first
... e.g., Thing Description could be related to the "resolvable" feature
... also section "2.4 Accessing service endpoints"

2.4 Accessing service endpoints

McCool: but would see more concrete use cases for IoT purposes

David: right
... that is one of the reasons Sam made a presentation on IoT use cases

McCool: and also "2.5 Identifiers in an ecosystem of verifiable credentials (VCs)"

2.5 Identifiers in an ecosystem of verifiable credentials (VCs)

McCool: (looks into the diagram at "3. DID Actions")

3. DID Actions

McCool: don't see any "registration" action here

David: resolution is key point of the decentralized identifiers

McCool: what if we expect some controller which manages the access
... there is "ISSUE 14" saying [[What does it mean for a DID to be "recorded in a registry"?]]

did-use-cases Issue 14

McCool: let me capture this issue on my todo list
... next "3.3 Authenticate"

3.3 Authenticate

McCool: prove control typically through some sort of challenge-response
... need to read through this document
... there is also "3.13 Deactivate"
... we might want to include it into our lifecycle diagram

David: some of the DID guys are active on TLS standardizaton within IETF

McCool: can see that
... then "4. feature/Benefit Grid"

4. Feature/Benefit Grid

McCool: let's see "7. Focal Use Cases"

7. Focal Use Cases

McCool: (goes through the use cases)
... "7.5 Single Sign On" might be relevant for IoT purposes

7.5 Single Sign On (security)

McCool: (also look at the "DID Resolution" doc)

DID Resolution draft

McCool: (then visit the references section of the did-core spec draft)

D. References (did-core)

McCool: several relevant links below

<McCool> https://medium.com/metadium/decentralized-identifiers-the-easy-guide-fb96429e8b24

<McCool> https://medium.com/@adam_14796/understanding-decentralized-ids-dids-839798b91809

<McCool> https://ldapwiki.com/wiki/W3C%20Decentralized%20Identifiers

<McCool> https://ldapwiki.com/wiki/W3C%20Decentralized%20Identifiers

<McCool> https://w3c-ccg.github.io/did-primer/

McCool: suspect some of them might be out-of-date now

<McCool> https://github.com/w3c-ccg/w3c-ccg.github.io

<McCool> https://w3c-ccg.github.io/

Credential CG repo

Credentials CG page

McCool: (revisit the Decentralized Identifiers (did-core) document)

Decentralized Identifiers (DIDs) v1.0

David: (mentions the DID WG page again)

DID WG page

McCool: here is a link to "did-imp-guide"


HTML rendered version

Remaining issues

McCool: will take a glance at the remaining issues

wot-security issues

McCool: need Oliver's clarification
... next issue 160

Issue 160

McCool: Zoltan gave comments
... will catch up with Zoltan


Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2020/02/18 13:49:01 $