WoT Security -- 17 Feb 2020

<scribe> scribenick: kaz

Review minutes

Feb-10 minutes

McCool: any objections to accept them?

(no objections)

McCool: minutes approved

DID review

McCool: still working on it

David: there was a session on IoT and DID during the DID meeting
... shall I paste the link?

McCool: maybe helpful

<dezell> DIDs and IoT (from 29 January 2020)

<dezell> https://www.w3.org/2019/did-wg/Meetings/Minutes/2020-01-29-did#section4

<McCool> https://www.w3.org/TR/did-core/

<McCool> https://www.w3.org/TR/2020/WD-did-use-cases-20200130/

McCool: (goes through the minutes from the DID f2f meeting)
... think IDs may be managed by some distributed system like blockchain

David: a lot of messages there

McCool: blockchains are not explicitly required but some systems expect it
... the minutes mention IETF/TCG - Device ID - Impllicit Identifier
... this is typical for provisioning, etc.

Kaz: as I mentioned the other day, I also talked with Ivan Herman, the DID-WG Team Contact, and we agreed further collaboration between WoT and DID would be important
... so probably having a joint call would be useful

McCool: make sense
... (updates the WoT Main call wiki with a possible joint call with DID)

WoT Main call wiki

McCool: having a joint call would be a good idea
... Manu Sporny, the main Editor should be also included

Kaz: happy to contact the DID guys about the possible joint call

McCool: David, do you know if they have any survey documents about existing standards, etc.?

<dezell> https://www.w3.org/2019/did-wg/

Kaz: maybe we can look at the references sections of the Use cases document and the DID spec document

McCool: that's true
... would see the abstract first
... e.g., Thing Description could be related to the "resolvable" feature
... also section "2.4 Accessing service endpoints"

2.4 Accessing service endpoints

McCool: but would see more concrete use cases for IoT purposes

David: right
... that is one of the reasons Sam made a presentation on IoT use cases

McCool: and also "2.5 Identifiers in an ecosystem of verifiable credentials (VCs)"

2.5 Identifiers in an ecosystem of verifiable credentials (VCs)

McCool: (looks into the diagram at "3. DID Actions")

3. DID Actions

McCool: don't see any "registration" action here

David: resolution is key point of the decentralized identifiers

McCool: what if we expect some controller which manages the access
... there is "ISSUE 14" saying [[What does it mean for a DID to be "recorded in a registry"?]]

did-use-cases Issue 14

McCool: let me capture this issue on my todo list
... next "3.3 Authenticate"

3.3 Authenticate

McCool: prove control typically through some sort of challenge-response
... need to read through this document
... there is also "3.13 Deactivate"
... we might want to include it into our lifecycle diagram

David: some of the DID guys are active on TLS standardizaton within IETF

McCool: can see that
... then "4. feature/Benefit Grid"

4. Feature/Benefit Grid

McCool: let's see "7. Focal Use Cases"

7. Focal Use Cases

McCool: (goes through the use cases)
... "7.5 Single Sign On" might be relevant for IoT purposes

7.5 Single Sign On (security)

McCool: (also look at the "DID Resolution" doc)

DID Resolution draft

McCool: (then visit the references section of the did-core spec draft)

D. References (did-core)

McCool: several relevant links below