McCool: any objections?
(none)
McCool: approved
McCool: Cristiano should once remove
the current PR 515
... and create a new one after his joining the WG a an IE
McCool: cloud provider might be
involved in this use case
... so far there is a list of stakeholders to be chosen,
though
Cristiano: remove "operator" from "directory service operator"
McCool: should keep the name given
it's included in the candidate list
... regarding the motivation section, we need to see the spec
again
Cristiano: ok
McCool: but this is a good starting
point
... expected devices should include a token server
Cristiano: wondering who the "resource owner" is
McCool: wondering about the names
here
... resource owner
... should it be a "resource server"?
... let's keep this asis at the moment and continue the
review
Cristiano: code flow section
... (starting with line 112)
McCool: we should be careful about
the wording
... possible delegation to a third party
... I can do another review path and give comments
Cristiano: great
McCool: you can close this PR 515
itself and submit a new one with your account as an Invited
Expert
... (and closed PR 515)
Zoltan: btw, wondering about the status of Cristiano's IE status
Cristiano: submitted an application and has just been approved
David: no public resource so
far
... but can clarify the points
McCool: we can mail them to provide
summary
... to ask for clarification
David: sure
McCool: about threat model and
implementation recommendations
... let's extract our main points
David: can we go through the requirements?
McCool: sure
David: (gives some background about
Conexxus; like Conexxus is creating interfaces)
... there are two design documents
McCool: (looking for the document)
David: (shares his screen for the
document)
... there is data confidentiality and data encryption within
the data protection section
McCool: would be useful to have questions about the design review
David: questions about
confidentiality and encryption
... and then data integrity
... this came from the payment network
... there is a question about 2-factor or multi-factor
authentication
McCool: OAuth allows multi-factor authentication. right?
David: right
... and then here is a "Compliance" section here
McCool: a possible addition is government regulation compliance
David: right
McCool: this is great
... having a design document and a check list is good
... wondering about if it's kind of Web-oriented
... we should have an IoT-oriented one
... the next step should be distributing the resource to the
group
... the concept of a check list is great
... to be included in the best practices document
David: will send the resource to you
McCool: and I can share it with part of the group as the starting point
McCool: we need to talk about
when/how
... don't have done concrete agenda items yet
McCool: Best practice topics should
be included
... need to work on presentations
... note that June 11 is holiday in Europe
... this is my initial list of topics to be discussed next
week
... do we have any topics which need input here?
... (adds Best practices under "Gather input")
... next week will be the last security call before the
PlugFest/F2F
... but next Monday, there will be the T2TRG workshop at 8-11am
EDT
... so we need to cancel the Security call next week as
well
... (updates the Agenda section of the Security wiki)
... cancel the all on June 8 and June 15
... and then will have a Security session during the F2F on
June 22
... anyway, please watch Cristiano's new PR and review it
... anything else?
(none)
[adjourned]