<kaz> scribenick: cris
McCool: any other agenda items for
today?
... ok, let's look at the previous minutes
McCool: ok minutes published with a small correction
McCool: we did our part. (created
issues and label them)
... I'm still organizing DID meeting. Sebastian is looking for
the JSON-LD meeting
... any other thoughts for the F2F ?
... we have to fill some proposal topics in the agenda
... Is there any volunteer able to create a presentation about
the current status of the spec?
Farshid: I am actually in vacation so I could not work a lot on this
McCool: is there any other from
linksmart organization?
... let's leave this open
... is 40 minutes enough?
Farshid: I think we need more
McCool: let's break it down a little
bit
... so now in total we have about 2 and half hours
... by the way it is a full day
<kaz> WoT vF2F dates: Oct 5. 7, 20, 21, 22
McCool: I put Farshid as the session leader
Andrea: I can help with the
semantic section
... I can actually do also syntactic
Cristiano: I can help also
McCool: Ok I'll add your name at the
top level
... I think the Introductions section can be just a walktrough
to each mechanisms.
... Lagally made a nice uml sequence diagram that can help in
the introduction section
... we can also put them in the specs
... I'll provide them
... we just need to focus on the discovery part of architecture lifecycle
<kaz> Lagally's lifecycle diagram 1
<kaz> Lagally's lifecycle diagram 2
McCool: what do we need for directory
security?
... OAuth is an option
... we have that in the current specification document
... should we bind each TD in a directory to a particular user
or owner?
Farshid: I think there is a note in document about this
McCool: I think that we should not tell to a directory the information about the owner.
Kaz: How can we define end-to-end security for discovery?
McCool: right, I think we should
address this. Is there any cases where we need object security
for metadata?
... we have https, but it can leak information in
proxies.
... we are discussing about this in the security task force. We
currently do not have completely addressed how to implement
this
... there is one more thing. kaz, do you know if the new
decentralized web charter address also local https ?
Kaz: not sure
<inserted> proposed Decentralized Web IG Charter
Kaz: there might be some standards (FIDO or Web-Auth) but we have to look at them in the detail
McCool: DID might help here; they
handle certificates differently than https
... we probably should add the local interaction as a
requirement for security in TDD document
... about user identities are we ok with using just OAuth?
Farshid: it is a good start
McCool: ok let's validate OAuth
<inserted> PR 61
McCool: ok merge #61 it is pretty
straightforward.
... How do you define a partial TD?
Farshid: it is a TD that does not have all the required fields of a TD
<inserted> PR 60
McCool: PR #60.
... we discussed last time and it seems that Toumura-san updated
the PR with our feedback
... there is also a nice sequence diagram
... section 6-1 needs more text
... anyway I think it is ok, we can improve it later
... merged
... I'd add a comment metioning that metadata is not supposed
to be provided in urls
<inserted> PR 68
McCool: PR 68 is good, merging
<inserted> PR 47
Andrea: I followed your feedback in PR 47
McCool: there are some conflicts
now
... could you fix them ?
... Please Farshid and Cristiano can you review it?
... ok we'll merge this the next week
<kaz> proposed Decentralized Web IG Charter
Kaz: one final comment, the DW IG charter is just a template at the moment
McCool: ok thanks everybody for today
<kaz> [adjourned]