<scribe> Scribe: Oliver
<kaz> Sep-21
<kaz> vTPAC
Last meeting was Sept. 21, 2020
Today about reviewing what happened in the meanwhile and plan next steps
McCool: (continue to) coordinate with IRTF T2TRG
... some WoT Security document cleanups needed including but
not limited to life-cycle
<McCool> https://www.w3.org/2020/10/05-22-wot-minutes.html#item06
No objection for publishing WoT Security meeting minutes for Sept. 21, 2020 => get published
Review of TPAC esp. the WoT Security slides for TPAC
WoT Security status presentation was delivered at TPAC by M. McCool and recap'ed during this call
Discussion on whether 'order' is meaningful in combo schemes and should be elaborated more
Issue shall be created to care about whether (and how) or not to make 'order' meaningful in combo security schemes
<McCool> https://github.com/w3c/wot-security/issues/193
OAuth presentation was delivered at TPAC by C. Aguzzi and recap'ed during this call
Modulo Client Grant Type/Flow most OAuth flows are not well-suited for WoT. This should be explicitly addressed in guidance info
Issue #194 created for creating such guidance
Composition is a concern: API dedicated to application resp. security functionality. Which mixture? Which relationship? What for which usage? What to call/enforce when?...
<McCool> proposal: accept the Security sections (Overview and OAuth2) sections of the TPAC 2020 minutes as revised and reviewed.
No objections against publishing the WoT Security-specific portion of the TPAC meeting notes => get published
RESOLUTION: accept the Security sections (Overview and OAuth2) sections of the TPAC 2020 minutes as revised and reviewed.
Manifest of next step items collected and captured in the call meetings
<McCool> https://github.com/w3c/wot-security/issues/195
Dec 7 will probably be the last WoT Security call this year
Meeting closed