WoT Security

25 January 2021


Cristiano_Aguzzi, Elena_Reshetova, Kaz_Ashimura, Michael_McCool, Oliver_Pfaff, Tomoaki_Mizushima

Meeting minutes

<McCool> https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#25_January_2021

meeting minutes from last meeting


McCool: date needs to be corrected

McCool, any objections to the meeting minutes?

McCool: approved

let's look at the issue tracker

McCool: looking at issue 191

https://github.com/w3c/wot-security/issues/191 - Review security architecture of Home Assistant

McCool: let's capture the important points from this issue into our wot-security documentation

McCool creates wot-security/background/hubs.md and puts text from issue 191 there


McCool: now issue 191 can be closed.

McCool closes issue 191

McCool: other similar issues should contribute text in a form of PR towards background/hubs

McCool: look at issue 187

https://github.com/w3c/wot-security/issues/187 - Review security architecture of OpenHAB

McCool: adding text from issue 187 to background/hubs.md

McCool: we would need to have template for describing different hubs

McCool: we will leave the issue 187 open for now in case Oliver wants to make further edits

Apikey and psk explanation improvement

McCool: next let look into issues from agenda

First one: https://github.com/w3c/wot-thing-description/pull/1031 - Improve descriptions of apikey and psk security schemes

McCool: in TD call last week we discussed this

McCool: the new description seems to address the original issue, but we need to covert a couple of statements to assertions

McCool: how do people feel about making it an assertion?

Cristiano: agrees with this approach albeit testing this assertion is a problem

McCool puts some comment into the issue

including the potential wording for the assertions

McCool: the important statement is to make sure that if someone stores secret information (like keys, passwords, etc) in a TD, then they are automatically not compliant with the TD spec

McCool: we will discuss this at next TD call

add URI template location for security scheme parameters

https://github.com/w3c/wot-thing-description/pull/1032 - WIP: Add URI template location for security scheme parameters

McCool: this text is not quite ready yet

McCool: we can use uriVariables instead of uri and parameters here

McCool puts a comment into 1032

together with an example on how it can look like

McCool: If anyone has more comments, please comment also

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).