13:02:51 <RRSAgent> RRSAgent has joined #wot-sec
13:02:51 <RRSAgent> logging to https://www.w3.org/2021/02/15-wot-sec-irc
13:03:02 <kaz> Meeting: WoT Security
13:03:03 <citrullin> citrullin has joined #wot-sec
13:03:07 <kaz> chair: McCool
13:03:30 <kaz> present+ Kaz_Ashimura, Cristiano_Aguzzi, Michael_Mcool, Oliver_Pfaff
13:03:33 <citrullin> Can someone send me the webex link?
13:04:29 <citrullin> present+ Philipp-Alexander_Blum
13:05:12 <cris_> cris_ has joined #wot-sec
13:05:44 <McCool> McCool has joined #wot-sec
13:06:25 <McCool> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#15_February_2021
13:08:21 <kaz> scribenick: cris_
13:08:39 <cris_> topic: previous minutes
13:09:44 <cris_> mc: we discussed management API on scripting api. We need some text to describe what is out of the scope in scripting api
13:09:59 <kaz> i|discussed|-> https://www.w3.org/2021/02/01-wot-sec-minutes.html Feb-1|
13:10:36 <cris_> ... I also opened an issue in discovery. we'll look at it next
13:10:47 <cris_> s/next/later/
13:11:03 <cris_> ... finally APA
13:11:14 <kaz> present+ Tomoaki_Mizushima
13:11:19 <cris_> ... any objections for accepting the minutes?
13:11:32 <cris_> ... ok we'll publish these
13:11:36 <cris_> ... any updates?
13:11:40 <cris_> ... none
13:11:49 <cris_> topic: issues
13:12:12 <cris_> mc: I'll go through open issues in the security repo
13:13:18 <cris_> mc: Lagally want a writeup about canocalization of TDs. It is related to #166
13:15:28 <cris_> cris: I opened some issues about security and management apis on scripting api, we could check them out
13:16:41 <cris_> mc: yeah true, meanwhile I notice some problems with the published minutes. Links has a trailing column which cause an error
13:17:12 <cris_> s/has a/have a/
13:17:44 <cris_> kaz: fixing
13:18:03 <cris_> mc: Ok we'll check them later.
13:18:18 <cris_> topic issue 166
13:18:38 <cris_> kaz: btw links fixed
13:19:15 <kaz> -> https://github.com/w3c/wot-security/issues/166 wot-security issue 166 - Add integrity protection (proof section) to TDs
13:19:25 <kaz> rrsagent, make log public
13:19:30 <kaz> rrsagent, draft minutes
13:19:30 <RRSAgent> I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
13:19:56 <cris_> mc: we disscussed about minimum requirement for constraint devices. We focus about the minimum memory requirement to handle a TD. We nailed down the discussion to the size of the TD.
13:20:21 <citrullin> +q Still having an issue to find use-cases where it makes sense to process TDs on constrained devices.
13:20:31 <cris_> ... we concluded to have a min size of 64Kb
13:20:38 <citrullin> +q
13:23:24 <cris_> mc: the problem is signing needs canonicalization but smal devices might not be able to perform the process.
13:26:05 <cris_> cris: canonicalization could happen at development time.
13:26:43 <cris_> mc: we could even make canonicalization part of the sign process but it will burden a constraint device.
13:29:22 <cris_> philipp: 64kb might not be enough.
13:29:42 <cris_> mc: we found libraries capable to handle our requirements in 64Kb
13:29:45 <cris_> q?
13:30:22 <McCool> https://github.com/w3c/wot-testing/blob/main/events/2021.03.Online/reference/hw.md
13:30:33 <cris_> mc: we could move this question to the profile call
13:30:47 <kaz> s/https/-> https/
13:31:06 <kaz> s/hw.md/hw.md WoT Reference Platform/
13:33:40 <cris_> mc: the trouble with small devices is that we might not have a communication hardware stack. however we were able to implement wot in small devices like esp32
13:35:02 <cris_> Philipp: I currently working with XXX that has ZZZ RAM and I have able to expose a TD. However, consuming a TD is surely too much.
13:35:18 <cris_> s/XXX/Nordic NRF-52832/
13:35:33 <cris_> s/ZZZ/32 Kb/
13:36:19 <cris_> cris: why consuming a TD is too much? can you read it in streaming mode?
13:36:46 <cris_> Philipp: I need to parse JSON which kinda heavy.
13:36:56 <cris_> ... plus I don't see the use case for this
13:37:12 <cris_> ... btw the Nordic has also hardware accelaration
13:37:32 <cris_> ... for signing and maybe SSL
13:38:23 <cris_> cris: I agree that the use case is a little bit off.
13:39:55 <cris_> ... using a JSON streaming parse you might be able to consume a TD
13:40:25 <citrullin> Agree, that sounds more reasonable.
13:40:31 <cris_> mc: Intresting, about validation process I'm noting down that before signing a TD should be valid
13:40:54 <cris_> s/parse/parser/
13:41:54 <cris_> mc: I think there's some use cases for consuming TDs in sensors. I'm noting down a peer-to-peer pairing example in issue #166
13:45:20 <cris_> cris: btw canonicalization could help streaming parser to optimize searching of particular conditions
13:45:27 <cris_> mc: true, noting that down
13:46:03 <cris_> ... also having standard semantic types could be useful.
13:47:43 <cris_> ... related to the peer-to-peer example we could even think about filter parameters in the direct discovery process.
13:49:10 <cris_> ... in short if you know exactly what you're looking for you could extract it without having the whole TD in memory
13:51:56 <cris_> ... does this description convince you, Philipp?
13:52:23 <cris_> Philipp: Probably I need to read more about business environments but yes
13:52:33 <cris_> ... streaming makes for sure sense
13:52:40 <cris_> ... a lot things to think about
13:53:22 <cris_> mc: we still have a lot of todos here. One is to survey hardware accelerators. TDs should be compatible whit such a hardware
13:53:41 <cris_> ... Philipp could you please do this? at least for you device?
13:53:53 <cris_> Philipp: ok
13:54:58 <cris_> mc: chain of proof is flexible about the algorithm used. So we just need to choose one according to the survey
13:55:09 <kaz> rrsagent, make log public
13:55:40 <cris_> topic: Geolocation
13:57:06 <McCool> https://github.com/w3c/wot-discovery/pull/114
13:57:08 <cris_> mc: working on #114
13:59:54 <cris_> ... there's a section about privacy. I have to be careful when sharing locations. It can be even inferred by a registration in a particular TD
14:00:27 <kaz> rrsagent, draft minutes
14:00:27 <RRSAgent> I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
14:00:42 <cris_> ... also history about a location could be used to infer velocity and learn about the fact the user was on a vehicle or not.
14:01:37 <kaz> rrsagent, draft minutes
14:01:37 <RRSAgent> I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
14:02:48 <kaz> [adjourned]
14:02:50 <kaz> rrsagent, draft minutes
14:02:50 <RRSAgent> I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
14:03:15 <cris_> https://github.com/w3c/wot-scripting-api/issues/299
14:03:34 <cris_> https://github.com/w3c/wot-scripting-api/pull/289#issuecomment-775182073
14:03:45 <cris_> https://github.com/w3c/wot-scripting-api/issues/298
14:04:48 <McCool> ok, great
14:04:56 <McCool> captured, we can discuss more next time
14:05:11 <McCool> thanks a lot, ttyl
14:05:17 <cris_> nice! see you in the next call
14:55:20 <citrullin> citrullin has joined #wot-sec
15:39:35 <Zakim> Zakim has left #wot-sec