13:03:49 <RRSAgent> RRSAgent has joined #wot-sec
13:03:49 <RRSAgent> logging to https://www.w3.org/2021/03/08-wot-sec-irc
13:03:57 <kaz> Meeting: WoT Security
13:04:20 <Mizushima> Mizushima has joined #wot-sec
13:04:32 <kaz> present+ Kaz_Ashimura, Michael_McCool, Cristiano_Aguzzi, Elena_Reshetova Oliver_Pfaff
13:05:02 <elena> elena has joined #wot-sec
13:05:08 <kaz> scribenick: elena
13:05:28 <kaz> Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#8_March_2021
13:06:26 <elena> topic 1: meeting minutes from the last call
13:06:36 <kaz> s/topic 1:/topic:/
13:06:50 <kaz> -> https://www.w3.org/2021/02/22-wot-sec-minutes.html Feb-22
13:08:27 <kaz> present+ Tomoaki_Mizushima
13:08:29 <elena> McCool: meeting minutes  approved
13:09:31 <elena> topic: cancellations
13:10:17 <elena> McCool: next week we have a F2F, so maybe we should skip the security calls on mon march 15 and march 22
13:11:21 <elena> McCool: next security call is on March 29, but a short one to capture F2F outcomes
13:12:41 <elena> topic: agenda for F2F
13:13:44 <elena> McCool: currently F2F agenda looks very full and does not have a security session. Does anyone thinks that we should have a security discussion or it is ok not to have it this time?
13:14:27 <elena> general consensus is that there has not been enough security changes that would require a separate security session
13:16:07 <elena> McCool: instead people should join existing sessions that might touch upon security issues
13:16:46 <elena> topic: S&P consideration note update
13:17:21 <kaz> i|currently|-> https://www.w3.org/WoT/IG/wiki/F2F_meeting,_March_2021#Agenda March vF2F agenda|
13:20:11 <elena> McCool: changes that should be done in the note update: aligning the terminology with arch doc, updating docs, lifecycle??
13:23:31 <elena> AR to Elena to check the current status of lifecycle in the arch spec and raise any issues before the F2F if needed
13:24:19 <elena> McCool: the default branch for wot-security has been renamed from master to main. Please update your forks appropriately
13:24:27 <elena> topic: issues
13:25:10 <elena> fist issue - 197
13:25:40 <elena> https://github.com/w3c/wot-security/issues/197
13:26:12 <elena> McCool enters a comment to point out the existing PR against the arch spec
13:27:51 <kaz> s/fist issue - 197/subtopic: issue 197/
13:28:03 <kaz> i/https/-> https/
13:28:04 <citrullin> citrullin has joined #wot-sec
13:29:10 <kaz> s/197/197 Issue 197 - Promoting an approach where every thing is a server is a security nightmare/
13:30:21 <elena> Next issue: https://github.com/w3c/wot-security/issues/166
13:31:11 <elena> McCool reviewed the latest comment on that issue
13:31:40 <elena> next issue: https://github.com/w3c/wot-security/issues/196
13:32:08 <elena> McCool suggests to review the JSON path draft and puts a comment about it in the issue
13:33:48 <elena> next issue: https://github.com/w3c/wot-security/issues/194
13:33:55 <elena> McCool: have we ever addressed this?
13:34:11 <kaz> i/Next issue/subtopic: issue 166/
13:34:33 <kaz> i/196/subtopic: issue 196/
13:34:45 <kaz> i/194/subtopic: issue 194/
13:35:05 <kaz> s/Next issue: /-> /
13:35:32 <elena> Cristiano would try to find the good place to have these recommendations added
13:35:52 <kaz> s/166/166 Issue 166 - Add integrity protection (proof section) to TDs/
13:36:10 <kaz> s/next issue: /-> /g
13:36:30 <elena> McCool it indeed fits the Best Practices document better, but is the best practices even published?
13:37:59 <elena> McCool adding a note that we should formally publish the best practices document
13:38:54 <kaz> s/196/196 Issue 196 - Consider security issues in Discovery/
13:38:58 <elena> McCool creates a new issue under best practices to add oauth2 recommendations
13:39:47 <kaz> s/194/194 Issue 194 - Provide guidance on use of OAuth 2 flows/
13:39:53 <kaz> rrsagent, make log paper
13:40:04 <elena> https://github.com/w3c/wot-security-best-practices/issues/5
13:40:05 <kaz> s/rrsagent, make log paper//
13:40:08 <kaz> rrsagent, make log public
13:40:13 <kaz> rrsagent, draft minutes
13:40:13 <RRSAgent> I have made the request to generate https://www.w3.org/2021/03/08-wot-sec-minutes.html kaz
13:40:24 <elena> McCool: we should aim to publish the best practices as a note
13:42:03 <elena> adding a note to issue https://github.com/w3c/wot-security-best-practices/issues/7
13:43:12 <kaz> Chair: McCool
13:44:06 <elena> topic: other ongoing activities
13:44:59 <kaz> present+ Philipp_Blum
13:45:18 <kaz> -> https://github.com/w3c/wot-thing-description/pull/1058 wot-thing-description PR 1058
13:45:48 <kaz> s/PR 1058/PR 1058 - WIP: Add JSON pointer assertion to definition of body sec location/
13:46:21 <elena> McCool puts some comments on this PR
13:48:25 <elena> McCool we will be likely to discuss this in TD call further
13:54:40 <kaz> rrsagent, draft minutes
13:54:40 <RRSAgent> I have made the request to generate https://www.w3.org/2021/03/08-wot-sec-minutes.html kaz
14:01:45 <kaz> -> https://github.com/w3c/wot-thing-description/pull/1058#issuecomment-792772332 MvCool's comment 1 to PR 1058
14:02:06 <kaz> -> https://github.com/w3c/wot-thing-description/pull/1058#issuecomment-792775065 McCool's comment 2 to PR 1058
14:02:09 <kaz> [adjourned]
14:02:19 <kaz> rrsagent, draft minutes
14:02:19 <RRSAgent> I have made the request to generate https://www.w3.org/2021/03/08-wot-sec-minutes.html kaz
16:09:29 <Zakim> Zakim has left #wot-sec