Meeting minutes
meeting minutes from the last call
<kaz> Feb-22
McCool: meeting minutes approved
cancellations
McCool: next week we have a F2F, so maybe we should skip the security calls on mon march 15 and march 22
McCool: next security call is on March 29, but a short one to capture F2F outcomes
agenda for F2F
<kaz> March vF2F agenda
McCool: currently F2F agenda looks very full and does not have a security session. Does anyone thinks that we should have a security discussion or it is ok not to have it this time?
general consensus is that there has not been enough security changes that would require a separate security session
McCool: instead people should join existing sessions that might touch upon security issues
S&P consideration note update
McCool: changes that should be done in the note update: aligning the terminology with arch doc, updating docs, lifecycle??
AR to Elena to check the current status of lifecycle in the arch spec and raise any issues before the F2F if needed
McCool: the default branch for wot-security has been renamed from master to main. Please update your forks appropriately
issues
issue 197
https://
McCool enters a comment to point out the existing PR against the arch spec
issue 166
Issue 166 - Add integrity protection (proof section) to TDs
McCool reviewed the latest comment on that issue
issue 196
Issue 196 - Consider security issues in Discovery
McCool suggests to review the JSON path draft and puts a comment about it in the issue
issue 194
Issue 194 - Provide guidance on use of OAuth 2 flows
McCool: have we ever addressed this?
Cristiano would try to find the good place to have these recommendations added
McCool it indeed fits the Best Practices document better, but is the best practices even published?
McCool adding a note that we should formally publish the best practices document
McCool creates a new issue under best practices to add oauth2 recommendations
https://
McCool: we should aim to publish the best practices as a note
adding a note to issue https://
other ongoing activities
<kaz> wot-thing-description PR 1058 - WIP: Add JSON pointer assertion to definition of body sec location
McCool puts some comments on this PR
McCool we will be likely to discuss this in TD call further
<kaz> MvCool's comment 1 to PR 1058
<kaz> McCool's comment 2 to PR 1058
<kaz> [adjourned]