IRC log of wot-sec on 2021-04-12
Timestamps are in UTC.
- 12:03:04 [RRSAgent]
- RRSAgent has joined #wot-sec
- 12:03:04 [RRSAgent]
- logging to https://www.w3.org/2021/04/12-wot-sec-irc
- 12:07:25 [kaz]
- Meeting: WoT Security
- 12:07:45 [kaz]
- present+ Kaz_Ashimura, Michael_McCol, Elena_Reshetova, Philipp_Blum
- 12:07:54 [kaz]
- scribenick: elena
- 12:08:09 [elena]
- topic: minutes from March 8
- 12:08:23 [elena]
- https://www.w3.org/2021/03/08-wot-sec-minutes.html
- 12:09:29 [kaz]
- s/https/-> https/
- 12:09:35 [kaz]
- s/html/html March-8
- 12:09:42 [kaz]
- present+ Tomoaki_Mizushima
- 12:11:25 [citrullin]
- Michael, you are not in the call anymore
- 12:14:07 [zkis2]
- zkis2 has joined #wot-sec
- 12:26:12 [elena]
- minutes accepted
- 12:26:29 [McCool]
- https://github.com/w3c/wot-thing-description/pull/1086
- 12:26:31 [elena]
- topic: PR for TD canonicalization
- 12:26:57 [kaz]
- s|https://github.com/w3c/wot-thing-description/pull/1086||
- 12:27:03 [kaz]
- -> https://github.com/w3c/wot-thing-description/pull/1086 PR 1086
- 12:27:34 [kaz]
- s/PR for/PR 1086 for/
- 12:27:53 [elena]
- topic: issues
- 12:27:58 [McCool]
- https://github.com/w3c/wot-security/issues/194
- 12:28:11 [McCool]
- https://w3c.github.io/wot-usecases/#oauth
- 12:30:07 [elena]
- McCool: what is the good location for this text? It is currently in use cases
- 12:30:34 [kaz]
- s|https|-> https|
- 12:30:36 [kaz]
- s|https|-> https|
- 12:31:19 [kaz]
- s/#oauth|#oauth WoT Use Cases Editor's draft - 5.7.1 OAuth2 Flows|
- 12:31:34 [elena]
- Philipp: is it the intention of best practices only for recommendation or as must?
- 12:32:07 [elena]
- McCool: Best Practices are suggestions, but if you want to satisfy a profile, they would be normative
- 12:32:22 [kaz]
- s/194/194 wot-security Issue 194 - Provide guidance on use of OAuth 2 flows/
- 12:33:03 [elena]
- McCool: profiles are normative, so we have to do a capital must
- 12:33:55 [elena]
- McCool: but we might have to copy assertions to normative profile doc
- 12:34:30 [elena]
- McCool: what should our recommendations be?
- 12:36:34 [elena]
- McCool puts possible recommendations to the issue comment
- 12:39:27 [elena]
- these recommendations should part of security best practices doc
- 12:40:24 [elena]
- McCool: can anyone volunteer to extract the relevant parts and move it to the Best Practices doc?
- 12:40:49 [elena]
- McCool: we still have to decide if we publish Best Practices separately
- 12:43:08 [elena]
- Philipp volunteers
- 12:46:34 [elena]
- McCool: object security, issue 185, putting a comment
- 12:46:59 [elena]
- https://github.com/w3c/wot-security/issues/185
- 12:47:17 [elena]
- McCool: do you have any examples where you would want to use object security?
- 12:50:26 [citrullin]
- Sorry, I got a package
- 12:50:26 [elena]
- McCool: somebody needs to think about object security
- 12:52:27 [elena]
- McCool mentions Ben in the issue comment, maybe Ben can also take a look on this
- 12:53:14 [elena]
- McCool: next issue is PR https://github.com/w3c/wot-thing-description/pull/1058
- 12:53:40 [citrullin]
- I wanted to take a look into signing objects. Combining it it with DIDs and a DLT (Hyperledger for example). Taking a look into WebThings is a good idea. Will do that in the future.
- 12:53:44 [elena]
- McCool: this should be ok and hopefully merged soon
- 12:54:29 [elena]
- McCool: PR https://github.com/w3c/wot-security/issues/196 still has some confusion between DoS and DDoS
- 12:54:34 [elena]
- McCool puts a comment there
- 12:56:39 [kaz]
- rrsagent, make log public
- 13:00:49 [kaz]
- rrsagent, draft minutes
- 13:00:49 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/04/12-wot-sec-minutes.html kaz
- 14:34:41 [Zakim]
- Zakim has left #wot-sec