12:03:04 <RRSAgent> RRSAgent has joined #wot-sec
12:03:04 <RRSAgent> logging to https://www.w3.org/2021/04/12-wot-sec-irc
12:07:25 <kaz> Meeting: WoT Security
12:07:45 <kaz> present+ Kaz_Ashimura, Michael_McCol, Elena_Reshetova, Philipp_Blum
12:07:54 <kaz> scribenick: elena
12:08:09 <elena> topic: minutes from March 8
12:08:23 <elena> https://www.w3.org/2021/03/08-wot-sec-minutes.html
12:09:29 <kaz> s/https/-> https/
12:09:35 <kaz> s/html/html March-8
12:09:42 <kaz> present+ Tomoaki_Mizushima
12:11:25 <citrullin> Michael, you are not in the call anymore
12:14:07 <zkis2> zkis2 has joined #wot-sec
12:26:12 <elena> minutes accepted
12:26:29 <McCool> https://github.com/w3c/wot-thing-description/pull/1086
12:26:31 <elena> topic: PR for TD canonicalization
12:26:57 <kaz> s|https://github.com/w3c/wot-thing-description/pull/1086||
12:27:03 <kaz> -> https://github.com/w3c/wot-thing-description/pull/1086 PR 1086
12:27:34 <kaz> s/PR for/PR 1086 for/
12:27:53 <elena> topic: issues
12:27:58 <McCool> https://github.com/w3c/wot-security/issues/194
12:28:11 <McCool> https://w3c.github.io/wot-usecases/#oauth
12:30:07 <elena> McCool: what is the good location for this text? It is currently in use cases
12:30:34 <kaz> s|https|-> https|
12:30:36 <kaz> s|https|-> https|
12:31:19 <kaz> s/#oauth|#oauth WoT Use Cases Editor's draft - 5.7.1 OAuth2 Flows|
12:31:34 <elena> Philipp: is it the intention of best practices only for recommendation or as must?
12:32:07 <elena> McCool: Best Practices are suggestions, but if you want to satisfy a profile, they would be normative
12:32:22 <kaz> s/194/194 wot-security Issue 194 - Provide guidance on use of OAuth 2 flows/
12:33:03 <elena> McCool: profiles are normative, so we have to do a capital must
12:33:55 <elena> McCool: but we might have to copy assertions to normative profile doc
12:34:30 <elena> McCool: what should our recommendations be?
12:36:34 <elena> McCool puts possible recommendations to the issue comment
12:39:27 <elena> these recommendations should part of security best practices doc
12:40:24 <elena> McCool: can anyone volunteer to extract the relevant parts and move it to the Best Practices doc?
12:40:49 <elena> McCool: we still have to decide if we publish Best Practices separately
12:43:08 <elena> Philipp volunteers
12:46:34 <elena> McCool: object security, issue 185, putting a comment
12:46:59 <elena> https://github.com/w3c/wot-security/issues/185
12:47:17 <elena> McCool: do you have any examples where you would want to use object security?
12:50:26 <citrullin> Sorry, I got a package
12:50:26 <elena> McCool: somebody needs to think about object security
12:52:27 <elena> McCool mentions Ben in the issue comment, maybe Ben can also take a look on this
12:53:14 <elena> McCool: next issue is PR https://github.com/w3c/wot-thing-description/pull/1058
12:53:40 <citrullin> I wanted to take a look into signing objects. Combining it it with DIDs and a DLT (Hyperledger for example). Taking a look into WebThings is a good idea. Will do that in the future.
12:53:44 <elena> McCool: this should be ok and hopefully merged soon
12:54:29 <elena> McCool: PR https://github.com/w3c/wot-security/issues/196 still has some confusion between DoS and DDoS
12:54:34 <elena> McCool puts a comment there
12:56:39 <kaz> rrsagent, make log public
13:00:49 <kaz> rrsagent, draft minutes
13:00:49 <RRSAgent> I have made the request to generate https://www.w3.org/2021/04/12-wot-sec-minutes.html kaz
14:34:41 <Zakim> Zakim has left #wot-sec