IRC log of wot-sec on 2021-04-12

Timestamps are in UTC.

12:03:04 [RRSAgent]
RRSAgent has joined #wot-sec
12:03:04 [RRSAgent]
logging to
12:07:25 [kaz]
Meeting: WoT Security
12:07:45 [kaz]
present+ Kaz_Ashimura, Michael_McCol, Elena_Reshetova, Philipp_Blum
12:07:54 [kaz]
scribenick: elena
12:08:09 [elena]
topic: minutes from March 8
12:08:23 [elena]
12:09:29 [kaz]
s/https/-> https/
12:09:35 [kaz]
s/html/html March-8
12:09:42 [kaz]
present+ Tomoaki_Mizushima
12:11:25 [citrullin]
Michael, you are not in the call anymore
12:14:07 [zkis2]
zkis2 has joined #wot-sec
12:26:12 [elena]
minutes accepted
12:26:29 [McCool]
12:26:31 [elena]
topic: PR for TD canonicalization
12:26:57 [kaz]
12:27:03 [kaz]
-> PR 1086
12:27:34 [kaz]
s/PR for/PR 1086 for/
12:27:53 [elena]
topic: issues
12:27:58 [McCool]
12:28:11 [McCool]
12:30:07 [elena]
McCool: what is the good location for this text? It is currently in use cases
12:30:34 [kaz]
s|https|-> https|
12:30:36 [kaz]
s|https|-> https|
12:31:19 [kaz]
s/#oauth|#oauth WoT Use Cases Editor's draft - 5.7.1 OAuth2 Flows|
12:31:34 [elena]
Philipp: is it the intention of best practices only for recommendation or as must?
12:32:07 [elena]
McCool: Best Practices are suggestions, but if you want to satisfy a profile, they would be normative
12:32:22 [kaz]
s/194/194 wot-security Issue 194 - Provide guidance on use of OAuth 2 flows/
12:33:03 [elena]
McCool: profiles are normative, so we have to do a capital must
12:33:55 [elena]
McCool: but we might have to copy assertions to normative profile doc
12:34:30 [elena]
McCool: what should our recommendations be?
12:36:34 [elena]
McCool puts possible recommendations to the issue comment
12:39:27 [elena]
these recommendations should part of security best practices doc
12:40:24 [elena]
McCool: can anyone volunteer to extract the relevant parts and move it to the Best Practices doc?
12:40:49 [elena]
McCool: we still have to decide if we publish Best Practices separately
12:43:08 [elena]
Philipp volunteers
12:46:34 [elena]
McCool: object security, issue 185, putting a comment
12:46:59 [elena]
12:47:17 [elena]
McCool: do you have any examples where you would want to use object security?
12:50:26 [citrullin]
Sorry, I got a package
12:50:26 [elena]
McCool: somebody needs to think about object security
12:52:27 [elena]
McCool mentions Ben in the issue comment, maybe Ben can also take a look on this
12:53:14 [elena]
McCool: next issue is PR
12:53:40 [citrullin]
I wanted to take a look into signing objects. Combining it it with DIDs and a DLT (Hyperledger for example). Taking a look into WebThings is a good idea. Will do that in the future.
12:53:44 [elena]
McCool: this should be ok and hopefully merged soon
12:54:29 [elena]
McCool: PR still has some confusion between DoS and DDoS
12:54:34 [elena]
McCool puts a comment there
12:56:39 [kaz]
rrsagent, make log public
13:00:49 [kaz]
rrsagent, draft minutes
13:00:49 [RRSAgent]
I have made the request to generate kaz
14:34:41 [Zakim]
Zakim has left #wot-sec