WoT Security

12 April 2021


Elena_Reshetova, Kaz_Ashimura, Michael_McCol, Philipp_Blum, Tomoaki_Mizushima

Meeting minutes

minutes from March 8


<citrullin> Michael, you are not in the call anymore

minutes accepted

PR 1086 for TD canonicalization

<kaz> PR 1086


<McCool> https://github.com/w3c/wot-security/issues/194 wot-security Issue 194 - Provide guidance on use of OAuth 2 flows

<McCool> ->

McCool: what is the good location for this text? It is currently in use cases

<kaz> s/#oauth|#oauth WoT Use Cases Editor's draft - 5.7.1 OAuth2 Flows|

Philipp: is it the intention of best practices only for recommendation or as must?

McCool: Best Practices are suggestions, but if you want to satisfy a profile, they would be normative

McCool: profiles are normative, so we have to do a capital must

McCool: but we might have to copy assertions to normative profile doc

McCool: what should our recommendations be?

McCool puts possible recommendations to the issue comment

these recommendations should part of security best practices doc

McCool: can anyone volunteer to extract the relevant parts and move it to the Best Practices doc?

McCool: we still have to decide if we publish Best Practices separately

Philipp volunteers

McCool: object security, issue 185, putting a comment


McCool: do you have any examples where you would want to use object security?

<citrullin> Sorry, I got a package

McCool: somebody needs to think about object security

McCool mentions Ben in the issue comment, maybe Ben can also take a look on this

McCool: next issue is PR https://github.com/w3c/wot-thing-description/pull/1058

<citrullin> I wanted to take a look into signing objects. Combining it it with DIDs and a DLT (Hyperledger for example). Taking a look into WebThings is a good idea. Will do that in the future.

McCool: this should be ok and hopefully merged soon

McCool: PR https://github.com/w3c/wot-security/issues/196 still has some confusion between DoS and DDoS

McCool puts a comment there

Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).