IRC log of wot-sec on 2021-05-10

Timestamps are in UTC.

12:03:48 [RRSAgent]
RRSAgent has joined #wot-sec
12:03:48 [RRSAgent]
logging to https://www.w3.org/2021/05/10-wot-sec-irc
12:03:55 [kaz]
meeting: WoT Security
12:04:24 [kaz]
rerets: Oliver, Cristiano
12:04:36 [kaz]
present+ Kaz_Ashimura, Michael_McCool, Philipp_Blum
12:05:59 [kaz]
Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#10_May_2021
12:11:23 [kaz]
present+ Tomoaki_Mizushima
12:15:43 [kaz]
topic: TD Issue 940
12:16:06 [kaz]
-> https://github.com/w3c/wot-thing-description/issues/940 wot-thing-description Issue 940 - Add optional proof section to TDs
12:16:16 [kaz]
mm: (adds comments)
12:17:06 [kaz]
-> https://github.com/w3c/wot-thing-description/issues/940#issuecomment-836625186 McCool's comments
12:18:32 [citrullin]
mm: LD-Proofs seem like to using URLs, which is problematic for us.
12:18:51 [citrullin]
pb: Can we influence this? So that we can also use their standard?
12:21:31 [kaz]
s/rerets:/regrets:/
12:21:38 [kaz]
topic: Prev minutes
12:22:28 [kaz]
-> https://www.w3.org/2021/05/03-wot-sec-minutes.html May-03
12:22:36 [kaz]
mm: (goes through the minutes)
12:27:27 [kaz]
approved
12:27:52 [kaz]
topic: Signing
12:29:13 [kaz]
mm: have to reverse the alias...
12:29:26 [kaz]
... have to figure out how to handle the names
12:30:26 [kaz]
... discussions around TD issue 940
12:30:49 [kaz]
-> https://github.com/w3c/wot-thing-description/issues/940#issuecomment-836625186 wot-thing-description issue 940 (McCool's latest comments)
12:31:28 [kaz]
mm: note that there is discussion on a new proposed group on Liked Data Signature
12:32:05 [kaz]
-> https://github.com/w3c/strategy/issues/262 Strategy Issue 262 - Linked Data Signature Charter proposal
12:33:18 [kaz]
mm: it would take long time to resolve it
12:33:36 [kaz]
... need some signing mechanism
12:34:53 [kaz]
... any opinions?
12:35:30 [kaz]
pb: JSON Web Signature heavily used
12:35:56 [kaz]
-> https://github.com/w3c/wot-security/issues/166 Issue 166 - Add integrity protection (proof section) to TDs
12:36:13 [kaz]
pb: SHA256 AES and ECSDA
12:37:11 [kaz]
mm: SHA256 is a HASH mechanism. right?
12:37:52 [kaz]
s/ECSDA/ECDSA/
12:38:06 [kaz]
pb: yes
12:38:51 [kaz]
-> https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm ECDSA (wikipedia)
12:40:26 [kaz]
mm: Michael Lagally will look into those points
12:41:03 [kaz]
... what would be the requirements?
12:43:22 [kaz]
-> https://www.w3.org/TR/security-privacy-questionnaire/ Self-Review Questionnaire: Security and Privacy
12:44:18 [kaz]
i/what would be the/topic: Use Case Questionnaire/
12:45:15 [kaz]
i|what would be|-> https://github.com/w3c/wot-security/issues/168 Issue 168 - Add "Security and Privacy Considerations" to all use cases (or requirements)|
12:45:50 [kaz]
mm: need some brainstorming
12:47:50 [kaz]
... (provides a list of possible points on the GitHub comment)
12:53:58 [kaz]
-> @@@
12:54:32 [kaz]
mm: let's see the questions on the self-review questionnaire
12:54:39 [kaz]
... (goes through the questions)
12:55:30 [kaz]
-> https://www.w3.org/TR/security-privacy-questionnaire/#questions Self-Review Questionnaire: Security and Privacy - "2. Questions to Consider"
12:58:04 [kaz]
s|@@@|https://github.com/w3c/wot-security/issues/168#issuecomment-836667052 McCool's comments|
12:58:31 [kaz]
pb: what about OAuth2 topics?
12:58:53 [kaz]
... would it be OK if I create a PR?
12:58:57 [kaz]
mm: yeah
12:59:18 [kaz]
... OAuth2 is a way to manage security
12:59:55 [kaz]
pb: another question on Signature
13:00:12 [kaz]
mm: we still need to see the proposed Charter, etc.
13:02:21 [kaz]
kaz: we as the WoT as a whole should think about liaison with that group
13:02:23 [kaz]
mm: right
13:02:26 [kaz]
[adjourned]
13:02:34 [kaz]
rrsagent, make log public
13:02:41 [kaz]
rrsagent, draft minutes
13:02:41 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/05/10-wot-sec-minutes.html kaz
13:39:47 [zkis]
zkis has joined #wot-sec
14:07:10 [Mizushima]
Mizushima has left #wot-sec