12:03:48 RRSAgent has joined #wot-sec 12:03:48 logging to https://www.w3.org/2021/05/10-wot-sec-irc 12:03:55 meeting: WoT Security 12:04:24 rerets: Oliver, Cristiano 12:04:36 present+ Kaz_Ashimura, Michael_McCool, Philipp_Blum 12:05:59 Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#10_May_2021 12:11:23 present+ Tomoaki_Mizushima 12:15:43 topic: TD Issue 940 12:16:06 -> https://github.com/w3c/wot-thing-description/issues/940 wot-thing-description Issue 940 - Add optional proof section to TDs 12:16:16 mm: (adds comments) 12:17:06 -> https://github.com/w3c/wot-thing-description/issues/940#issuecomment-836625186 McCool's comments 12:18:32 mm: LD-Proofs seem like to using URLs, which is problematic for us. 12:18:51 pb: Can we influence this? So that we can also use their standard? 12:21:31 s/rerets:/regrets:/ 12:21:38 topic: Prev minutes 12:22:28 -> https://www.w3.org/2021/05/03-wot-sec-minutes.html May-03 12:22:36 mm: (goes through the minutes) 12:27:27 approved 12:27:52 topic: Signing 12:29:13 mm: have to reverse the alias... 12:29:26 ... have to figure out how to handle the names 12:30:26 ... discussions around TD issue 940 12:30:49 -> https://github.com/w3c/wot-thing-description/issues/940#issuecomment-836625186 wot-thing-description issue 940 (McCool's latest comments) 12:31:28 mm: note that there is discussion on a new proposed group on Liked Data Signature 12:32:05 -> https://github.com/w3c/strategy/issues/262 Strategy Issue 262 - Linked Data Signature Charter proposal 12:33:18 mm: it would take long time to resolve it 12:33:36 ... need some signing mechanism 12:34:53 ... any opinions? 12:35:30 pb: JSON Web Signature heavily used 12:35:56 -> https://github.com/w3c/wot-security/issues/166 Issue 166 - Add integrity protection (proof section) to TDs 12:36:13 pb: SHA256 AES and ECSDA 12:37:11 mm: SHA256 is a HASH mechanism. right? 12:37:52 s/ECSDA/ECDSA/ 12:38:06 pb: yes 12:38:51 -> https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm ECDSA (wikipedia) 12:40:26 mm: Michael Lagally will look into those points 12:41:03 ... what would be the requirements? 12:43:22 -> https://www.w3.org/TR/security-privacy-questionnaire/ Self-Review Questionnaire: Security and Privacy 12:44:18 i/what would be the/topic: Use Case Questionnaire/ 12:45:15 i|what would be|-> https://github.com/w3c/wot-security/issues/168 Issue 168 - Add "Security and Privacy Considerations" to all use cases (or requirements)| 12:45:50 mm: need some brainstorming 12:47:50 ... (provides a list of possible points on the GitHub comment) 12:53:58 -> @@@ 12:54:32 mm: let's see the questions on the self-review questionnaire 12:54:39 ... (goes through the questions) 12:55:30 -> https://www.w3.org/TR/security-privacy-questionnaire/#questions Self-Review Questionnaire: Security and Privacy - "2. Questions to Consider" 12:58:04 s|@@@|https://github.com/w3c/wot-security/issues/168#issuecomment-836667052 McCool's comments| 12:58:31 pb: what about OAuth2 topics? 12:58:53 ... would it be OK if I create a PR? 12:58:57 mm: yeah 12:59:18 ... OAuth2 is a way to manage security 12:59:55 pb: another question on Signature 13:00:12 mm: we still need to see the proposed Charter, etc. 13:02:21 kaz: we as the WoT as a whole should think about liaison with that group 13:02:23 mm: right 13:02:26 [adjourned] 13:02:34 rrsagent, make log public 13:02:41 rrsagent, draft minutes 13:02:41 I have made the request to generate https://www.w3.org/2021/05/10-wot-sec-minutes.html kaz 13:39:47 zkis has joined #wot-sec 14:07:10 Mizushima has left #wot-sec