IRC log of wot-sec on 2021-05-24
Timestamps are in UTC.
- 12:04:05 [RRSAgent]
- RRSAgent has joined #wot-sec
- 12:04:05 [RRSAgent]
- logging to https://www.w3.org/2021/05/24-wot-sec-irc
- 12:04:51 [citrullin]
- citrullin has joined #wot-sec
- 12:04:54 [kaz]
- Meeting: WoT Security
- 12:05:35 [kaz]
- present+ Kaz_Ashimura, Michael_McCool, Phlipp_Blum
- 12:07:30 [Mizushima]
- Mizushima has joined #wot-sec
- 12:09:21 [kaz]
- topic: Minutes
- 12:09:30 [kaz]
- -> https://www.w3.org/2021/05/17-wot-sec-minutes.html May-17
- 12:09:32 [kaz]
- accepted
- 12:10:17 [kaz]
- Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#24_May_2021
- 12:10:25 [kaz]
- present+ Tomoaki_Mizushima
- 12:13:41 [kaz]
- topic: WoT Security Best Practices
- 12:14:00 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/9 wot-security-best-practices Issue 9 - Publish as a Note
- 12:14:18 [kaz]
- kaz: we've never published the document as an official group Note
- 12:15:28 [kaz]
- mm: for the consistency with the GitHub repo's name, we should use "wot-security-best-practices" as the shortname
- 12:16:01 [kaz]
- pb: makes sense
- 12:16:13 [kaz]
- kaz: right
- 12:16:55 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/9#issuecomment-847003073 McCool adds comments on the Isue 9
- 12:17:00 [kaz]
- s/Isue/Issue/
- 12:18:09 [kaz]
- rrsagent, make log public
- 12:18:14 [kaz]
- rrsagent, draft minutes
- 12:18:14 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/05/24-wot-sec-minutes.html kaz
- 12:19:52 [kaz]
- mm: adds "Call for Resolution to publish update" for Security and Privacy within the June vF2F agenda
- 12:20:53 [kaz]
- -> https://www.w3.org/WoT/IG/wiki/F2F_meeting,_June_2021#Proposed_Topics Proposed Topics section of the vF2F wiki
- 12:22:55 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/9#issuecomment-847006107 another comment on the planning to the Issue 9
- 12:24:29 [kaz]
- mm: we need to do some general clean up for the draft
- 12:24:44 [kaz]
- -> https://w3c.github.io/wot-security-best-practices/ wot-security-best-practices ED
- 12:30:15 [kaz]
- mm: (creates a new issue on secure transport)
- 12:33:49 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/13 wot-security-best-practices Issue 13 - Update Security Transport
- 12:34:32 [kaz]
- mm: need to talk with Ben about what best practice makes sense here
- 12:36:20 [kaz]
- ... we basically recommend OAuth2 flow
- 12:37:36 [kaz]
- ... (adds some more comments to Issue 5 as well)
- 12:37:57 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/5 wot-security-best-practices Issue 5 - Recommended OAuth2 flows
- 12:38:54 [kaz]
- mm: Section 2.1 of the Best Practices document describes the OAuth2 Flows
- 12:39:06 [kaz]
- -> https://w3c.github.io/wot-security-best-practices/#oauth-flows 2.1 OAuth2 Flows
- 12:40:59 [kaz]
- mm: (creates another Issue on TD Signatures)
- 12:41:18 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/13 wot-security-best-practices Issue 14 - TD Signatures
- 12:46:29 [kaz]
- mm: in general, the "object security" section is troublesome since we have no direct experience implementing a system with it
- 12:47:06 [kaz]
- ... so maybe we should just remove this section for now...
- 12:47:30 [kaz]
- -> https://w3c.github.io/wot-security-best-practices/#object-security 4. Object Security
- 12:48:29 [kaz]
- kaz: we can leave it as is and add an Editor's Note for the publication of the group Note
- 12:48:32 [kaz]
- mm: yeah
- 12:49:28 [kaz]
- pb: (also like that idea)
- 12:50:11 [kaz]
- mm: regarding the section "5. Secure Update and Post Manufacturing Provisioning"
- 12:50:37 [kaz]
- s/"5. Secure Update and Post Manufacturing Provisioning/7. Summary/
- 12:50:48 [kaz]
- ... currently it's empty
- 12:51:34 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/15 wot-security-best-practices Issue 15 - Add or Remove Summary Section
- 12:51:57 [kaz]
- mm: and should expand the Acknowledgements section
- 12:52:32 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/15 wot-security-best-practices Issue 16 - Expand Acknowledgements
- 12:52:44 [kaz]
- mm: we're not ready for publishing the document yet
- 12:53:30 [kaz]
- ... need more improvement
- 12:53:46 [kaz]
- ... (adds some more comments to Issue 5 again)
- 12:54:24 [kaz]
- -> https://github.com/w3c/wot-security-best-practices/issues/16 McCool's new comments for Issue 5
- 12:54:58 [kaz]
- mm: Move the current OAuth2 review into an appendix
- 12:54:58 [kaz]
- ... Pull out the pseudo-RFC2119 recommendations into the main body and reword as necessary...
- 12:55:44 [kaz]
- ... (and then make the "call for resolution" for security during vF2F to "initial call for resolution")
- 12:56:30 [kaz]
- -> https://www.w3.org/WoT/IG/wiki/F2F_meeting,_June_2021#Proposed_Topics Security and Privacy topics within the Proposed Topics section on the vF2F wiki
- 12:58:26 [kaz]
- mm: would like to see what the acceptable practices for secure transport
- 12:58:30 [kaz]
- [adjourned]
- 12:58:36 [kaz]
- rrsagent, draft minutes
- 12:58:36 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/05/24-wot-sec-minutes.html kaz
- 12:59:07 [kaz]
- Chair: McCool
- 12:59:08 [kaz]
- rrsagent, draft minutes
- 12:59:08 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/05/24-wot-sec-minutes.html kaz
- 14:39:17 [Zakim]
- Zakim has left #wot-sec