12:04:05 <RRSAgent> RRSAgent has joined #wot-sec
12:04:05 <RRSAgent> logging to https://www.w3.org/2021/05/24-wot-sec-irc
12:04:51 <citrullin> citrullin has joined #wot-sec
12:04:54 <kaz> Meeting: WoT Security
12:05:35 <kaz> present+ Kaz_Ashimura, Michael_McCool, Phlipp_Blum
12:07:30 <Mizushima> Mizushima has joined #wot-sec
12:09:21 <kaz> topic: Minutes
12:09:30 <kaz> -> https://www.w3.org/2021/05/17-wot-sec-minutes.html May-17
12:09:32 <kaz> accepted
12:10:17 <kaz> Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#24_May_2021
12:10:25 <kaz> present+ Tomoaki_Mizushima
12:13:41 <kaz> topic: WoT Security Best Practices
12:14:00 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/9 wot-security-best-practices Issue 9 - Publish as a Note
12:14:18 <kaz> kaz: we've never published the document as an official group Note
12:15:28 <kaz> mm: for the consistency with the GitHub repo's name, we should use "wot-security-best-practices" as the shortname
12:16:01 <kaz> pb: makes sense
12:16:13 <kaz> kaz: right
12:16:55 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/9#issuecomment-847003073 McCool adds comments on the Isue 9
12:17:00 <kaz> s/Isue/Issue/
12:18:09 <kaz> rrsagent, make log public
12:18:14 <kaz> rrsagent, draft minutes
12:18:14 <RRSAgent> I have made the request to generate https://www.w3.org/2021/05/24-wot-sec-minutes.html kaz
12:19:52 <kaz> mm: adds "Call for Resolution to publish update" for Security and Privacy within the June vF2F agenda
12:20:53 <kaz> -> https://www.w3.org/WoT/IG/wiki/F2F_meeting,_June_2021#Proposed_Topics Proposed Topics section of the vF2F wiki
12:22:55 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/9#issuecomment-847006107 another comment on the planning to the Issue 9
12:24:29 <kaz> mm: we need to do some general clean up for the draft
12:24:44 <kaz> -> https://w3c.github.io/wot-security-best-practices/ wot-security-best-practices ED
12:30:15 <kaz> mm: (creates a new issue on secure transport)
12:33:49 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/13 wot-security-best-practices Issue 13 - Update Security Transport
12:34:32 <kaz> mm: need to talk with Ben about what best practice makes sense here
12:36:20 <kaz> ... we basically recommend OAuth2 flow
12:37:36 <kaz> ... (adds some more comments to Issue 5 as well)
12:37:57 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/5 wot-security-best-practices Issue 5 - Recommended OAuth2 flows
12:38:54 <kaz> mm: Section 2.1 of the Best Practices document describes the OAuth2 Flows
12:39:06 <kaz> -> https://w3c.github.io/wot-security-best-practices/#oauth-flows 2.1 OAuth2 Flows
12:40:59 <kaz> mm: (creates another Issue on TD Signatures)
12:41:18 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/13 wot-security-best-practices Issue 14 - TD Signatures
12:46:29 <kaz> mm: in general, the "object security" section is troublesome since we have no direct experience implementing a system with it
12:47:06 <kaz> ... so maybe we should just remove this section for now...
12:47:30 <kaz> -> https://w3c.github.io/wot-security-best-practices/#object-security 4. Object Security
12:48:29 <kaz> kaz: we can leave it as is and add an Editor's Note for the publication of the group Note
12:48:32 <kaz> mm: yeah
12:49:28 <kaz> pb: (also like that idea)
12:50:11 <kaz> mm: regarding the section "5. Secure Update and Post Manufacturing Provisioning"
12:50:37 <kaz> s/"5. Secure Update and Post Manufacturing Provisioning/7. Summary/
12:50:48 <kaz> ... currently it's empty
12:51:34 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/15 wot-security-best-practices Issue 15 - Add or Remove Summary Section
12:51:57 <kaz> mm: and should expand the Acknowledgements section
12:52:32 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/15 wot-security-best-practices Issue 16 - Expand Acknowledgements
12:52:44 <kaz> mm: we're not ready for publishing the document yet
12:53:30 <kaz> ... need more improvement
12:53:46 <kaz> ... (adds some more comments to Issue 5 again)
12:54:24 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/16 McCool's new comments for Issue 5
12:54:58 <kaz> mm: Move the current OAuth2 review into an appendix
12:54:58 <kaz> ... Pull out the pseudo-RFC2119 recommendations into the main body and reword as necessary...
12:55:44 <kaz> ... (and then make the "call for resolution" for security during vF2F to "initial call for resolution")
12:56:30 <kaz> -> https://www.w3.org/WoT/IG/wiki/F2F_meeting,_June_2021#Proposed_Topics Security and Privacy topics within the Proposed Topics section on the vF2F wiki
12:58:26 <kaz> mm: would like to see what the acceptable practices for secure transport
12:58:30 <kaz> [adjourned]
12:58:36 <kaz> rrsagent, draft minutes
12:58:36 <RRSAgent> I have made the request to generate https://www.w3.org/2021/05/24-wot-sec-minutes.html kaz
12:59:07 <kaz> Chair: McCool
12:59:08 <kaz> rrsagent, draft minutes
12:59:08 <RRSAgent> I have made the request to generate https://www.w3.org/2021/05/24-wot-sec-minutes.html kaz
14:39:17 <Zakim> Zakim has left #wot-sec