WoT Security – 24 May 2021

McCool: need to talk with Ben about what best practice makes sense here
… we basically recommend OAuth2 flow
… (adds some more comments to Issue 5 as well)

wot-security-best-practices Issue 5 - Recommended OAuth2 flows

McCool: Section 2.1 of the Best Practices document describes the OAuth2 Flows

2.1 OAuth2 Flows

McCool: (creates another Issue on TD Signatures)

wot-security-best-practices Issue 14 - TD Signatures

McCool: in general, the "object security" section is troublesome since we have no direct experience implementing a system with it
… so maybe we should just remove this section for now...

4. Object Security

Kaz: we can leave it as is and add an Editor's Note for the publication of the group Note

McCool: yeah

Philipp: (also like that idea)

McCool: regarding the section 7. Summary"
… currently it's empty

wot-security-best-practices Issue 15 - Add or Remove Summary Section

McCool: and should expand the Acknowledgements section

wot-security-best-practices Issue 16 - Expand Acknowledgements

McCool: we're not ready for publishing the document yet
… need more improvement
… (adds some more comments to Issue 5 again)

McCool's new comments for Issue 5

McCool: Move the current OAuth2 review into an appendix
… Pull out the pseudo-RFC2119 recommendations into the main body and reword as necessary...
… (and then make the "call for resolution" for security during vF2F to "initial call for resolution")

Security and Privacy topics within the Proposed Topics section on the vF2F wiki

McCool: would like to see what the acceptable practices for secure transport

[adjourned]

– DRAFT –
WoT Security

24 May 2021

Attendees

Meeting minutes

Minutes

WoT Security Best Practices