WoT Security

<kaz> vF2F minutes

Minutes

<kaz> May-31

Meeting minutes of last WoT Security call are reviewed

Some tweaks are identified

No objections => minutes will be published

<kaz> (typo fixed)

F2F meeting review

<kaz> vF2F minutes

Follow-ups needed for several items discussed at F2F

This includes canoncalization&signing and localizer improvements

Wording changes for the F2F minutes were identified

Security section of the F2F minutes are regarded and marked as 'reviewed'

<McCool> https://github.com/w3c/wot/blob/main/PRESENTATIONS/2021-06-online-f2f/2021-06-30-WoT-F2F-Security-McCool.pdf

<McCool> https://github.com/w3c/wot-thing-description/pull/1151

Above F2F presentation and PR were considered again and discussed

Design rationale behind TD Signatures was reviewed: i. signature object is JWS ii. signature algs are JWA plus its ECC add-ons iii. pre-sign/verify transform is extended 'extended canoncaliztion' iv. key identification model is profiled/sub-setted

Next step: closer review (@Oliver)

Discussed https://github.com/w3c/wot-security-best-practices/issues/13 next

<kaz> Issue 13 - Update Secure Transport

Philipp will provide initial input for this issue in a PR

Vacation schedule was discussed

Signing and Best Practices should get updates before the end of July

<McCool> https://pr-preview.s3.amazonaws.com/mmccool/wot-architecture/pull/602.html

<kaz> wot-thing-description PR 602 - Refactor TD/Discovery Material in Section 8

Reviews needed - from a security perspective - for the above mentioned WoT Architecture document. Task gets first assigned to Philipp

Meeting closed