11:02:45 RRSAgent has joined #wot-sec 11:02:45 logging to https://www.w3.org/2021/08/30-wot-sec-irc 11:02:54 meeting: WoT Scripting API 11:03:15 present+ Kaz_Ashimura, Daniel_Peintner 11:03:19 chair: Daniel 11:06:04 present+ Cristiano_Aguzzi 11:07:31 Agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Scripting_API_WebConf#30_August_2021 11:07:33 scribenick: kaz 11:07:38 topic: Minutes 11:07:49 -> https://www.w3.org/2021/08/23-wot-script-minutes.html Aug-23 11:08:00 dp: (goes through the minutes 11:08:06 s/minutes/minutes)/ 11:08:19 present+ Tomoaki_Mizushima, Zoltan_Kis 11:08:46 dp: approved and will be published 11:09:03 topic: PRs 11:09:30 -> https://github.com/w3c/wot-scripting-api/pull/332 PR 332 11:14:09 ============== 11:14:37 s/meeting: WoT Scripting API/meeting: WoT Security/ 11:15:10 present: 11:15:16 rrsagent, make log public 11:15:21 rrsagent, draft minutes 11:15:21 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 12:02:17 citrullin has joined #wot-sec 12:02:30 Mizushima has joined #wot-sec 12:03:03 rrsagent, draft minutes 12:03:03 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 12:03:50 Chair: McCool 12:03:52 rrsagent, draft minutes 12:03:52 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 12:04:17 s|-> https://github.com/w3c/wot-scripting-api/pull/332 PR 332|| 12:05:45 present: Kaz_Ashimura, Michael_McCool, Philipp_Blum 12:05:48 rrsagent, draft minutes 12:05:48 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 12:06:04 s/dp: (goes through the minutes)// 12:06:13 a/dp: approved and will be published// 12:06:22 s/topic: PRs// 12:06:37 s|-> https://github.com/w3c/wot-scripting-api/pull/332 PR 332|| 12:06:47 s|==============|| 12:06:50 rrsagent, draft minutes 12:06:50 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 12:07:04 McCool has joined #wot-sec 12:07:24 s|a/dp: approved and will be published//|| 12:07:39 s/dp: approved and will be published// 12:07:43 rrsagent, draft minutes 12:07:43 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 12:08:04 present+ Tomoaki_Mizushima 12:10:00 topic: Review minutes 12:10:19 s/topic: Minutes// 12:11:09 -> https://www.w3.org/2021/07/26-wot-sec-minutes.html July-26 12:11:24 rrsagent, draft minutes 12:11:24 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 12:13:13 mc: Minutes are reasonable. Any objections publishing them? 12:13:19 No objections 12:14:29 topic: Cleaning up issues and PRs 12:16:21 s|https://www.w3.org/WoT/IG/wiki/WG_WoT_Scripting_API_WebConf#30_August_2021|https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#30_August_2021| 12:16:26 rrsagent, draft minutes 12:16:26 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 12:17:07 subtopic: Issue 16 12:17:25 -> https://github.com/w3c/wot-security-best-practices/issues/16 Issue 16 - Expand Acknowledgements| 12:18:12 ("PR needed" label added) 12:18:22 subtopic: Issue 14 12:18:40 -> https://github.com/w3c/wot-security-best-practices/issues/14 Issue 14 - TD Signatures and Object Security 12:19:35 mc adds comment and assignes Oliver Pfaff. 12:26:31 subtopic: Issue 13 12:26:32 -> https://github.com/w3c/wot-security-best-practices/issues/13 Issue 13 - Update Secure Local Transport| 12:27:42 mc adds comments to issue 13. 12:29:24 -> https://www.w3.org/TR/2021/PR-did-core-20210803/ FYI, Decentralized Identifiers (DIDs) v1.0 is now a Proposed REC 12:33:02 mc: Did is a proposal, which is solid and we can use it. Problem is only that not all did methods are secure enough. 12:33:08 pb: can't we mention some properties which have to fulfilled in order to be secure enough for our purposes? 12:33:17 mc: That is a reasonable point. Can you look into the local security topic? 12:33:31 mc adds a comment to the issue. 12:34:47 q+ 12:35:21 -> https://w3c.github.io/did-test-suite/ DID implementation report 12:39:45 mc: Since not all implementations are supported, pointing out the feature needed is a good idea here. The did:key method is, as far as I know, just a simple local implementation which we might be able to use for this purpose. 12:39:50 https://w3c-ccg.github.io/did-method-web/ 12:41:00 mc: Let's study this. 12:42:53 s/Since not all implementations are supported,/Not all implementations support all feature./ 12:44:43 topic: Issue 11 12:44:54 -> https://github.com/w3c/wot-security-best-practices/issues/11 Issue 11 - Define interpretation of MUST, SHOULD 12:46:05 -> https://github.com/w3c/wot-security-best-practices/issues/5 related Issue 5 - Recommended OAuth2 flows 12:46:44 mc adds a comment to Issue 5 12:46:54 -> https://github.com/w3c/wot-security-best-practices/issues/5#issuecomment-908312346 McCool's comment 12:47:18 topic: Issue 9 12:47:22 mc: We should focus on key distribution, TD signing and local security. That would be major step forward. 12:47:55 i|TD si|-> https://github.com/w3c/wot-security-best-practices/issues/9 Issue 9|Publish as a Note| 12:49:40 mc: as a start cleaning up oAuth is good. 12:50:37 mc: pb, it would be good, if you can do take a look into the did part. So we can describe the problem and some potential solutions. 12:50:45 pb: I will take a look into it. 12:51:14 s/oAuth/OAuth/ 12:54:47 [adjourned] 12:54:56 rrsagent, draft minutes 12:54:56 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html kaz 13:36:32 scribe: citrullin 13:36:36 rrsagent, draft minutes 13:36:36 I have made the request to generate https://www.w3.org/2021/08/30-wot-sec-minutes.html citrullin 14:37:09 Zakim has left #wot-sec