12:02:02 <RRSAgent> RRSAgent has joined #wot-sec
12:02:02 <RRSAgent> logging to https://www.w3.org/2021/09/20-wot-sec-irc
12:05:58 <kaz> meeting: WoT Security
12:06:10 <kaz> present+ Kaz_Ashimura, Michael_McCool Philipp_Blum
12:06:19 <kaz> present+ Tomoaki_Mizushima
12:06:25 <kaz> topic: Preliminary
12:06:46 <kaz> mm: would ancel the calls during Plugfest and vF2F weeks
12:07:29 <kaz> -> https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Cancellations meeting cancellations
12:07:37 <kaz> topic: Minutes
12:08:02 <kaz> -> https://www.w3.org/2021/09/13-wot-sec-minutes.html Sep-13
12:08:51 <kaz> mm: detailed issues on signature?
12:08:55 <kaz> kaz: on TD issue 1151
12:09:06 <kaz> -> https://github.com/w3c/wot-thing-description/pull/1151 TD Issue 1151
12:09:12 <McCool> McCool has joined #wot-sec
12:09:16 <McCool> https://github.com/w3c/wot-thing-description/pull/1151#issuecomment-913621245
12:09:55 <kaz> [[
12:09:56 <kaz> (Kaz) Set up a repo for the new document. Something generic like enveloped-json-signatures; note, not associated with wot. If using wot prefix is required, then it can be wot-enveloped-json-signatures (or how about wot-ejs, since will be easier to share).
12:09:56 <kaz> (McCool) Extract the current spec for signatures and put it in a separate document. Will just copy the TD spec, delete everything not related to signatures, make it a W3C (Draft) Note, etc.
12:09:56 <kaz> (McCool) Cleanup, following Oliver's suggestions. In particular, relate explicitly to XML Signatures and JWS, explain motivation, put in tables to compare and map features, etc.
12:10:00 <kaz> (Kaz, McCool) Reach out to W3C TAG to discuss.
12:10:02 <kaz> (Oliver, McCool) Reach out to IETF, JOSE/COSE/JWS community to get alignment, and converge on a standard. IETF 112 is Nov 6-12, and/or we could invite someone (Carsten Bormann would be good to reach out to) to our F2F.
12:10:05 <kaz> We still want implementations for IETF "working code" process. Need at least one to drive discussion at IETF, two if we want to proceed to a W3C REC. Two would be a good idea to test interop even if doing an IETF RFC.
12:10:08 <kaz> Discuss (e.g. at F2F) whether this should go into our next WoT WG charter. McCool's opinion: not critical to be in our charter if our goal is to make it an IETF RFC that we can just cite, then our only action will be to cite it for TD 2.0. For TD 1.x it would be optional/experimental and invokable by using an extension vocabulary.
12:10:12 <kaz> ]]
12:10:14 <kaz> mm: Kaz did one
12:10:16 <kaz> ... myself did 2
12:10:18 <kaz> s/one/1/
12:11:23 <kaz> mm: (creates another issue on wot-ejs itself)
12:12:29 <kaz> -> https://github.com/w3c/wot-ejs/issues/6 wot-ejs Issue 6 - Cleanup (referring to the TD Issue 1151's action items)
12:12:43 <kaz> mm: (continues to review the prev minutes)
12:12:51 <zkis> zkis has joined #wot-sec
12:13:45 <kaz> ... minutes seem to be fine
12:13:51 <kaz> ... any objections?
12:14:34 <McCool> change "contribution" to "contribution to wot-security-best-practices acks"
12:16:07 <kaz> (the above clarification added)
12:16:14 <kaz> and minutes approved
12:16:50 <kaz> topic: Best Practices document
12:17:11 <kaz> -> https://github.com/w3c/wot-security-best-practices/pull/25 PR 25 - Add content to Acks
12:17:36 <kaz> mm: (goes through the PR)
12:17:59 <kaz> ... reasonably accurate
12:18:06 <citrullin> Philipp-Alexander Blum
12:18:32 <kaz> pb: to be strict, my official name is "Philipp_Alexander" :)
12:18:34 <kaz> mm: ok
12:19:31 <kaz> ... fixed
12:19:58 <kaz> ... and merged
12:20:57 <kaz> topic: DID-related issues
12:21:15 <kaz> mm: added "DID" label to Issue 14 and 13
12:21:30 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/14 Issue 14 - TD Signatures, Key Management, and Object Security
12:21:59 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/13 Issue 13 - Update Secure Local Transport
12:23:03 <kaz> -> https://github.com/w3c/wot/issues/982 related wot issue 982 - Joint call with DID
12:23:08 <zkis_> zkis_ has joined #wot-sec
12:23:15 <kaz> mm: would discuss those points during the joint call at TPAC
12:24:25 <kaz> ... any other groups for security discussion?
12:24:32 <kaz> kaz: not specifically
12:25:01 <kaz> ... had a chat with Ajitomo-san and Igarashi-san as the co-Chairs of the HTTP Local CG
12:25:25 <kaz> ... they were also interested in this topic, though they didn't think a separate meeting with the CG would be needed
12:25:50 <kaz> mm: ok
12:26:54 <kaz> topic: Signature
12:26:59 <kaz> -> https://github.com/w3c/wot-ejs wot-ejs repo
12:27:08 <kaz> mm: have updated the repo
12:27:16 <kaz> ... GH pages is also available now
12:27:51 <kaz> -> https://w3c.github.io/wot-ejs/ GH page version
12:29:02 <kaz> mm: there is a vocabulary
12:29:14 <kaz> ... and processing procedure
12:29:53 <kaz> ... wondering about "canonical TD" at step 4 and 5
12:30:24 <kaz> ... the Acknowledgements section has Ege and Oliver
12:30:37 <kaz> s/Oliver/Oliver now/
12:31:01 <kaz> .. will ad Philipp
12:31:06 <kaz> s/ad /add /
12:31:44 <kaz> -> https://github.com/w3c/wot-ejs/issues/7 Issue 7 - Update Acks (to include Philipp-Alexander)
12:32:25 <kaz> mm: also context URL to be defined
12:32:43 <kaz> -> https://github.com/w3c/wot-ejs/issues/8 Issue 8 - Define context URL
12:33:50 <kaz> topic: Best Practices (revisited)
12:34:12 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/13 Issue 13 - Update Secure Local Transport
12:34:47 <kaz> mm: looked at the DID Test Suite
12:34:55 <kaz> -> https://w3c.github.io/did-test-suite/ DID Test Suite
12:35:15 <kaz> mm: which methods listed here would make sense for WoT
12:35:43 <kaz> pb: would get suggestions from the DID WG guys
12:36:29 <kaz> -> https://w3c.github.io/did-test-suite/#implementation-summary 4.3 Summary by Method Implementation
12:38:13 <kaz> topic: Signature (revisited)
12:38:32 <kaz> -> https://github.com/w3c/wot-ejs/issues/5 Issue 5 - Consider extending to also supporting enveloping signatures
12:39:32 <kaz> mm: change the title to "Extended JSON Signature", etc.?
12:42:11 <kaz> ... would suggest "Embedded JSON Signature"
12:42:29 <kaz> ... (adds an example code on Issue 5)
12:48:32 <kaz> q+
12:49:24 <kaz> -> https://github.com/w3c/wot-ejs/issues/5#issuecomment-922896640 McCool's comments including example codes
12:54:15 <kaz> mm: (adds clarification that for TD, we'd use the 2nd example)
12:54:55 <kaz> kaz: do you have anybody from the IETF side to discuss this topic with?
12:55:00 <kaz> mm: no, not yet
12:55:14 <kaz> ... would start with Carsten, Ari, etc.
12:55:56 <kaz> kaz: will we mention this point as well during the expected joint meeting with DID?
12:55:59 <kaz> mm: good point
12:56:01 <kaz> ack k
12:56:20 <kaz> [adjourned]
12:56:26 <kaz> rrsagent, make log public
12:56:31 <kaz> rrsagent, draft minutes
12:56:31 <RRSAgent> I have made the request to generate https://www.w3.org/2021/09/20-wot-sec-minutes.html kaz
12:57:42 <kaz> chair: McCool
12:57:43 <kaz> rrsagent, draft minutes
12:57:43 <RRSAgent> I have made the request to generate https://www.w3.org/2021/09/20-wot-sec-minutes.html kaz
15:05:56 <Zakim> Zakim has left #wot-sec