Meeting minutes
Preliminary
McCool: would cancel the calls during Plugfest and vF2F weeks
Minutes
McCool: detailed issues on signature?
Kaz: on TD issue 1151
<McCool> https://
[[
1. (Kaz) Set up a repo for the new document. Something generic like enveloped-json-signatures; note, not associated with wot. If using wot prefix is required, then it can be wot-enveloped-json-signatures (or how about wot-ejs, since will be easier to share).
2. (McCool) Extract the current spec for signatures and put it in a separate document. Will just copy the TD spec, delete everything not related to signatures, make it a W3C (Draft) Note, etc.
3. (McCool) Cleanup, following Oliver's suggestions. In particular, relate explicitly to XML Signatures and JWS, explain motivation, put in tables to compare and map features, etc.
4. (Kaz, McCool) Reach out to W3C TAG to discuss.
5. (Oliver, McCool) Reach out to IETF, JOSE/COSE/JWS community to get alignment, and converge on a standard. IETF 112 is Nov 6-12, and/or we could invite someone (Carsten Bormann would be good to reach out to) to our F2F.
We still want implementations for IETF "working code" process. Need at least one to drive discussion at IETF, two if we want to proceed to a W3C REC. Two would be a good idea to test interop even if doing an IETF RFC.
Discuss (e.g. at F2F) whether this should go into our next WoT WG charter. McCool's opinion: not critical to be in our charter if our goal is to make it an IETF RFC that we can just cite, then our only action will be to cite it for TD 2.0. For TD 1.x it would be optional/experimental and invokable by using an extension vocabulary.
]]
McCool: Kaz did 1
… myself did 2
McCool: (creates another issue on wot-ejs itself)
wot-ejs Issue 6 - Cleanup (referring to the TD Issue 1151's action items)
McCool: (continues to review the prev minutes)
… minutes seem to be fine
… any objections?
<McCool> change "contribution" to "contribution to wot-security-best-practices acks"
(the above clarification added)
and minutes approved
Best Practices document
McCool: (goes through the PR)
… reasonably accurate
<citrullin> Philipp-Alexander Blum
Philipp: to be strict, my official name is "Philipp_Alexander" :)
McCool: ok
… fixed
… and merged
DID-related issues
McCool: added "DID" label to Issue 14 and 13
Issue 14 - TD Signatures, Key Management, and Object Security
Issue 13 - Update Secure Local Transport
related wot issue 982 - Joint call with DID
McCool: would discuss those points during the joint call at TPAC
… any other groups for security discussion?
Kaz: not specifically
… had a chat with Ajitomi-san and Igarashi-san as the co-Chairs of the HTTP Local CG
… they were also interested in this topic, though they didn't think a separate meeting with the CG would be needed
McCool: ok
Signature
McCool: have updated the repo
… GH pages is also available now
McCool: there is a vocabulary
… and processing procedure
… wondering about "canonical TD" at step 4 and 5
… the Acknowledgements section has Ege and Oliver now
… will add Philipp
Issue 7 - Update Acks (to include Philipp-Alexander)
McCool: also context URL to be defined
Best Practices (revisited)
Issue 13 - Update Secure Local Transport
McCool: looked at the DID Test Suite
McCool: which methods listed here would make sense for WoT
Philipp: would get suggestions from the DID WG guys
Signature (revisited)
Issue 5 - Consider extending to also supporting enveloping signatures
McCool: change the title to "Extended JSON Signature", etc.?
… would suggest "Embedded JSON Signature"
… (adds an example code on Issue 5)
McCool's comments including example codes
McCool: (adds clarification that for TD, we'd use the 2nd example)
Kaz: do you have anybody from the IETF side to discuss this topic with?
McCool: no, not yet
… would start with Carsten, Ari, etc.
Kaz: will we mention this point as well during the expected joint meeting with DID?
McCool: good point
[adjourned]