Meeting minutes
Minutes
McCool: think the requirements for the possible management API is for the next Charter period
Kaz: agree
McCool: (adds note on wot-scripting issue 298 to the wot-security-best-practices draft)
Jiye: wondering about the draft
McCool: need to create an actual Pullrequest later
… think the minutes themselves are OK
(approved)
PR and Issue
<McCool> PR 28 - Local transport and secure onboarding
McCool: related to issue 27 and 13
… issue 13 is about local transport
issue 13 - Update Secure Local Transport
McCool: the easiest to handle those two issues at once
… give you a general idea and ask you for opinions
… not directly merged today
McCool: extended the section 2
… we have to revisit the description, e.g., about TLS 1.3
… then two sections
… 2.1 Global Networks
… and
… 2.2 Offline and Local Networks
… pretty straightforward
… how to deal with offline networks is the question
… no connection with the Internet
… like a factory network
… or partial connection like home networks
… need to establish keys
… missing part is onboarding process
… then another paragraph here
… about onboarding practice as a first option
… then 2nd option
… exposing a limited number of secure endpoints
… 2nd option would be better, I think
… then "3. Onboarding"
… need to look into IETF draft on bootstrapping
… the bottom line is that we need to know something about onboarding
Jiye: any kind of assumption for WoT devices?
McCool: we don't have all the control
… probably need to divide the spec into two pieces, brownfield devices and greenfield devices
… e.g., we can't control devices conforming to the other standards like ECHONET
… (adds references to the "3. Onboarding" section)
<McCool> https://
<McCool> https://
<McCool> https://
<McCool> https://
<McCool> https://
McCool: please make comments on the PR
PR 28 - Local transport and secure onboarding
McCool: we need to look into issue 13, 14 and 27
… would start with 13 and 27
issue 13 - Update Secure Local Transport
issue 27 - Add Onboarding/Key Distribution Section
McCool: (adds "BRSKI, DID/VC, Anima" as well)
… regarding "4. Authentication and Access Control"
… we only have OAuth
… need to go through "psk, public, or cert security schemes" again
… section "6. Object Security" has the same issue
Jiye: will go through the PR
McCool: yes, please look at it in detail
… will fix the style as well
[adjourned]