13:07:38 <RRSAgent> RRSAgent has joined #wot-sec
13:07:40 <RRSAgent> logging to https://www.w3.org/2021/12/13-wot-sec-irc
13:08:16 <kaz> meeting: WoT Security
13:08:40 <kaz> present+ Kaz_Ashimura, Michael_McCool, Jiye_Park, Philipp_Blum, Tomoaki_Mizushima
13:08:48 <McCool> McCool has joined #wot-sec
13:10:58 <kaz> chair: McCool
13:11:03 <jiye> test
13:11:05 <kaz> scribenick: jiye
13:11:05 <McCool> mm: say something
13:11:12 <McCool> ... something else
13:11:23 <McCool> topic: minutes review
13:11:35 <McCool> https://www.w3.org/2021/12/06-wot-sec-minutes.html
13:11:57 <kaz> Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#13_December_2021
13:12:36 <jiye> mm: reviewing the minutes from last week call
13:14:57 <kaz> s/test//
13:15:01 <jiye> mm: TD/Oauth2 problems got solved from the last TD call
13:15:07 <kaz> s/mm: say something//
13:15:18 <kaz> s/... something else//
13:18:00 <kaz> i/TD/minutes approved/
13:18:23 <kaz> i|TD|topic: Discuss TD/OAuth2 resolution|
13:18:36 <jiye> ... today's topic is Local transport and secure onboarding #28
13:18:45 <zkis_> zkis_ has joined #wot-sec
13:19:03 <kaz> i/today's/topic: Local transport/
13:19:09 <kaz> s/... today/mm: today/
13:20:51 <kaz> -> https://github.com/w3c/wot-security-best-practices/pull/28 wot-security-best-practices PR 28 - Local transport and secure onboarding|
13:21:04 <kaz> merged
13:22:44 <kaz> mm: (creates related issues)
13:22:55 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/30 Issue 30 - Separate local and offline sections; they have distinct needs
13:23:22 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/31 Issue 31 - (D)TLS1.3
13:25:53 <kaz> topic: Issue 3
13:26:09 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/3 Issue 3 - Add a best practice description on logging security events
13:26:20 <kaz> q+
13:28:22 <kaz> ack k
13:29:34 <kaz> mm: (takes notes on the issue 3)
13:29:56 <kaz> ... (lists several possible best practices to be recommended)
13:31:53 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/3#issuecomment-992479478 McCool's comments
13:32:03 <jiye> mm: any volunteer to work on the logging section?
13:32:35 <McCool> https://github.com/w3c/wot-security-best-practices/issues/31
13:32:53 <kaz> i|31|topic: Issue 31 (revisited)|
13:33:23 <jiye> mm: DTLS 1.3 is still a draft, we would recommend to use it when it's ready
13:34:21 <kaz> topic: Scripting Issues
13:34:41 <jiye> https://github.com/w3c/wot-security-best-practices/issues/29
13:35:33 <kaz> s/topic: Scripting Issues//
13:35:34 <kaz> topic: Scripting Issues
13:36:06 <kaz> -> https://github.com/w3c/wot-scripting-api/issues/315 wot-scripting-api Issue 315 - Security TaskForce related issues
13:37:16 <kaz> i|https|mm: (adds labels to Scripting API issues, e.g., "security-tracker" and "discovery")
13:38:05 <kaz> -> https://github.com/w3c/wot-scripting-api/issues/314 wot-scripting-api Issue 314 - Discovery TaskForce related issues
13:38:59 <kaz> -> https://github.com/w3c/wot-scripting-api/issues/299 wot-scripting-api Issue 299 - Chose a particular security schema for an ExposedThing
13:39:01 <McCool> https://github.com/w3c/wot-scripting-api/labels/security-tracker
13:39:18 <kaz> s/https/-> https/
13:39:28 <kaz> s/tracker/tracker Issues marked as "security-tracker"/
13:39:34 <kaz> rrsagent, make log public
13:39:38 <kaz> rrsagent, draft minutes
13:39:38 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
13:41:47 <kaz> topic: Issue 5
13:42:20 <kaz> -> https://github.com/w3c/wot-security-best-practices/issues/5 wot-security-best-practices Issue 5 - Recommended OAuth2 flows
13:42:25 <jiye> mm: today, we have a look the old security issues and close it if it's possible
13:42:54 <kaz> i/today/mm: (adds a comment to refer to the wot-scripting-api Issue 214)
13:43:32 <kaz> i|today|-> https://github.com/w3c/wot-scripting-api/issues/214 wot-scripting-api Issue 214 - Requirements from oAuth 2.0 code flow
13:45:58 <kaz> -> https://github.com/w3c/wot-security/pull/150 wot-security PR 150 - an initial attempt on security provisioning section
13:46:16 <kaz> i/today/topic: Old PRs and Issues/
13:46:38 <kaz> merged
13:46:54 <kaz> -> https://github.com/w3c/wot-security/issues/147 wot-security Issue 147 - Discuss IETF Anima
13:47:44 <McCool> https://github.com/w3c/wot-security/issues/123
13:47:56 <kaz> i/123/(changed the title to "Discus IETF Anima)/
13:48:16 <kaz> i|pull/150|subtopic: PR 150|
13:48:28 <kaz> i|issues/147|subtopic: Issue 147|
13:48:40 <kaz> i/123/subtopic: Issue 123/
13:48:52 <kaz> s/https/-> https/
13:49:19 <kaz> s/123/123 wot-security Issue 123 - Terminology inconsistency - Proxy and Gateway are used interchangeably. /
13:49:27 <kaz> rrsagent, draft minutes
13:49:27 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
13:51:57 <kaz> topic: Use Cases-related Issues
13:53:25 <kaz> mm: (checks wot-usecases repo and add "security-privacy" label to security-related issues)
13:54:25 <kaz> ... maybe we should go through all the issues marked as "publication-2.0" as well
13:54:39 <jiye> mm: going through the issues and label it only explicitly security related ones
13:54:47 <kaz> -> https://github.com/w3c/wot-usecases/labels/publication-2.0 wot-usecases Issues marked as "publication-2.0"
13:55:42 <McCool> https://github.com/w3c/wot-usecases/labels/security-privacy
13:55:51 <kaz> s/https/-> https/
13:56:12 <kaz> s/privacy/privacy wot-usecases Issues marked as "security-privacy"
13:56:18 <kaz> rrsagent, draft minutes
13:56:18 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
13:59:01 <kaz> -> https://w3c.github.io/wot-usecases/#Security "3.7 Security" section of the WoT Use Cases and Requirements ED
13:59:30 <jiye> mm: missing security consideration parts in usecase document
14:01:56 <kaz> mm: (goes through use cases, e.g., ECHONET, Automotive, Transportation, ...)
14:02:05 <jiye> mm: at some point we need to work on this document
14:02:36 <kaz> s/.../Smart City, Building Technologies, .../
14:02:46 <kaz> topic: Meeting schedule
14:03:16 <kaz> -> https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf#Cancellations Cancellations section of the WoT Main wiki
14:03:31 <kaz> mm: next meeting will be held on Jan 10
14:03:37 <kaz> [adjourned]
14:03:49 <kaz> rrsagent, draft minutes
14:03:49 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
14:10:46 <kaz> i/secure onboarding/scribenick: kaz/
14:11:00 <kaz> s/secure onboarding|/secure onboarding/
14:11:02 <kaz> rrsagent, draft minutes
14:11:02 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
14:11:37 <kaz> i/any volunteer/scribenick: jiye/
14:11:38 <kaz> rrsagent, draft minutes
14:11:38 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
14:11:51 <kaz> i/adds labels/scribenick: ka/
14:12:04 <kaz> s/scribenick: ka/scribenick: kaz/
14:12:05 <kaz> rrsagent, draft minutes
14:12:05 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
14:12:32 <kaz> i/today, we/scribenick: jiye/
14:12:33 <kaz> rrsagent, draft minutes
14:12:33 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
14:12:47 <kaz> i/checks wot-use/scribenick: kaz/
14:13:04 <kaz> i/going through the issues and label/scribenick: jiye/
14:13:05 <kaz> rrsagent, draft minutes
14:13:05 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
14:13:34 <kaz> i/goes through use cases, e/scribenick: kaz/
14:13:45 <kaz> i/at some point we need/scribenick: jiye/
14:13:54 <kaz> i/next meeting/scribenick: kaz/
14:13:57 <kaz> rrsagent, draft minutes
14:13:57 <RRSAgent> I have made the request to generate https://www.w3.org/2021/12/13-wot-sec-minutes.html kaz
15:34:32 <Zakim> Zakim has left #wot-sec