Meeting minutes
minutes review
<McCool> https://
McCool: reviewing the minutes from last week call
<kaz> minutes approved
Discuss TD/OAuth2 resolution
McCool: TD/Oauth2 problems got solved from the last TD call
Local transport
McCool: today's topic is Local transport and secure onboarding #28
wot-security-best-practices PR 28 - Local transport and secure onboarding
merged
McCool: (creates related issues)
Issue 30 - Separate local and offline sections; they have distinct needs
Issue 3
Issue 3 - Add a best practice description on logging security events
McCool: (takes notes on the issue 3)
… (lists several possible best practices to be recommended)
McCool: any volunteer to work on the logging section?
Issue 31 (revisited)
<McCool> https://
McCool: DTLS 1.3 is still a draft, we would recommend to use it when it's ready
https://
Scripting Issues
McCool: (adds labels to Scripting API issues, e.g., "security-tracker" and "discovery")
wot-scripting-api Issue 315 - Security TaskForce related issues
wot-scripting-api Issue 314 - Discovery TaskForce related issues
wot-scripting-api Issue 299 - Chose a particular security schema for an ExposedThing
<McCool> Issues marked as "security-tracker"
Issue 5
wot-security-best-practices Issue 5 - Recommended OAuth2 flows
McCool: (adds a comment to refer to the wot-scripting-api Issue 214)
wot-scripting-api Issue 214 - Requirements from oAuth 2.0 code flow
Old PRs and Issues
McCool: today, we have a look the old security issues and close it if it's possible
PR 150
<kaz> wot-security PR 150 - an initial attempt on security provisioning section
<kaz> merged
Issue 147
<kaz> wot-security Issue 147 - Discuss IETF Anima
<kaz> (changed the title to "Discus IETF Anima)
Issue 123
<McCool> wot-security Issue 123 - Terminology inconsistency - Proxy and Gateway are used interchangeably.
Use Cases-related Issues
McCool: (checks wot-usecases repo and add "security-privacy" label to security-related issues)
… maybe we should go through all the issues marked as "publication-2.0" as well
McCool: going through the issues and label it only explicitly security related ones
<kaz> wot-usecases Issues marked as "publication-2.0"
<McCool> wot-usecases Issues marked as "security-privacy"
<kaz> 3.7 Security section of the WoT Use Cases and Requirements ED
McCool: missing security consideration parts in usecase document
McCool: (goes through use cases, e.g., ECHONET, Automotive, Transportation, Smart City, Building Technologies, ...)
McCool: at some point we need to work on this document
Meeting schedule
<kaz> Cancellations section of the WoT Main wiki
McCool: next meeting will be held on Jan 10
[adjourned]