13:01:47 RRSAgent has joined #wot-sec 13:01:47 logging to https://www.w3.org/2022/01/10-wot-sec-irc 13:02:26 JKRhb has joined #wot-sec 13:05:13 meeting: WoT Security 13:05:25 present+ Kaz_Ashimura, Michael_McCool, Jan_Romann 13:05:46 Mizushima has joined #wot-sec 13:05:55 topic: minutes 13:06:25 scribenick: JKRhb 13:06:37 topic: Minutes 13:07:07 mm goes over the minutes from last call 13:07:32 present+ Tomoaki_Mizushima 13:08:30 i|goes|-> https://www.w3.org/2021/12/13-wot-sec-minutes.html Dec-13| 13:09:33 mm: I don't see any problems with the minutes, any comments? 13:10:01 There are no objections raised, the minutes are being published 13:10:11 topic: Planning 13:10:32 mm: kaz, do you need to review something from the main schedule regarding security? 13:11:06 kaz: We don't need to be very strict, we should think about how to update the security spec to the TD spec, however. 13:12:18 s/strict/strict since Security and Privacy Guidelines document is a WG Note/ 13:12:51 mm: The revision of ecurity aspects of other specifications should be prioritized. Then we will have a feature freeze 13:13:10 s/update the security spec to the TD spec/update the TD spec, etc., based on the Security and Privacy Guidelines/ 13:13:10 Topic: Issues and PRs 13:14:00 mm: There were a lot of updates to the TD specification regarding security vocabulary 13:14:35 ... also regarding Security and Privacy Considerations. 13:16:39 ... We could capture some thoughts about updating these considerations in an issue 13:17:03 ... not sure where this issue should go, probably into the TD repository 13:18:51 ... Some of the open issues labelled with security should be closed 13:19:10 zakim, who is on the call? 13:19:10 Present: Kaz_Ashimura, Michael_McCool, Jan_Romann, Tomoaki_Mizushima 13:20:05 mm: Do you think I should an issue regarding the review of Security Considerations? 13:20:14 kaz: Yeah, that makes sense 13:21:08 s/I should an issue/I should open an issue/ 13:21:56 mm opens a new issue "Review Security and Privacy Considerations" in the TD repository 13:23:04 mm: One thing that is a bit consistent at the moment is the handling of IDs in TDs 13:24:21 ... A problem is also sharing TDs in local networks 13:25:43 jr: Is security also included in this issue? 13:27:07 mm: This is dealt with in the discovery specification. Security considerations have to be reviewed for each specification. 13:28:33 jr: Is there discussion of making IDs mandatory? 13:33:13 mm: Optional IDs make Things a bit more complicated, especially Discovery and the use of TDs as RDF documents, but this choice was made due to privacy concerns. This problem should be revisited in TD/Discovery 2.0. 13:33:15 McCool has joined #wot-sec 13:33:19 https://github.com/w3c/wot-thing-description/issues/1348 13:33:43 s/https/-> https/ 13:34:05 s/1348/1348 wot-thing-description Issue 1348 - Review Security and Privacy Considerations/ 13:34:51 mm: There is already an issue for reviewing Security and Privacy Considerations in the Architecture repository 13:35:51 https://github.com/w3c/wot-architecture/issues/587 13:36:22 s/There is already an issue for reviewing/There is already an issue for adding a section on/ 13:37:01 ... there is no issue regarding a review of said considerations yet, however 13:37:10 rrsagent, make log public 13:37:15 i/https/-> https/ 13:38:21 mm opens a new issue in the WoT Architecture repository 13:38:34 s/587/587 wot-architecture Issue 587 - New section on Security and Privacy considerations on Discovery/ 13:38:34 -> https://github.com/w3c/wot-architecture/issues/672 13:39:27 s/672/672 wot-architecture Issue 672 - Review Security and Privacy Considerations/ 13:42:15 mm: I referenced the corresponding issue from other repositories, the only one missing in the issue is now the Profile repository 13:42:59 mm goes over the exisiting issues in the WoT Security repository 13:44:11 mm: There is issue 196 that can be closed and reopened in the Discovery repository 13:44:15 -> https://github.com/w3c/wot-security/issues/196 13:45:26 jr: Maybe the issue could also be moved? 13:46:16 s/196/196 wot-security Issue 196 - Update security and privacy considerations in Discovery/ 13:46:41 mm: Didn't know that, new issue is already open, will close the old one 13:47:05 mm closes issue 196 in the WoT Security repository 13:47:07 https://github.com/w3c/wot-security/issues/196 - closed, but discussion still relevant, cited in new issue 13:47:14 rrsagent, make log public 13:47:18 rrsagent, draft minutes 13:47:18 I have made the request to generate https://www.w3.org/2022/01/10-wot-sec-minutes.html kaz 13:47:42 mm opens a new issue in the WoT Discovery repository 13:47:44 -> https://github.com/w3c/wot-discovery/issues/254 13:48:08 s/topic: minutes// 13:50:11 s|https://github.com/w3c/wot-architecture/issues/587|-> https://github.com/w3c/wot-architecture/issues/587| 13:51:33 mm: Maybe a new "Consideration" label can be added to labels that contain Security Considerations 13:51:49 s/254/254 wot-discovery Issue 254 - Review Security and Privacy Considerations| 13:52:19 s/Considerations|/Considerations/ 13:52:28 rrsagent, draft minutes 13:52:28 I have made the request to generate https://www.w3.org/2022/01/10-wot-sec-minutes.html kaz 13:53:00 mm adds the new "Consideration" label to issue 197 13:53:06 i/There were a lot of/subtopic: TD/ 13:53:30 i/There is already an/subtopic: Architecture/ 13:53:35 subtopic: Issue 165 13:53:52 mm: I think this issue has been resolved and can be closed 13:54:48 ... I'll add the "Propose Closing" label, then we can discuss closing it next week 13:55:03 i/I referenced/subtopic: Profile/ 13:55:21 i/goes over the/subtopic: Discovery/ 13:55:28 rrsagent, draft minutes 13:55:28 I have made the request to generate https://www.w3.org/2022/01/10-wot-sec-minutes.html kaz 13:55:37 subtopic: Issue 149 13:55:46 mm: I think we have finished this 13:55:57 ... this is over a year old, I thought we have finished this 13:56:13 ... it says "PR available", I think the PR was merged 13:56:27 ... we did merge it 13:57:05 ... I think this is done, so this issue can be closed 13:58:12 mm: This issue is very broad, so it is actually difficult to say when it is done, but I'm going ahead and close it 13:58:13 i/Maybe a new "Con/subtopic: Issue 197/ 13:58:17 rrsagent, draft minutes 13:58:17 I have made the request to generate https://www.w3.org/2022/01/10-wot-sec-minutes.html kaz 13:58:17 https://github.com/w3c/wot-security/issues/149 13:58:21 mm closes the issue 13:58:30 subtopic: Issue 149 13:59:27 s/149/254/ 14:00:47 mm: I am going through the Documents and add points to the issue to be reviewed 14:01:09 s/subtopic: Issue 254/topic: Next steps/ 14:01:45 chair: McCool 14:02:05 [adjourned] 14:02:09 rrsagent, draft minutes 14:02:09 I have made the request to generate https://www.w3.org/2022/01/10-wot-sec-minutes.html kaz 14:17:10 i|Maybe a new "Con"|-> https://github.com/w3c/wot-security/issues/197 Issue 197 - Promoting an approach where every thing is a server is a security nightmare| 14:17:49 i|I think this issue has been|-> https://github.com/w3c/wot-security/issues/165 Issue 165 - Re-introduce OAuth2 Security Scheme to TD| 14:18:25 i|I think we have finished|-> https://github.com/w3c/wot-security/issues/149 Issue 149 - Add SDO (Secure Device Onboard) Reference| 14:18:32 rrsagent, draft minutes 14:18:32 I have made the request to generate https://www.w3.org/2022/01/10-wot-sec-minutes.html kaz 15:36:22 Zakim has left #wot-sec