13:06:07 <RRSAgent> RRSAgent has joined #wot-sec
13:06:07 <RRSAgent> logging to https://www.w3.org/2022/02/21-wot-sec-irc
13:06:15 <kaz> meeting: WoT Security
13:06:43 <kaz> present+ Kaz_Ashimura, Michael_McCool Jan_Romann, Philipp_Blum, Tomoaki_Mizushima
13:06:47 <citrullin> topic: Review minutes
13:06:49 <kaz> chair: McCool
13:06:56 <kaz> scribenick: citrullin
13:07:29 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#21_February_2022
13:08:14 <kaz> -> https://www.w3.org/2022/02/14-wot-sec-minutes.html Feb-14
13:09:21 <citrullin> mm: any objections? No objections.
13:11:32 <citrullin> topic: restructuring lifecycle section
13:11:51 <citrullin> Issue 704 -> https://github.com/w3c/wot-architecture/pull/704
13:12:27 <citrullin> mm: There is a confusion about bootstraping. It may include key distribution. I need to look into this again.
13:14:49 <citrullin> topic: name and in fields
13:15:05 <citrullin> issue 1394 -> https://github.com/w3c/wot-thing-description/issues/1394
13:15:26 <citrullin> mm: If it goes against the spec, we have to fix this, even if it breaks the spec.
13:15:51 <citrullin> jr: I am not sure, if that is such a critical issue.
13:18:49 <citrullin> jr: The basic scheme could also be used with MQTT, but this isn't allowed from the spec.
13:19:01 <citrullin> mm: The Scheme tried to be as generic as possible.
13:20:09 <citrullin> jr: I think the security scheme should be revisited for TD 2.0.
13:21:47 <citrullin> jr: I think Ege also mentioned some changes in OpenAPI. There is some realignment necessary for TD 2.0.
13:22:37 <citrullin> mm adds a comment to #1394 -> https://github.com/w3c/wot-thing-description/issues/1394#issuecomment-1046876055
13:27:16 <citrullin> jr: In general the problem is that the schemes are all inspired by HTTP.
13:29:34 <citrullin> mm: Jan, can you take care of it and create a PR?
13:29:37 <citrullin> jr: Sure, will do.
13:34:45 <citrullin> mm adds a comment to 1394 -> https://github.com/w3c/wot-thing-description/issues/1394#issuecomment-1046887555
13:35:11 <citrullin> topic: Security and Privacy Considerations
13:35:25 <citrullin> Issue 1402 -> https://github.com/w3c/wot-thing-description/pull/1402
13:35:34 <citrullin> mm: I need someone to review this.
13:38:03 <citrullin> mm: I added the risk of the field title/description. To make it short: Sanitize your strings, just like in HTML.
13:38:56 <citrullin> mm: Add PII in the id or other fields shouldn't be done. I added that as well.
13:44:56 <citrullin> topic: Review Security Questionnaire
13:54:59 <kaz> -> https://w3ctag.github.io/security-questionnaire/ Security questionnaire
13:55:18 <citrullin> Issue 1382 -> https://github.com/w3c/wot-thing-description/pull/1382
13:55:32 <kaz> s/Issue 1382 //
13:55:52 <citrullin> mm adds comments to #1382 -> https://github.com/w3c/wot-thing-description/pull/1382#issuecomment-1046904114
13:55:52 <kaz> s|pull/1382|pull/1382 PR 1382 - Create Security and Privacy Questionnaire Answers for Ver 1.1 CR Process|
14:03:02 <kaz> [adjourned]
14:03:08 <kaz> rrsagent, draft minutes
14:03:08 <RRSAgent> I have made the request to generate https://www.w3.org/2022/02/21-wot-sec-minutes.html kaz
15:02:02 <Mizushima> Mizushima has left #wot-sec
15:03:50 <kaz> rrsagent, make log public
15:03:51 <kaz> rrsagent, draft minutes
15:03:51 <RRSAgent> I have made the request to generate https://www.w3.org/2022/02/21-wot-sec-minutes.html kaz
15:33:50 <Zakim> Zakim has left #wot-sec
17:09:35 <sebastian> sebastian has joined #wot-sec
17:44:11 <zkis> zkis has joined #wot-sec
19:37:32 <zkis> zkis has joined #wot-sec
20:08:05 <zkis> zkis has joined #wot-sec
20:12:55 <JKRhb> JKRhb has joined #wot-sec
22:14:15 <zkis> zkis has joined #wot-sec
22:32:21 <zkis> zkis has joined #wot-sec