Meeting minutes
Review minutes
<kaz> Feb-14
McCool: any objections? No objections.
restructuring lifecycle section
McCool: There is a confusion about bootstrapping. It may include key distribution. I need to look into this again.
name and in fields
McCool: If it goes against the spec, we have to fix this, even if it breaks the spec.
Jan: I am not sure, if that is such a critical issue.
Jan: The basic scheme could also be used with MQTT, but this isn't allowed from the spec.
McCool: The Scheme tried to be as generic as possible.
Jan: I think the security scheme should be revisited for TD 2.0.
Jan: I think Ege also mentioned some changes in OpenAPI. There is some realignment necessary for TD 2.0.
Jan: In general the problem is that the schemes are all inspired by HTTP.
McCool: Jan, can you take care of it and create a PR?
Jan: Sure, will do.
Security and Privacy Considerations
McCool: I need someone to review this.
McCool: I added the risk of the field title/description. To make it short: Sanitize your strings, just like in HTML.
McCool: Add PII in the id or other fields shouldn't be done. I added that as well.
Review Security Questionnaire
<kaz> Security questionnaire
https://
mm adds comments to #1382 PR 1382 - Create Security and Privacy Questionnaire Answers for Ver 1.1 CR Process#issuecomment-1046904114
<kaz> [adjourned]