W3C

– DRAFT –
WoT Security

28 February 2022

Attendees

Present
Jan_Romann, Jiye_Park, Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
jiye

Meeting minutes

Minutes

<kaz> Feb-21

<kaz> approved

nope

Pending TD updates

TD Issue 1394

wot-thing-description Issue 1394 - name and in fields for BasicSecurityScheme and DigestSecurityScheme needed?

McCool: we need to be careful about words here
… we want to specify certain RFC to make it clear

McCool: not clear about the 'name'. Do we need to think about that?

Jan: I was trying to implement with name and in. and was not sure how to implement.

McCool: is 'name' mandatory?

Jan: not sure, don't think so

McCool: if in == auto, then name should be empty

Consolidate Security and Privacy Considerations

https://github.com/w3c/wot-thing-description/pull/1402

mm

McCool: redundancy is bothering
… :it hasn't been merged yet but will work on

security questionnaire

wot-thing-description PR 1382 - Create Security and Privacy Questionnaire Answers for Ver 1.1 CR Process

McCool: there are still some work to do but it's mechanical.
… : add Jan as a reviewer

Security Testing Plan

McCool: this is part of TAG review

https://github.com/w3c/wot-thing-description/issues/1396 wot-thing-description Issue 1396 - Complete TAG/Security Wide Review Request

McCool: details are here:

McCool: suggestion is making a directory 'testing_2022.md' in here https://github.com/w3c/wot-testing

<JKRhb> https://swagger.io/solutions/api-testing/

<JKRhb> https://github.com/tum-esi/testbench

<McCool> https://github.com/w3c/wot-testing/pull/210

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 185 (Thu Dec 2 18:51:55 2021 UTC).