13:04:59 <RRSAgent> RRSAgent has joined #wot-sec
13:04:59 <RRSAgent> logging to https://www.w3.org/2022/03/07-wot-sec-irc
13:05:09 <kaz> meeting: WoT Security
13:05:11 <kaz> topic: Minutes
13:05:27 <kaz> -> https://www.w3.org/2022/02/28-wot-sec-minutes.html Feb-28
13:05:36 <McCool> https://github.com/w3c/wot-thing-description/pull/1382
13:05:47 <McCool> https://github.com/w3c/wot-security-testing-plan
13:06:09 <kaz> s|-> https://www.w3.org/2022/02/28-wot-sec-minutes.html Feb-28||
13:06:13 <kaz> s/topic: Minutes//
13:06:21 <kaz> i|1382|topic: Agenda|
13:06:21 <JKRhb> https://github.com/w3c/wot-thing-description/pull/1419
13:06:29 <kaz> topic: Minutes
13:06:31 <kaz> -> https://www.w3.org/2022/02/28-wot-sec-minutes.html Feb-28
13:06:49 <kaz> i/meeting:/scribenick: citrullin/
13:07:34 <kaz> present+ Kaz_Ashimura, Michael_McCool, Jan_Romann, Jiye_Park, Philipp_Blum
13:07:37 <McCool> https://github.com/w3c/wot-testing
13:07:57 <citrullin> mm: any objections to publish? No objections.
13:08:08 <kaz> i/any/scribenick: citrullin/
13:08:47 <citrullin> topic: auto value in in field #1419
13:08:52 <citrullin> -> https://github.com/w3c/wot-thing-description/pull/1419
13:09:21 <citrullin> jr: There are these issues with these security schemes. I re-generated the json file.
13:10:28 <kaz> s/1419/1419 Issue 1419 - Add auto value for the in field of SecuritySchemes/
13:10:32 <citrullin> jp: I reviewed this PR. I would rather mention to have it as header instead of using auto.
13:11:52 <citrullin> mm: Adding auto doesn't change anything in the protocol itself. It just adds the info to add negotiate on connection, instead of nothing.
13:13:26 <citrullin> mm: The TD requires a security scheme. And nosec would be inaccurate.
13:15:31 <citrullin> jr: I rather  suggest to have auto as security scheme
13:15:49 <citrullin> s/jr:/jp:/
13:16:21 <citrullin> mm adds a comment to the issue.
13:18:00 <JKRhb> q+
13:19:43 <citrullin> jp: I think basic security should be used on HTTP. We should mention this.
13:21:21 <citrullin> jr: Discovery also has some issues with the limitations of security schemes.
13:21:36 <citrullin> mm: I think using the extension is the right way to go.
13:23:37 <citrullin> mm: We also use string. We should only allow enums. And use an extension mechanism in order to add other security schemes.
13:24:43 <citrullin> mm: I think we should hold up merging this, for now.
13:26:03 <citrullin> pb: Is that for 1.1 or 2.0?
13:26:16 <citrullin> mm: 1.1
13:26:36 <citrullin> pb: Okay, that makes sense. So we can add it for now and have an extensive mechanism for 2.0
13:27:18 <citrullin> mm: CoAP and MQTT are the protocols which make some problems.
13:31:00 <McCool> https://github.com/w3c/wot-thing-description/pull/1419#issuecomment-1060690052
13:31:21 <kaz> q?
13:31:23 <kaz> ack j
13:31:23 <citrullin> s/https:/-> https:/
13:31:28 <kaz> rrsagent, make log public
13:31:32 <kaz> rrsagent, draft miutes
13:31:32 <RRSAgent> I'm logging. I don't understand 'draft miutes', kaz.  Try /msg RRSAgent help
13:31:41 <kaz> s/rrsagent, draft miutes//
13:31:44 <kaz> rrsagent, draft minutes
13:31:44 <RRSAgent> I have made the request to generate https://www.w3.org/2022/03/07-wot-sec-minutes.html kaz
13:32:16 <kaz> rrsagent, make log public
13:32:18 <kaz> rrsagent, draft minutes
13:32:18 <RRSAgent> I have made the request to generate https://www.w3.org/2022/03/07-wot-sec-minutes.html kaz
13:32:47 <citrullin> topic: Security and privacy consideration
13:32:58 <kaz> s/Issue 1419/PR 1419/
13:34:35 <kaz> -> https://github.com/w3c/wot-thing-description/pull/1382 wot-thing-description PR 1382 - Create Security and Privacy Questionnaire Answers for Ver 1.1 CR Process|
13:34:40 <kaz> rrsagent, draft minutes
13:34:40 <RRSAgent> I have made the request to generate https://www.w3.org/2022/03/07-wot-sec-minutes.html kaz
13:36:48 <citrullin> mm: There are also some attacks on automated systems possible through an UI.
13:40:53 <citrullin> mm: A segmented network makes sense in the IoT context.
13:44:59 <citrullin> mm adds a comment to the PR #1282
13:45:38 <citrullin> mm: let me rewrite it. I need to work on it.
13:46:24 <citrullin> -> https://github.com/w3c/wot-thing-description/pull/1382/files#r820716329
13:48:13 <kaz> s/1282/1382/
13:49:14 <citrullin> -> https://github.com/w3c/wot-thing-description/pull/1382#discussion_r820716329
13:50:08 <citrullin> mm adds a comment
13:50:09 <citrullin> -> https://github.com/w3c/wot-thing-description/pull/1382#issuecomment-1060707837
13:50:26 <citrullin> topic: Testing plan
13:52:09 <citrullin> mm: I would like to have a link to the current testing plan on the github readme.
13:55:18 <kaz> i|I would|-> https://github.com/w3c/wot-security-testing-plan wot-security-testing-plan repo
13:55:44 <kaz> -> https://w3c.github.io/wot-security-testing-plan/ github.ko
13:55:47 <kaz> s/ko/io/
13:59:17 <kaz> (github.io has been set up)
13:59:24 <kaz> topic: Next week
13:59:39 <kaz> mm: there will be the PlugFest next week
13:59:47 <kaz> ... so Security call will be cancelled
13:59:52 <kaz> [adjourned]
13:59:56 <kaz> rrsagent, draft minutes
13:59:56 <RRSAgent> I have made the request to generate https://www.w3.org/2022/03/07-wot-sec-minutes.html kaz
14:00:10 <kaz> i/github.io/sribenick: kaz/
14:00:11 <kaz> rrsagent, draft minutes
14:00:11 <RRSAgent> I have made the request to generate https://www.w3.org/2022/03/07-wot-sec-minutes.html kaz
14:45:28 <zkis> zkis has joined #wot-sec
14:52:07 <sebastiankaebisch> sebastiankaebisch has joined #wot-sec
15:03:40 <JKRhb> JKRhb has joined #wot-sec
16:00:26 <Zakim> Zakim has left #wot-sec
16:18:28 <zkis> zkis has joined #wot-sec
16:23:59 <zkis_> zkis_ has joined #wot-sec