Meeting minutes
Agenda
<McCool> https://
<McCool> https://
<JKRhb> https://
<McCool> https://
Minutes
<kaz> Feb-28
McCool: any objections to publish? No objections.
auto value in in field #1419
PR 1419 - Add auto value for the in field of SecuritySchemes
Jan: There are these issues with these security schemes. I re-generated the json file.
Jiye: I reviewed this PR. I would rather mention to have it as header instead of using auto.
McCool: Adding auto doesn't change anything in the protocol itself. It just adds the info to add negotiate on connection, instead of nothing.
McCool: The TD requires a security scheme. And nosec would be inaccurate.
Jiye: I rather suggest to have auto as security scheme
mm adds a comment to the issue.
Jiye: I think basic security should be used on HTTP. We should mention this.
Jan: Discovery also has some issues with the limitations of security schemes.
McCool: I think using the extension is the right way to go.
McCool: We also use string. We should only allow enums. And use an extension mechanism in order to add other security schemes.
McCool: I think we should hold up merging this, for now.
Philipp: Is that for 1.1 or 2.0?
McCool: 1.1
Philipp: Okay, that makes sense. So we can add it for now and have an extensive mechanism for 2.0
McCool: CoAP and MQTT are the protocols which make some problems.
<McCool> https://
Security and privacy consideration
McCool: There are also some attacks on automated systems possible through an UI.
McCool: A segmented network makes sense in the IoT context.
mm adds a comment to the PR #1382
McCool: let me rewrite it. I need to work on it.
https://
https://
mm adds a comment
https://
Testing plan
<kaz> wot-security-testing-plan repo
McCool: I would like to have a link to the current testing plan on the github readme.
<kaz> github.io
<kaz> (github.io has been set up)
Next week
McCool: there will be the PlugFest next week
... so Security call will be cancelled
[adjourned]