Meeting minutes
review minutes
<kaz> Apr-25
McCool: Any objections to publish the minutes? No objections.
S&P Considerations
Make Security and Privacy Considerations Normative
<McCool> https://
McCool: Just for information. It already got merged.
McCool: We had a dublication in public metadata. I moved one of it out.
McCool: It didn't have a mention of discovery. I added it.
McCool: There was a consideration about PII I added an assertion to.
McCool: Philipp, can you have a look over it, until Thursday?
pb: Will do.
Profiles
McCool: There are some troubling things in the new draft.
McCool: There are 14 open PRs. So, there will probably be a lot of changes.
McCool: There are some things in Profiles that we didn't reach consensus in the TD spec. Some include implications for security, especially privacy.
McCool: In the end we took out globally unique IDs.
McCool: I am not worrying about for the moment, until we have a draft though.
Additional security schemes
PR 1474 - allow definition of additional security schemes
Jan: While dealing with json schema, I noticed there are some issues in the document itself.
Jan: Scheme is optional in 1.1, but mandatory in 1.0. The type changed from string to any type.
McCool: any type was there, because we also had to allow URIs beside strings.
Some discussion between jre and mm.
McCool: Okay, I think we make it mandatory.
Jan: The changed example is just an realignment with the current document.
McCool: Unfortunately, the renderer doesn't wrap lines.
McCool: I guess we will see what happens when we discuss this in the call. This shouldn't break anything if we leave it out, right?
Jan: Actually, in example 49, this isn't a valid thing description.
McCool: Right, your chain would allow it, right?
Jan: yes.
McCool: We don't have a way to validate extensions.
McCool: It's a bigger topic. We had a discussion 2 years ago about this.
McCool: We will go in the TD call and discuss it there.
References for best practises
McCool: the ncsc reference doesn't look like a specification document. I am little bit concerned.
Jan: There is a version number on the side though.
mm adds a comment to the issue.
McCool: The documents are focused on web, but not IoT. There is a NIST security guidelines for IoT.
pb: That would be something I am also more concerned about.
Jan: Wouldn't it be better to reference international organizations, instead of national ones?
McCool: Yes, if possible.
mm adds a comment.
<JKRhb> https://
https://