12:03:14 <RRSAgent> RRSAgent has joined #wot-sec
12:03:14 <RRSAgent> logging to https://www.w3.org/2022/06/13-wot-sec-irc
12:03:49 <kaz> meeting: WoT Security
12:04:06 <jiye> jiye has joined #wot-sec
12:04:06 <kaz> present+ Kaz_Ashimura, Michael_McCool
12:05:07 <kaz> present+ Jiye_Park
12:07:31 <kaz> present+ Tomoaki_Mizushima
12:12:14 <kaz> scribenick: kaz
12:12:16 <kaz> topic: Minutes
12:12:24 <kaz> -> https://www.w3.org/2022/05/30-wot-sec-minutes.html May-30
12:12:40 <kaz> mm: (goes through the minutes)
12:14:18 <kaz> approved
12:14:31 <kaz> topic: Discovery and TLS/DTLS
12:15:34 <kaz> -> https://w3c.github.io/wot-discovery/#exploration-server WoT Discovery draft - 7.2 Thing Description Server
12:17:32 <kaz> mm: (shows section "7.2 Thing Description Server")
12:17:57 <kaz> ... would remove the redundant assertions on TLS and authentication
12:19:09 <kaz> ... current text there is a pair of assertions
12:19:44 <kaz> ... i.e.
12:19:46 <kaz> ... An HTTP-based TD Server providing a TD SHOULD use TLS when serving requests.
12:20:00 <kaz> ... An HTTP-based TD Server providing a TD SHOULD provide the resource only after performing necessary authentication and authorization.
12:20:48 <kaz> ... instead, we could just add another text
12:22:41 <kaz> ... e.g., use of secure transport is subject to further assertions given in the Security Considerations sections of the WoT Architecture and the WoT Thing Description specifications, including scenarios where secure is mandatory and mutual authentication is recommended.
12:23:07 <kaz> s/secure/secure transport/
12:23:38 <kaz> s/instead, //
12:23:59 <kaz> kaz: adding clarification would be good
12:24:22 <kaz> mm: there is a similar issue around the other sections too
12:25:51 <kaz> kaz: referring to the other specs like Architecture and TD is fine
12:26:30 <kaz> ... but that would mean the features are not really the ones of Discovery, and the Discovery spec itself doesn't need to test those features
12:26:35 <kaz> ... is that correct?
12:26:38 <kaz> mm: yeah
12:27:18 <kaz> ... the point here is moving the description to those existing specs
12:27:31 <kaz> jp/kaz: ok
12:28:07 <kaz> mm: (creates a PR for that purpose)
12:28:25 <kaz> ... this change, we can remove the Editor's Note too
12:28:40 <kaz> s/PR/Issue/
12:29:04 <kaz> -> https://github.com/w3c/wot-discovery/issues/335 Issue 335 - Fix TLS Assertions
12:29:14 <kaz> mm: will create a PR for that purpose too
12:29:29 <kaz> s/Issue for that purpose/Issue about this/
12:29:35 <kaz> rrsagent, make log public
12:29:40 <kaz> rrsagent, draft minutes
12:29:40 <RRSAgent> I have made the request to generate https://www.w3.org/2022/06/13-wot-sec-minutes.html kaz
12:30:43 <kaz> topic: Discovery Issue 303
12:31:06 <kaz> -> https://github.com/w3c/wot-discovery/issues/303 wot-discovery Issue 303 - Personal devices and public/private TDDs
12:32:27 <kaz> -> https://github.com/w3c/wot-thing-description/issues/1497 related wot-thing-description Issue 1497 - Identifiers don't seem to rotate enough
12:32:59 <kaz> mm: (add a comment to wot-discovery Issue 303 about wot-thing-description Issue 1497)
12:39:51 <kaz> ... (also adds some more comments)
12:45:12 <kaz> -> https://github.com/w3c/wot-discovery/issues/303#issuecomment-1153869121 McCool's comments
12:48:30 <kaz> mm: (also adds comments to the wot-thing-description Issue 1497 too)
12:53:13 <kaz> -> https://github.com/w3c/wot-thing-description/issues/1497#issuecomment-1153876618 comments on wot-thing-description Issue 1497
12:55:24 <kaz> q+
12:57:16 <kaz> kaz: the bigger question here is whether the WoT specs like TD and Discovery should define the algorithm for how to generate IDs and use them or not
12:57:17 <kaz> mm: yeah
12:57:42 <kaz> ... let's continue the discussion next week
13:00:15 <kaz> kaz: fyi, I'm planning to organize a breakout session during TPAC about how to deal with IDs which requires further collaboration with the other related groups, e.g., DID and VC
13:00:41 <kaz> ... we should handle that potential session separately from this discussion, though
13:00:46 <kaz> mm: yeah
13:01:15 <kaz> ... we should think about both (1) future version and the (2) current version
13:01:54 <kaz> ... but should handle the future version discussion separately from the current specs
13:02:01 <kaz> [adjourned]
13:02:05 <kaz> rrsagent, make log public
13:02:08 <kaz> rrsagent, draft
13:02:08 <RRSAgent> I'm logging. I don't understand 'draft', kaz.  Try /msg RRSAgent help
14:00:36 <kaz> kaz has joined #wot-sec
14:04:01 <Mizushima> Mizushima has left #wot-sec
14:24:16 <McCool__> https://github.com/w3c/wot-discovery/issues/340
14:33:11 <McCool__> https://github.com/w3c/wot-discovery/issues/341
14:55:27 <Zakim> Zakim has left #wot-sec