W3C

– DRAFT –
WoT Security

13 June 2022

Attendees

Present
Jiye_Park, Kaz_Ashimura, Michael_McCool, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
kaz

Meeting minutes

Minutes

May-30

McCool: (goes through the minutes)

approved

Discovery and TLS/DTLS

WoT Discovery draft - 7.2 Thing Description Server

McCool: (shows section "7.2 Thing Description Server")
… would remove the redundant assertions on TLS and authentication
… current text there is a pair of assertions
… i.e.
… An HTTP-based TD Server providing a TD SHOULD use TLS when serving requests.
… An HTTP-based TD Server providing a TD SHOULD provide the resource only after performing necessary authentication and authorization.
… we could just add another text
… e.g., use of secure transport transport is subject to further assertions given in the Security Considerations sections of the WoT Architecture and the WoT Thing Description specifications, including scenarios where secure is mandatory and mutual authentication is recommended.

Kaz: adding clarification would be good

McCool: there is a similar issue around the other sections too

Kaz: referring to the other specs like Architecture and TD is fine
… but that would mean the features are not really the ones of Discovery, and the Discovery spec itself doesn't need to test those features
… is that correct?

McCool: yeah
… the point here is moving the description to those existing specs

Jiye/Kaz: ok

McCool: (creates a Issue about this)
… this change, we can remove the Editor's Note too

Issue 335 - Fix TLS Assertions

McCool: will create a PR for that purpose too

Minutes manually created (not a transcript), formatted by scribe.perl version 185 (Thu Dec 2 18:51:55 2021 UTC).