12:05:37 <RRSAgent> RRSAgent has joined #wot-sec
12:05:37 <RRSAgent> logging to https://www.w3.org/2022/09/26-wot-sec-irc
12:05:45 <kaz> meeting: WoT Security
12:06:39 <kaz> present+ Kaz_Ashimura, Jan_Romann, Michael_McCool, Philipp_Blum
12:09:14 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#26_September_2022
12:09:56 <McCool> McCool has joined #wot-sec
12:14:45 <citrullin> topic: Minutes review
12:14:57 <citrullin> mm: Any objections to the minutes? No objections.
12:15:12 <citrullin> Minutes -> https://www.w3.org/2022/08/22-wot-sec-minutes.html
12:15:46 <citrullin> topic: Issues review
12:15:47 <kaz> i/Any o/scribenick: citrullin/
12:15:55 <kaz> rrsagent, make log public
12:15:58 <kaz> rrsagent, draft minutes
12:15:58 <RRSAgent> I have made the request to generate https://www.w3.org/2022/09/26-wot-sec-minutes.html kaz
12:16:48 <citrullin> mm: At this point we may have to defer them to WoT 2.0 (wot-discovery issues flagged with security)
12:18:41 <citrullin> mm: The SSE topic is an interesting topic. Any input on this?
12:18:52 <citrullin> pb: Sorry, I am not familiar with SSE. I have to look into it first.
12:19:17 <citrullin> mm: It's a combination of two complicated topics. oAuth and SSE. Farshid has some useful comments.
12:19:49 <citrullin> oAuth 2 and SSE Notification -> https://github.com/w3c/wot-discovery/issues/185
12:19:50 <kaz> chair: McCool
12:20:35 <McCool> https://github.com/w3c/wot-discovery/issues/185#issue-900858578 - farshid's comments on SSE and OAuth2
12:21:50 <kaz> i|At this point|-> https://github.com/w3c/wot-discovery/labels/Security wot-discovery issues with the "Security" label|
12:22:07 <kaz> i/The SSE topic/subtopic: Issue 185
12:22:47 <kaz> i|The SSE topic|-> https://github.com/w3c/wot-discovery/issues/185 wot-discovery issue 185 - OAuth2 and SSE Notificiations|
12:23:37 <citrullin> mm adds a comment
12:23:55 <citrullin> s/comment/comment -> https://github.com/w3c/wot-discovery/issues/185#issuecomment-1257953079/
12:25:14 <citrullin> subtopic: Thing Description security issues
12:29:15 <citrullin> mm: We have to publish an ontology. Kaz, how do we do this?
12:29:53 <citrullin> kaz: There are several ways to do it. Registry track may be one of them. Or we host the ontology ourself on the w3 domain.
12:30:20 <citrullin> mm: We agreed to just leave it alone for now. There was a lot of discussions about this.
12:35:05 <citrullin> mm adds a comment to the issue -> https://github.com/w3c/wot-thing-description/issues/949#issuecomment-1257967810
12:40:03 <kaz> s/w3 domain./w3 domain. I think it depends on how we want to maintain the resources. We might want to talk with PLH as well after clarifying our own expectations./
12:40:28 <kaz> rrsagent, make log public
12:40:32 <kaz> rrsagent, draft minutes
12:40:32 <RRSAgent> I have made the request to generate https://www.w3.org/2022/09/26-wot-sec-minutes.html kaz
12:41:03 <zkis> zkis has joined #wot-sec
12:41:52 <kaz> s/subtopic: Issue 185/subtopic: Discovery issue 185/
12:42:50 <citrullin> subtopic: API Key and PSK security
12:43:05 <citrullin> API key and PSK security schemes are not referenced or explained -> https://github.com/w3c/wot-thing-description/issues/998
12:43:47 <kaz> s/topic: Issues review/topic: Discovery issues/
12:44:06 <kaz> s/subtopic: Thing Description security issues/topic: Thing Description security issues/
12:45:20 <kaz> i|We have to publish an o|-> https://github.com/w3c/wot-thing-description/issues/949 wot-thing-description issue 949 - We need extension ontology to include implicit and password flows in OAuth2|
12:45:35 <kaz> rrsagent, draft minutes
12:45:35 <RRSAgent> I have made the request to generate https://www.w3.org/2022/09/26-wot-sec-minutes.html kaz
12:46:35 <kaz> i/issue 949/subtopic: TD issue 949/
12:47:16 <kaz> s/API key and PSK security schemes are not referenced or explained/wot-thing-description issue 998 - API key and PSK security schemes are not referenced or explained/
12:47:45 <kaz> s/subtopic: API Key and PSK security/subtopic: TD issue 998/
12:47:47 <kaz> rrsagent, draft minutes
12:47:47 <RRSAgent> I have made the request to generate https://www.w3.org/2022/09/26-wot-sec-minutes.html kaz
12:49:43 <kaz> -> https://w3c.github.io/wot-thing-description/#psksecurityscheme WoT Thing Description - 5.3.3.9 PSKSecurityScheme
12:51:18 <kaz> -> https://w3c.github.io/wot-thing-description/testing/report11.html td-vocab-identity--PSKSecurityScheme has two implementations already
12:51:58 <citrullin> mm adds comment, proposed closing -> https://github.com/w3c/wot-thing-description/issues/998#issuecomment-1257988213
12:56:09 <kaz> rrsagent, draft minutes
12:56:09 <RRSAgent> I have made the request to generate https://www.w3.org/2022/09/26-wot-sec-minutes.html kaz
12:56:34 <kaz> [adjourned]
12:56:35 <kaz> rrsagent, draft minutes
12:56:35 <RRSAgent> I have made the request to generate https://www.w3.org/2022/09/26-wot-sec-minutes.html kaz
14:03:21 <Mizushima> Mizushima has left #wot-sec
14:11:25 <Zakim> Zakim has left #wot-sec