11:56:32 <RRSAgent> RRSAgent has joined #wot-sec
11:56:32 <RRSAgent> logging to https://www.w3.org/2022/10/17-wot-sec-irc
11:56:42 <kaz> meeting: WoT Security
11:59:06 <Mizushima> Mizushima has joined #wot-sec
12:02:19 <Jiye> Jiye has joined #wot-sec
12:07:38 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#17_October_2022
12:07:43 <kaz> scribenick: kaz
12:08:00 <kaz> topic: Minutes
12:08:12 <kaz> -> https://www.w3.org/2022/10/10-wot-sec-minutes.html Oct-10
12:08:21 <kaz> mm: (goes through the minutes)
12:08:45 <kaz> ... will write up the at-risk section
12:10:29 <kaz> ... should remove the acronyms of the WoT products since not really sure
12:11:09 <kaz> (approved)
12:11:27 <kaz> topic: Implementation Report
12:11:53 <kaz> mm: this week, we'll have Discovery call, TD call and Architecture call
12:12:10 <kaz> ... should clarify how to deal with the security section as well
12:12:20 <Mizushima> present+ Tomoaki_Mizushima
12:12:35 <JKRhb> JKRhb has joined #wot-sec
12:13:43 <kaz> -> https://github.com/w3c/wot-discovery/pull/427 wot-discovery PR 427 - Update Oct 2022 impl report
12:13:49 <kaz> i/427/subtopic: Discovery
12:14:14 <kaz> -> https://cdn.statically.io/gh/w3c/wot-discovery/2c3010dd5aa2d14fa41e8b27c454b47b13997ef8/testing/report.html latest draft implementation report
12:15:25 <kaz> mm: (updates the SoTD section of the CR draft of the WoT Discovery spec)
12:16:43 <kaz> s/spec)/spec with the information of "features at risk")
12:16:50 <kaz> rrsagent, make log public
12:16:58 <kaz> rrsagent, draft minutes
12:16:58 <RRSAgent> I have made the request to generate https://www.w3.org/2022/10/17-wot-sec-minutes.html kaz
12:17:01 <kaz> ... what do you think?
12:17:09 <kaz> kaz: given the test results, it makes sense
12:17:18 <kaz> mm: currently 18 features
12:18:25 <kaz> ... at-risk asserions are marked with a yellow highlight within the spec
12:18:35 <kaz> s/asserions/assertions/
12:19:27 <kaz> zakim, who is on the call?
12:19:27 <Zakim> Present: Tomoaki_Mizushima
12:19:49 <kaz> present+ Kaz_Ashimura, Michael_McCool, Jan_Romann, Jiye_Park
12:21:06 <kaz> mm: (fixed the CSS for the at-risk features)
12:22:35 <kaz> ... (then adds a note "several assertions in he following are t risk" to the Privacy Considerations section)
12:24:04 <kaz> kaz: and the at-risk features in that section are also highlighted by yellow. right?
12:24:10 <kaz> mm: yes
12:25:27 <kaz> ... should we change the fonts as well?
12:26:53 <kaz> kaz: the assertions include RFC2119 keywords, which are rendered in bold
12:27:09 <kaz> ... so would be confusing to use bold fonts for the at-risk assertions
12:27:29 <kaz> jr: maybe can use ARIA features to identify the assertions?
12:27:34 <kaz> mm: can dig into it
12:27:50 <JKRhb> Maybe this could work? https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-description
12:28:15 <kaz> s/for the at-risk assertions/for the at-risk assertions, so I think yellow highlights should be fine at the moment./
12:28:29 <kaz> mm: Jiye, any updates?
12:28:43 <kaz> jp: can ask Sebastian and Ege
12:29:05 <kaz> mm: both Netzo and Desigo
12:29:15 <kaz> jp: will ask them today or tomorrow
12:29:49 <kaz> topic: PRs
12:29:58 <McCool> https://github.com/w3c/wot-discovery/pull/427
12:29:59 <kaz> subtopic: PR 427
12:30:10 <kaz> s/https/-> https/
12:30:37 <kaz> s/427/427 PR 427 - Update Oct 2022 impl report
12:30:51 <kaz> mm: will talk about the PR during the Discovery call today
12:31:06 <kaz> topic: AOB
12:31:11 <kaz> mm: look at the calendar
12:31:58 <kaz> -> https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf#Cancellations_and_Schedule_Updates Cancellations (on the main wiki)
12:32:12 <kaz> mm: Security cancelled on Nov 7 and 14
12:32:27 <kaz> ... also Dec 26
12:32:39 <kaz> ... then Jan 2
12:32:45 <kaz> ... OK with restarting on Jan 9?
12:32:49 <kaz> jp: fine
12:33:07 <kaz> s/AOB/Cancellations/
12:33:11 <kaz> topic: AOB
12:33:14 <kaz> mm: AOB?
12:33:50 <kaz> ... feel free to give comments to the Implementation Reports
12:34:36 <kaz> -> https://github.com/w3c/wot-discovery/pull/427 e.g., Discovery PR 427
12:35:29 <kaz> jp: question about security and privacy guidelines
12:35:40 <kaz> ... the document itself is kind of old
12:35:45 <kaz> ... will we update it?
12:35:47 <kaz> mm: yes
12:35:52 <kaz> ... need to update it too
12:37:56 <kaz> ... it is a WG Note
12:38:18 <kaz> ... when the WG Charter expires?
12:38:38 <kaz> kaz: January, 2023
12:39:05 <kaz> mm: people can read the Editor's draft of the Security Guidelines Note
12:39:24 <kaz> -> https://w3c.github.io/wot-security/ Editors Draft - Web of Things (WoT) Security and Privacy Guidelines
12:39:52 <kaz> q+
12:40:33 <kaz> mm: we need to update the references
12:41:01 <kaz> ... after looking at the best practice document and
12:41:06 <kaz> s/ and//
12:41:20 <kaz> ... don't think it's in a bad shape
12:41:30 <kaz> ... Jiye, you can take your time to look into it
12:41:35 <kaz> Jp: OK
12:43:31 <kaz> kaz: just to make sure, the priority is still the normative specs
12:43:37 <kaz> mm: yeah, that's true
12:43:51 <kaz> ... but we can still work on easy fixes
12:44:03 <kaz> [adjourned]
12:44:08 <kaz> rrsagent, make log public
12:44:12 <kaz> rrsagent, draft minutes
12:44:12 <RRSAgent> I have made the request to generate https://www.w3.org/2022/10/17-wot-sec-minutes.html kaz
15:09:27 <Zakim> Zakim has left #wot-sec