13:01:41 <RRSAgent> RRSAgent has joined #wot-sec
13:01:46 <RRSAgent> logging to https://www.w3.org/2023/02/27-wot-sec-irc
13:02:18 <zkis_> zkis_ has joined #wot-sec
13:02:36 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#27_February_2023
13:02:41 <kaz> chair: McCool
13:02:50 <kaz> present+ Kaz_Ashimura, Michael_McCool
13:06:06 <Jiye> Jiye has joined #wot-sec
13:06:06 <kaz> present+ Jan_Romann
13:07:18 <kaz> present+ Jiye_Park, Tomoaki_Mizushima
13:07:32 <kaz> scribenick: Jiye
13:08:28 <Jiye> topic: Minutes
13:08:40 <kaz> -> https://www.w3.org/2023/02/20-wot-sec-minutes.html Feb-20
13:09:03 <kaz> rrsagent, make log public
13:09:07 <kaz> rrsagent, draft minutes
13:09:08 <RRSAgent> I have made the request to generate https://www.w3.org/2023/02/27-wot-sec-minutes.html kaz
13:10:46 <kaz> topic: Logistics
13:10:58 <Jiye> mm: I am going to archive all links, any objections?
13:11:06 <Jiye> (no objection)
13:11:11 <kaz> rrsagent, draft minutes
13:11:13 <RRSAgent> I have made the request to generate https://www.w3.org/2023/02/27-wot-sec-minutes.html kaz
13:11:31 <kaz> topic: Profile issues
13:11:50 <kaz> -> https://github.com/w3c/wot-profile/labels/security Profile issues related to security
13:12:26 <Jiye> -> https://github.com/w3c/wot-profile/issues/224
13:13:02 <Jiye> (Summary of the issue)
13:15:27 <Jiye> mm: make sense to use different identity for different authorization
13:17:52 <kaz> s/224/224 wot-profile issue 224 - subscribeallevents security requirements/
13:18:36 <Jiye> mm: let's focus on subscribeallevents first
13:23:59 <Jiye> jy: I agree on the comment. It would be better to use OAuth2 or bearer token than multiple account
13:25:38 <Jiye> mm: having multiple account like admin, user accounts can have different level of authorization
13:26:48 <Jiye> jy: yes, but it's not good to have it for IoT devices, the IoT devices have to maintain the way to do aurhotization
13:41:35 <Jiye> jy: First two things (in bold) are clear, but the last one, where an user account is created, where the information is stored like if the user is admin or user?
13:42:12 <Jiye> mm: Password based approach should be used for only limited number of users.
13:44:30 <Jiye> (talking about Webhook)
13:45:16 <Jiye> mm: It's difficult simply adopt OpenID SSF as it has certain format requirement
13:47:35 <Jiye> ... Cloud even talks about payload, and there are different specs, having a good summary of webhook. what we could do is just adopt this spec but the problem is we need a particular signature algorithm
13:48:16 <Jiye> ... in addition, it has authorization using OAuthe2 bearer tokens
13:50:36 <Jiye> s/Cloud/Cloud event
13:53:29 <Jiye> s/Cloud event/Cloud Events
13:56:24 <kaz> rrsagent, draft minutes
13:56:25 <RRSAgent> I have made the request to generate https://www.w3.org/2023/02/27-wot-sec-minutes.html kaz
13:57:43 <kaz> i|wot-profile issue 224|subtopic: Issue 224|
13:58:15 <kaz> i|talking about Webhook|subtopic: Issue 222|
13:58:34 <kaz> i|talking about Webhook|-> https://github.com/w3c/wot-profile/issues/222 Issue 222 - Security Requirements for WebHook Consumer|
13:58:51 <Jiye> jy: Regarding the comments about Cloud Events, we can discuss once more
14:00:13 <Jiye> topic: WoT Security PRs
14:00:40 <Jiye> jr: there are PRs I made, if you have time to review it, would be good to get review
14:00:53 <kaz> rrsagent, draft minutes
14:00:55 <RRSAgent> I have made the request to generate https://www.w3.org/2023/02/27-wot-sec-minutes.html kaz
14:01:09 <kaz> [adjourned]
14:01:10 <kaz> rrsagent, draft minutes
14:01:11 <RRSAgent> I have made the request to generate https://www.w3.org/2023/02/27-wot-sec-minutes.html kaz
15:06:08 <Ege> Ege has joined #wot-sec
15:36:30 <Zakim> Zakim has left #wot-sec