IG Security WebConf/2020
Agendas from WoT Security TF in 2020
7 December 2020
Scribe: Oliver
- Minutes
- Quick Updates
- Schedule updates
- Issues and PRs
- AOB
30 November 2020
Regrets: Elena
Scribe: Kaz
- Minutes
- Quick Updates
- Schedule updates
- Issues and PRs
- AOB
23 November 2020
Scribe: Elena
- Minutes
- Quick Updates
- Publication updates
- Signing
- Issues and PRs
- Planning and Schedule
- AOB
16 November 2020
Scribe: Kaz
- Minutes
- Quick Updates
- Issues and PRs
- Planning
- AOB
9 November 2020
Scribe: Oliver
- Minutes
- Updates
- Planning
- Next steps
- New issues: 193 and 194
- finalize deferred topics: LD-PROOFS, inline schemes, etc.
- update security and privacy guidelines: oauth, lifecycles
- consider specific guidelines for particular contexts, eg smart home, smart city (https://github.com/w3c/wot-security/issues/195)
- Issues and PRs
- AOB
28 September 2020
Cancelled due to plugfest
21 September 2020
Scribe: Oliver
- Minutes
- Updates
- Minutes publishing policy - must be public for reasons
- Lifecycle (see arch issue)
- Planning
- Next steps, publications/updates, etc.
- F2F agenda
- Testing
- Joint call topics
- Issues and PRs
- AOB
14 September 2020
Scribe: Elena
- Minutes
- Updates
- Issues and PRs
- AOB
7 September 2020
Scribe: Cristiano
- Minutes
- Updates
- TD PRs and feedback
- Arch lifecycle
- Directory Security
- Security Issues and PRs
- AOB
31 August 2020
Scribe: Clerley
- Minutes
- TD Security PRs and Issues
- Discussion topics
- OAuth2 mandatory items - necessary or not?
- Directory Security
- Lifecycle Review
- Other Security Issues and PRs
- AOB
24 August 2020
Scribe: Cristiano
- Minutes
- Conexxus Security/Privacy Template Review
- TD PRs
- Discussion topics
- OAuth2 mandatory items - necessary or not?
- Directory Security
- Lifecycle Review
- Other Security Issues and PRs
- AOB
17 August 2020
Scribe: Clerley
- Minutes
- TD Security PRs
- Directory Security
- Lifecycle
- Conexxus Security/Privacy
- News
- AOB
10 August 2020
Scribe: Oliver
Regrets: Elena
- Minutes
- OAuth2 update
- Document updates
- Issue and PRs
- AOB
3 August 2020
Scribe: Clerley
- Minutes
- OAuth2 update
- Document updates
- Issue and PRs
- AOB
27 July 2020
Regrets: Elena
Scribe: Farshid
- Minutes
- OAuth2 TD update
- Updates to documents
- Best practices
- OAuth2 usage - implicit, password deprecated
- Others?
- Best practices
- Deliverables
- Documents
- Standard vocab? Extension vocab? OAuth2 for deprecated flows
- Issue and PRs
- Use Case review
- Add Security and Privacy sections to existing UCs
- But pending conversion to HTML
- AOB
20 July 2020
Scribe: Cristiano
Regrets: Elena
- Minutes
- Review OAuth2 PR against TD
- Multiple OAuth2 flows
- Issue #929 Multiple OAuth 2.0 flows in security definitions
- Note this relates to TD issue #901
- Security issues raised in TD call July 15
- Issue #926 Add OAuth2 client and device flows
- Issue #901 Clarifying use of multiple security schemes in the security term
- Issue #922 How to describe apikey in query
- Issue #923 How to describe Philips Hue security scheme
- Issue #899 Managing Dynamically Created Resources in TDs
- Binding Templates
- TD Signing
- AOB
13 July 2020
- Minutes
- Use cases
- Requirements
- Review OAuth2 flows and generate use case details and requirements
- new PR
- AOB
6 July 2020
- Review Minutes
- Requirements
- Review OAuth2 flows and generate use case details and requirements
- PR
- AOB
29 June 2020
No meeting post F2F.
22 June 2020
No regular meeting, but security session held during F2F.
15 June 2020
Cancelled due to plugfest.
8 June 2020
Cancelled due to overlap with T2TRG/WoT Workshop.
1 June 2020
Note: Today is a public holiday in Germany.
- Guests
- Cristiano Aguzzi is now an Invited Expert
- Review Minutes
- Use case review
- Conexxus Security Document review
- F2F and Workshop preparation
- PRs
- Time permitting: review issues
- AOB
25 May 2020
- Review Minutes
- PRs
- OAuth2 Issues and flows
- F2F Planning
- Use case review
- Issue review
- AOB
18 May 2020
- Review Minutes
- End-to-end security PR #172
- Conexxus S&P review
- F2F Planning
- Use case review
- AOB
11 May 2020
- Review Minutes
- 04 May 2020 (note: deferred to May 25)
- OAuth Requirements for Scripting
- Use case review
- Security and Privacy considerations sections
- Lifecycle review and input
- State definitions
- AOB
4 May 2020
- Review Minutes
- Lifecycle review and input
- continue discussion from last week after recent updates
- Requirements template and use-case review
- see https://github.com/w3c/wot-architecture/issues/472
- confirm PR for 1 and 2
- maybe start looking at steps 3 and 4
- see https://github.com/w3c/wot-architecture/issues/472
- Security Ontology Document
- Any updates needed to security ontology?
- Issue review
- Issue #166 - Integrity protection
- related to LD-Proofs proposal
- related to Issue #61
- consider supporting DID public key references as well
- Issue #151 - Stakeholder terminology
- Issue #149 - SDO Reference
- Issue #147 - Anima Reference
- Issue #144 - E2E Security
- Issue #135 - Maintenance/Updates in Arch
- Issue #65 - Lifecycle to Arch
- Issue #166 - Integrity protection
- AOB
27 Apr 2020
- Review Minutes
- Lifecycle review and input
- Actors, authentication requirements for state changes, etc.
- Related to Issue #148 - Fuzzy authentication
- Requirements template and use-case review
- wot-architecture Issue #472: Request for a "security checklist"
- Related to use-case review brought up 2020-04-20 and wot-security Issue #168
- Need to also include any privacy considerations; look again at PING Privacy Threat Model
- Compare with W3C Self-Review Security Questionnaire
- AOB
20 Apr 2020
- Introductions
- Clerley Silveira from Conexxus
- Review Minutes
- Issues and PRs
- End-to-end PR (already merged, pending edits requested): https://github.com/w3c/wot-security/pull/164
- AOB
13 Apr 2020
- No meeting - Easter Monday
6 Apr 2020
- Review Minutes
- Easter holidays...
- Scripting Review
- Does scripting API need features to specify schemes, scopes, etc?
- Lifecycle
- Issues and PRs
- End-to-end PR: https://github.com/w3c/wot-security/pull/164
- AOB
30 Mar 2020
- Review Minutes
- Lifecycle
- Anima mapping
- Issues and PRs
- AOB
23 Mar 2020
- Review Minutes
- F2F Minutes - Security Session
- PING issue for feedback on privacy threat model
- PRs
- Issues
- AOB
9 Mar 2020
- Review Minutes
- PING issue for feedback on privacy threat model
- https://github.com/w3cping/privacy-threat-model/issues/17
- Still no comments on this issue
- DID
- Joint call proposed - to confirm timeslot in virtual F2F
- Issue for public key references in TDs: https://github.com/w3c/wot-security/issues/161
- Review F2F plans
- PRs
- Issues
- AOB
2 Mar 2020
- Review Minutes
- Repo cleanup
- Review changes in https://github.com/w3c/wot-security/pull/162
- PING issue for feedback on privacy threat model
- DID
- Joint call proposed - to confirm timeslot in virtual F2F
- Issue for public key references in TDs: https://github.com/w3c/wot-security/issues/161
- Virtual F2F planning: March 16-18
- PRs
- Issues
- AOB
24 Feb 2020
- Review Minutes
- PING issue for feedback on privacy threat model
- DID review
- DID Summary Presentation
- Joint call proposed - to confirm timeslot in virtual F2F
- Issue for public key references in TDs: https://github.com/w3c/wot-security/issues/161
- PRs
- Issues
- AOB
17 Feb 2020
- Review Minutes
- DID review
- PING feedback
- PRs
- Issues
- AOB
10 Feb 2020
- Review Minutes
- PRs
- Issues
- AOB
3 Feb 2020
- Review Minutes
- PRs and Issues
- Work bottom-up to try and retire older issues this time
- AOB
27 Jan 2020
- Review Minutes
- PRs and Issues
- AOB
20 Jan 2020
- Review Minutes:
- deferred to main call
- Edge Apps
- Security and Privacy implications
- Lifecycle
- PRs and Issues
- MUDs
- Privacy Threat Model
- AOB
13 Jan 2020
- Review Minutes:
- Lifecycle
- Further discussion in Architecture (first call)
- Discovery
- Privacy and security considerations
- PRs and Issues
- AOB