IG Security WebConf/2021

Agendas from WoT Security TF in 2021

13 December 2021

Note: last meeting in 2021.

Scribe: Jiye

Minutes:
- 6 December 2021
Discuss TD/OAuth2 resolution
Review Issues and PRs
AOB

6 December 2021

Scribe: Kaz

Minutes:
- 29 November 2021
See "Upcoming issues" above
- Need to deal with various issues in other documents
Review issues and PRs
AOB

29 November 2021

Scribe: Cristiano

Minutes:
- 22 November 2021
See "Upcoming issues" above
- Need to deal with various issues in other documents
Review issues and PRs
AOB

22 November 2021

Scribe: Philipp

Minutes:
- 15 November 2021
Review issues and PRs
AOB

15 November 2021

Scribe: Kaz

Minutes:
- 8 November 2021
Review issues and PRs
- PR 28 - Secure Transport and Onboarding
AOB

8 November 2021

Scribe: Kaz

Minutes:
- 1 November 2021
New attendees
- Jiye Park, Siemens
Review issues and PRs
AOB

1 November 2021

Scribe: Kaz

Minutes:
- 20 September 2021
Meeting invite
Review F2F minutes
- Capture action items
Review revised schedule
- https://github.com/w3c/wot/pull/1000
Review issues and PRs
AOB

18 October 2021

Scribe: Philipp

Minutes:
- 20 September 2021
Planning for F2F - Oct 28
- Meeting with DID and IETF/ITRF/T2TRG
- https://github.com/w3c/wot/issues/987
  - Needs updates, e.g. to date and logistics
Issues and PRs
- EJS actions
  - https://github.com/w3c/wot-thing-description/pull/1151#issuecomment-913621245
  - https://github.com/w3c/wot-ejs/issues/6
Review gaps in TD Implementation Report draft
AOB

20 September 2021

Scribe: Kaz

13 September 2021

Scribe: Philipp

Minutes:
- 6 September 2021
Signatures
Other Issues & PRs
AOB

6 September 2021

Scribe: Kaz

Minutes:
- 30 August 2021
Signatures
- Oliver's Review
- Discussion - Next steps, alternatives
Other Issues & PRs
AOB

30 August 2021

Scribe: Philipp

Minutes:
- 26 July 2021
Issues & PRs
AOB

26 July 2021

Scribe: Kaz

Minutes:
- 19 July 2021
Meeting schedule in August
Best Practices
- Local Transport - cont'd
- https://github.com/w3c/wot-security-best-practices/issues/13
Issues
AOB

19 July 2021

Scribe: Philipp

Minutes:
- 12 July 2021
Best Practices
- PRs
Signing - Review
- Schedule
  - July - McCool to cleanup spec
  - August - Pfaff to review
  - Sept - close/finalize
AOB

12 July 2021

Scribe: Oliver

Minutes:
- 31 May 2021
- vF2F Minutes
Best Practices
Signing
AOB

14 June 2021

CANCELLED

Scribe:

Minutes:
- 31 May 2021
Best Practices
Signing
AOB

31 May 2021

Scribe: Elena

Minutes:
- 24 May 2021
Best Practices
- Review of issues created last week
Signing
- Pending PR for TD
- need to discuss keys
F2F Planning
- Schedule
AOB

24 May 2021

Note: Holiday in Europe and Canada today, but we met anyway and discussed the state of the Best Practices document, and added several issues for things that needed to be done to whip it into shape.

Regrets: Oliver, Elena

Minutes:
- 17 May 2021
Best Practices
- OAuth2
- Local transport
- Discovery
- Usages, Updates, Issues
- Publication schedule
AOB

17 May 2021

Regrets: Elena

Scribe: Oliver

Minutes:
- 10 May 2021
Signing and Canonicalization
Use Case Questionnaire
Scripting Requirements
Issues and PRs
AOB

10 May 2021

Regrets: Oliver

Scribe: Kaz

Minutes:
- 3 May 2021
Signing
- https://github.com/w3c/wot-thing-description/issues/940
- https://github.com/w3c/wot-security/issues/166
- XML Signature alignment
- Signature type? If we could have only one, what should it be?
- Requirements cont'd
- Linked Data Signature charter
Use Case Questionnaire
- https://github.com/w3c/wot-security/issues/168
AOB

3 May 2021

Scribe: Cristiano

Minutes
- 12 April 2021
Signing
- Discussion: https://github.com/w3c/wot-thing-description/issues/940
Oauth2 PR
- WIP: https://github.com/w3c/wot-security-best-practices/pull/10
AOB

19 April 2021

Scribe: Philipp

Minutes
- 12 April 2021
Quick Updates
- Next week joint call with Scripting
- Security TF issues
  - Management API
- Discovery TF issues
- Logistics still under discussion
  - Possible we will join Scripting (the hour before Security) and/or they just join our call next week (April 26); will send email
Issues and PRs
- TD Canonicalization
  - Not knowing default values for extensions is a big problem
- Signing
  - Limit signing to only a particular context, not extensions
  - Would not then be able to protect protocol bindings in particular
  - Could later on extend to other extensions, once defaults are normative
- Server vs Client architecture
- Object security
  - Useful for contexts in which other security is weak, e.g. local HTTP?
- OAuth2 Guidance
  - Currently a bunch of material, including best practice assertions, in the use case document; does it belong there?
Ongoing
- Proofs and Proof Chains
- Discovery Security and Privacy considerations
Other
- Geolocation
AOB

12 April 2021

Scribe: Elena

29 March 2021

Short meeting (30).

Capture F2F outcomes

22 March 2021

Cancelled.

15 March 2021

Cancelled.

8 March 2021

Scribe: Elena

Minutes
- 22 February 2021
Quick Updates
Logistics
- Cancellations due to F2F
- F2F agenda review
  - Note security sections under Architecture (lifecycle; final review?), Discovery (considerations, geolocation), and TD (body scheme, etc.).
  - No special security session
- Planned publications (schedule review)
  - Pre-CR drafts expected 1 May
  - Should finalize updates based on drafts by July.
  - Should formally publish Best Practices
Issues and PRs
Ongoing
AOB
- Management API requirements being discussed for Scripting API

1 March 2021

No call due to plugfest.

22 February 2021

Scribe: Philipp

Minutes
- 15 February 2021
Quick Updates
Issues and PRs
- Updated Body Description (JSON Pointer)
Ongoing
AOB
- Management API requirements being discussed for Scripting API

15 February 2021

Scribe: Cristiano

Minutes
- 8 February 2021
Quick Updates
Issues and PRs
- Proofs and Proof Chains
Ongoing
- Discovery Security and Privacy considerations
- Geolocation
AOB
- Management API requirements being discussed for Scripting API

8 February 2021

Scribe: Oliver

Minutes
- 1 February 2021
Quick Updates
Issues and PRs
- Scripting - Partial TDs
  - Followup:
    - Validation
    - Security scheme selection from inside Scripting API
    - Management API (external setup) requirements
      - Security definitions
      - Default (top-level) security scheme (only one; arrays are deprecated in favor of combo scheme)
    - Secret management requirements (external secret store, etc)
- URI template location parameter for security schemes
Ongoing
- Discovery Security and Privacy considerations
- Proof and Proof Chains
AOB

1 February 2021

Scribe: Kaz

Minutes
- 25 January 2021
Quick Updates
Issues and PRs
- Addition of URI template parameter mechanism
- Security issues in Discovery
  - Create security and privacy considerations section
AOB

25 January 2021

Scribe: Elena

Minutes
- 18 January 2021
Quick Updates
Issues and PRs
- Apikey and PSK explanation improvement
- Addition of URI template parameter mechanism
AOB

18 January 2021

Scribe: Oliver

11 January 2021

Scribe: Cristiano

Minutes
- 4 January 2021
Quick Updates
Issues and PRs
AOB

4 January 2021

Scribe: McCool

Minutes
- 7 December 2020
Quick Updates
Schedule updates
Issues and PRs
AOB