W3C

WoT Security

23 Nov 2020

Attendees

Present
Kaz_Ashimura, Michael_McCool, Elena_Reshetova, Jack_Dickinson, Tomoaki_Mizushima
Regrets
Chair
McCool
Scribe
elena

Contents

<kaz> Nov-19 Architecture minutes

meeting minutes from last week's call

<kaz> Nov-16

McCool: any objections accepting the minutes?
... no objections, approved

publication updates

McCool: do we have some changes in security docs that we want to publish?
... we have changes in end-to-end security section. But maybe we can wait for reviews longer and not rush publishing changes
... anyone has objections to wait before publishing the delta?

No objections from anyone

signing

McCool: in the last week arch call there was a discussion on signing
... TD and arch guys want to have signing defined pretty soon
... we need to review existing JSON documentation on signing and also coordinate issues on signing

<inserted> Nov-19 wot-arch minutes

McCool presenting wot-arch meetings

McCool: trying to find the relevant issue on signing created during arch call

McCool found the issue in wot-profile repo

<McCool> https://github.com/w3c/wot-profile/issues/55

<McCool> see also existing issues

<McCool> https://github.com/w3c/wot-thing-description/issues/940

<McCool> https://github.com/w3c/wot-security/issues/166

<McCool> which should be cross-referenced

McCool writes down some notes in https://github.com/w3c/wot-profile/issues/55

<kaz> Nov-19 wot-arch minutes

McCool: JWS might simply sign the string expression, but there has to be a process to produce this string from the data to be signed
... rfc 8785 talks about canonicalization of JSON objects
... can be a good start for our work
... but there are some issues with a number of points
... puts a list under issue https://github.com/w3c/wot-profile/issues/55
... in security, security element is an array, but array is deprecated, so my preference is to simplify the syntax as much as possible
... I would prefer to wait for JSON-LD to finish their work before defining our own signing, but canonicalization is a good discussion to have in the meanwhile

<McCool> https://tools.ietf.org/html/rfc7515

<McCool> https://tools.ietf.org/html/rfc8785 - JCS

<McCool> https://www.w3.org/TR/vc-data-model/ - VC data model

McCool: if anyone would have time to read through the above and provide the feedback on how we can define canonicalization form for TD, it would be great
... last week we had a discussion on Hubs and Platforms and marked some issues with these labels
... makes a list of platforms under wot-security issue 66
... we are out of time, wanted to remind that Michael is away second part of december

<kaz> [adjourned]

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2020/12/07 12:09:17 $