Meeting minutes
Minutes
accepted
WoT Security Best Practices
wot-security-best-practices Issue 9 - Publish as a Note
Kaz: we've never published the document as an official group Note
McCool: for the consistency with the GitHub repo's name, we should use "wot-security-best-practices" as the shortname
Philipp: makes sense
Kaz: right
McCool adds comments on the Issue 9
McCool: adds "Call for Resolution to publish update" for Security and Privacy within the June vF2F agenda
Proposed Topics section of the vF2F wiki
another comment on the planning to the Issue 9
McCool: we need to do some general clean up for the draft
wot-security-best-practices ED
McCool: (creates a new issue on secure transport)
wot-security-best-practices Issue 13 - Update Security Transport
McCool: need to talk with Ben about what best practice makes sense here
… we basically recommend OAuth2 flow
… (adds some more comments to Issue 5 as well)
wot-security-best-practices Issue 5 - Recommended OAuth2 flows
McCool: Section 2.1 of the Best Practices document describes the OAuth2 Flows
McCool: (creates another Issue on TD Signatures)
wot-security-best-practices Issue 14 - TD Signatures
McCool: in general, the "object security" section is troublesome since we have no direct experience implementing a system with it
… so maybe we should just remove this section for now...
Kaz: we can leave it as is and add an Editor's Note for the publication of the group Note
McCool: yeah
Philipp: (also like that idea)
McCool: regarding the section 7. Summary"
… currently it's empty
wot-security-best-practices Issue 15 - Add or Remove Summary Section
McCool: and should expand the Acknowledgements section
wot-security-best-practices Issue 16 - Expand Acknowledgements
McCool: we're not ready for publishing the document yet
… need more improvement
… (adds some more comments to Issue 5 again)
McCool's new comments for Issue 5
McCool: Move the current OAuth2 review into an appendix
… Pull out the pseudo-RFC2119 recommendations into the main body and reword as necessary...
… (and then make the "call for resolution" for security during vF2F to "initial call for resolution")
Security and Privacy topics within the Proposed Topics section on the vF2F wiki
McCool: would like to see what the acceptable practices for secure transport
[adjourned]