Meeting minutes
Minutes
<kaz> Dec-13
mm goes over the minutes from last call
McCool: I don't see any problems with the minutes, any comments?
There are no objections raised, the minutes are being published
Planning
McCool: kaz, do you need to review something from the main schedule regarding security?
Kaz: We don't need to be very strict since Security and Privacy Guidelines document is a WG Note, we should think about how to update the TD spec, etc., based on the Security and Privacy Guidelines, however.
McCool: The revision of security aspects of other specifications should be prioritized. Then we will have a feature freeze
Issues and PRs
TD
McCool: There were a lot of updates to the TD specification regarding security vocabulary
… also regarding Security and Privacy Considerations.
… We could capture some thoughts about updating these considerations in an issue
… not sure where this issue should go, probably into the TD repository
… Some of the open issues labelled with security should be closed
McCool: Do you think I should open an issue regarding the review of Security Considerations?
Kaz: Yeah, that makes sense
mm opens a new issue "Review Security and Privacy Considerations" in the TD repository
McCool: One thing that is a bit consistent at the moment is the handling of IDs in TDs
… A problem is also sharing TDs in local networks
Jan: Is security also included in this issue?
McCool: This is dealt with in the discovery specification. Security considerations have to be reviewed for each specification.
Jan: Is there discussion of making IDs mandatory?
McCool: Optional IDs make Things a bit more complicated, especially Discovery and the use of TDs as RDF documents, but this choice was made due to privacy concerns. This problem should be revisited in TD/Discovery 2.0.
<McCool> wot-thing-description Issue 1348 - Review Security and Privacy Considerations
Architecture
McCool: There is already an issue for adding a section on Security and Privacy Considerations in the Architecture repository
<kaz> -> https
wot-architecture Issue 587 - New section on Security and Privacy considerations on Discovery
McCool: there is no issue regarding a review of said considerations yet, however
mm opens a new issue in the WoT Architecture repository
wot-architecture Issue 672 - Review Security and Privacy Considerations
Profile
McCool: I referenced the corresponding issue from other repositories, the only one missing in the issue is now the Profile repository
Discovery
mm goes over the exisiting issues in the WoT Security repository
McCool: There is issue 196 that can be closed and reopened in the Discovery repository
wot-security Issue 196 - Update security and privacy considerations in Discovery
Jan: Maybe the issue could also be moved?
McCool: Didn't know that, new issue is already open, will close the old one
mm closes issue 196 in the WoT Security repository
<McCool> https://
mm opens a new issue in the WoT Discovery repository
wot-discovery Issue 254 - Review Security and Privacy Considerations
Issue 197
<kaz> Issue 197 - Promoting an approach where every thing is a server is a security nightmare
McCool: Maybe a new "Consideration" label can be added to labels that contain Security Considerations
mm adds the new "Consideration" label to issue 197
Issue 165
<kaz> Issue 165 - Re-introduce OAuth2 Security Scheme to TD
McCool: I think this issue has been resolved and can be closed
… I'll add the "Propose Closing" label, then we can discuss closing it next week
Issue 149
<kaz> Issue 149 - Add SDO (Secure Device Onboard) Reference
McCool: I think we have finished this
… this is over a year old, I thought we have finished this
… it says "PR available", I think the PR was merged
… we did merge it
… I think this is done, so this issue can be closed
McCool: This issue is very broad, so it is actually difficult to say when it is done, but I'm going ahead and close it
<McCool> https://
mm closes the issue
Next steps
McCool: I am going through the Documents and add points to the issue to be reviewed
<kaz> [adjourned]