12:02:49 <RRSAgent> RRSAgent has joined #wot-sec
12:02:54 <RRSAgent> logging to https://www.w3.org/2023/05/22-wot-sec-irc
12:03:29 <kaz> present+ Kaz_Ashimura, Michael_McCool, Jiye_Park, Luca_Barbato, Tomoaki_Mizushima
12:03:49 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#22_May_2023
12:07:57 <luca_barbato> scribenick: luca_barbato
12:08:12 <luca_barbato> topic: Previous Minutes
12:09:16 <kaz> -> https://www.w3.org/2023/05/15-wot-sec-minutes.html May-15
12:09:25 <luca_barbato> mm: Consensus on publishing?
12:09:29 <luca_barbato> <published>
12:11:00 <luca_barbato> topic: Architecture PR drafts
12:11:09 <McCool> https://github.com/w3c/wot-architecture/pull/909
12:11:17 <McCool> https://github.com/w3c/wot-architecture/pull/910
12:11:24 <McCool> https://github.com/w3c/wot-architecture/pull/911
12:11:31 <McCool> https://github.com/w3c/wot-architecture/pull/912
12:11:36 <luca_barbato> mm: We merged all those above
12:11:38 <McCool> https://github.com/w3c/wot-architecture/pull/913
12:11:56 <luca_barbato> s/mm: We merged all those above//
12:12:30 <luca_barbato> mm: We merged all those, but we can review and make sure nothing is left over
12:13:43 <luca_barbato> mm: I clarified the statement about guest network to match reality
12:14:25 <luca_barbato> ... segmented network is now used instead of the wrongly stated guest network
12:14:51 <kaz> s|https://github.com/w3c/wot-architecture/pull/909|-> https://github.com/w3c/wot-architecture/pull/909 wot-architecture PR 909 - Resolve arch-security-consideration-use-psk|
12:15:00 <luca_barbato> ... and I clarified authorization using access control instead
12:15:08 <kaz> q+
12:15:11 <luca_barbato> mm: No problem with the rewording?
12:15:15 <luca_barbato> <none>
12:16:41 <kaz> i|909|subtopic: PRs already discussed and merged during the previous Architecture call|
12:16:59 <kaz> ack k
12:17:06 <luca_barbato> kaz: We are reviewing the architecture pull request that are already merged
12:17:28 <kaz> s|https://github.com/w3c/wot-architecture/pull/910|-> https://github.com/w3c/wot-architecture/pull/910 wot-architecture PR 910 - Resolve arch-security-consideration-dtls-1-3|
12:17:33 <luca_barbato> mm: They already got discussed and approved in architecture, but I want to have the security experts to doublecheck
12:18:01 <kaz> s/already merged/already merged. right?/
12:19:09 <kaz> s|https://github.com/w3c/wot-architecture/pull/911|-> https://github.com/w3c/wot-architecture/pull/911 wot-architecture PR 911 - Resolve arch-security-consideration-hal-refuse-unsafe|
12:19:23 <luca_barbato> mm: Please speak up if you see a problem with the PR as I recap them
12:19:40 <kaz> s|https://github.com/w3c/wot-architecture/pull/912|-> https://github.com/w3c/wot-architecture/pull/912 wot-architecture PR 912 - Revise native to low-level hardware|
12:20:15 <kaz> s|https://github.com/w3c/wot-architecture/pull/913|-> https://github.com/w3c/wot-architecture/pull/913 wot-architecture PR 913 - Change IoT ecosystem to IoT Platform|
12:20:21 <kaz> rrsagent, make log public
12:20:28 <kaz> rrsagent, draft minutes
12:20:30 <RRSAgent> I have made the request to generate https://www.w3.org/2023/05/22-wot-sec-minutes.html kaz
12:20:45 <Jiye_> Jiye_ has joined #wot-sec
12:21:25 <Jiye__> Jiye__ has joined #wot-sec
12:21:31 <luca_barbato> mm: 911 and 912 impact the same section so it is better to look at the final result
12:22:07 <luca_barbato> q+
12:22:44 <luca_barbato> mm: A `native` specifier is still left over
12:25:58 <luca_barbato> lb: while at it the statement about why the abstration layer is useful should be moved up
12:27:24 <luca_barbato> mm: I'll prepare a pr to replace `native` with `low-level` to be consistent with the rest of the document
12:30:37 <kaz> q+
12:30:42 <luca_barbato> mm: The flow of statements would be better as is
12:30:49 <luca_barbato> q-
12:32:12 <kaz> ack k
12:32:23 <luca_barbato> kaz: The current order is fine
12:32:51 <luca_barbato> mm: Better to fix only the naming
12:33:26 <luca_barbato> kaz: We can consider adding the defintion of `hardware abstraction layer` later
12:34:08 <kaz> s/later/for the next version spec/
12:34:19 <luca_barbato> topic: Thing Description pending PR
12:34:37 <luca_barbato> mm: A number of PR not yet merged
12:35:27 <luca_barbato> ... they mainly are about moving from SHOULD (assertion) to should (not assertion)
12:35:30 <McCool> https://github.com/w3c/wot-thing-description/pull/1826
12:35:37 <McCool> https://github.com/w3c/wot-thing-description/pull/1827
12:35:43 <McCool> https://github.com/w3c/wot-thing-description/pull/1828
12:37:15 <luca_barbato> subtopic: PR 1828
12:37:39 <kaz> s|https://github.com/w3c/wot-thing-description/pull/1826|-> https://github.com/w3c/wot-thing-description/pull/1826 wot-thing-description PR 1826 - Resolve privacy-immutable-id-as-property|
12:37:41 <luca_barbato> mm: All the references to the device flow are removed
12:38:19 <kaz> s|https://github.com/w3c/wot-thing-description/pull/1827|-> https://github.com/w3c/wot-thing-description/pull/1827 wot-thing-description PR 1827 - Resolve security-context-secure-fetch|
12:38:45 <luca_barbato> mm: People can provide feedback until the PR is discussed and merged in the TD call this week.
12:38:56 <kaz> s|https://github.com/w3c/wot-thing-description/pull/1828|-> https://github.com/w3c/wot-thing-description/pull/1828 wot-thing-description PR 1828 - Resolve td-security-oauth2-device-flow|
12:39:03 <luca_barbato> topic: Discovery Pending PRs
12:39:15 <kaz> i|All the refe|-> https://github.com/w3c/wot-thing-description/pull/1828 wot-thing-description PR 1828 - Resolve td-security-oauth2-device-flow|
12:39:47 <luca_barbato> mm: Lots of PR, many cover multiple concerns by interest
12:39:58 <McCool> https://github.com/w3c/wot-discovery/pull/485
12:40:00 <luca_barbato> subtopic: PR 485
12:40:36 <luca_barbato> mm: Not enough implementations using Oauth2 for bootstrapping
12:41:24 <luca_barbato> ... The `client` Oauth2 is supported
12:42:25 <kaz> s|https://github.com/w3c/wot-discovery/pull/485||
12:42:54 <luca_barbato> mm: We can discuss futher this in the Discovery call
12:43:02 <kaz> i|Not enough|-> https://github.com/w3c/wot-discovery/pull/485 wot-discovery PR 485 - Resolve exploration-secboot-oauth2-flows|
12:43:13 <luca_barbato> subtopic: PR 486
12:43:42 <luca_barbato> mm: This PR demotes assertion terms to not assertion (e.g. SHOULD -> should, MAY -> may)
12:44:00 <McCool> https://github.com/w3c/wot-discovery/pull/487
12:44:18 <luca_barbato> subtopic: PR 487
12:44:45 <luca_barbato> mm: This also demotes assertions as well.
12:47:10 <luca_barbato> subtopic: PR 402
12:47:12 <kaz> i|This PR d|-> https://github.com/w3c/wot-discovery/pull/486 wot-discovery PR 486 - Resolve security assertions|
12:47:37 <luca_barbato> DID is related to security, but requires additional polishing and a diagram
12:47:59 <luca_barbato> subtopic: PR 185
12:48:05 <kaz> i|This also demo|-> https://github.com/w3c/wot-discovery/pull/487 wot-discovery PR 487 - Resolve privacy assertions|
12:48:06 <kaz> q+
12:48:25 <luca_barbato> This has to be deferred, but it is interesting
12:48:38 <luca_barbato> s/This has to be deferred, but it is interesting/mm: This has to be deferred, but it is interesting/
12:49:09 <luca_barbato> kaz: We should have another discussion with all the WG participants
12:50:51 <luca_barbato> mm: I prefer splitting by topic and have the WG have a last say
12:51:50 <luca_barbato> mm: We would have a scheduling problem to leave 2 weeks for review
12:57:46 <luca_barbato> lb: This should belong to Profile and not Discovery
12:57:52 <kaz> kaz: Do you think having a 2-hour Discovery call today would be able to finalize the difficult situation? If so, I think that meeting would be kind of similar to my proposed dedicated meeting to finalize the updates around the features at-risk removal./
12:58:05 <kaz> s|removal./|removal.|
12:59:05 <kaz> s|We should have another discussion with all the WG participants|Given the discussion so far during this call, I've started to feel we should have another dedicated meeting with all the WG participants to finalize the removal of features at-risk.|
12:59:11 <kaz> rrsagent, make log public
12:59:17 <kaz> rrsagent, draft minutes
12:59:18 <RRSAgent> I have made the request to generate https://www.w3.org/2023/05/22-wot-sec-minutes.html kaz
13:00:16 <kaz> i/Do you/scribenick: kaz/
13:00:26 <kaz> scribenick: luca_barbato
13:00:49 <kaz> s/lb: This should belong to Profile and not Discovery//
13:00:49 <kaz> lb: This should belong to Profile and not Discovery
13:00:55 <kaz> [adjourned]
13:01:21 <kaz> rrsagent, draft minutes
13:01:22 <RRSAgent> I have made the request to generate https://www.w3.org/2023/05/22-wot-sec-minutes.html kaz
13:01:34 <kaz> chair: McCool
13:01:36 <kaz> rrsagent, draft minutes
13:01:37 <RRSAgent> I have made the request to generate https://www.w3.org/2023/05/22-wot-sec-minutes.html kaz
13:02:13 <kaz> meeting: WoT Security
13:02:14 <kaz> rrsagent, draft minutes
13:02:16 <RRSAgent> I have made the request to generate https://www.w3.org/2023/05/22-wot-sec-minutes.html kaz
13:03:35 <kaz> i|DID is related to|-> https://github.com/w3c/wot-discovery/issues/402 wot-discovery PR 402 - Register DID service names|
13:04:25 <kaz> s|DID is related to|mm: DID is related to|
13:05:18 <kaz> i|This has to be def|-> https://github.com/w3c/wot-discovery/issues/185 wot-discovery Issue 185 - OAuth2 and SSE Notificiations|
13:05:26 <kaz> s/PR 185/Issue 185/
13:05:30 <kaz> rrsagent, draft minutes
13:05:31 <RRSAgent> I have made the request to generate https://www.w3.org/2023/05/22-wot-sec-minutes.html kaz
13:06:51 <kaz> i/This should be/scribenick: kaz/
13:06:53 <kaz> rrsagent, draft minutes
13:06:54 <RRSAgent> I have made the request to generate https://www.w3.org/2023/05/22-wot-sec-minutes.html kaz
13:59:46 <Mizushima> Mizushima has left #wot-sec
15:05:58 <Zakim> Zakim has left #wot-sec