Meeting minutes
Previous Minutes
<kaz> May-15
McCool: Consensus on publishing?
<published>
Architecture PR drafts
PRs already discussed and merged during the previous Architecture call
<McCool> wot-architecture PR 909 - Resolve arch-security-consideration-use-psk
<McCool> wot-architecture PR 910 - Resolve arch-security-consideration-dtls-1-3
<McCool> wot-architecture PR 911 - Resolve arch-security-consideration-hal-refuse-unsafe
<McCool> wot-architecture PR 912 - Revise native to low-level hardware
<McCool> wot-architecture PR 913 - Change IoT ecosystem to IoT Platform
McCool: We merged all those, but we can review and make sure nothing is left over
McCool: I clarified the statement about guest network to match reality
… segmented network is now used instead of the wrongly stated guest network
… and I clarified authorization using access control instead
McCool: No problem with the rewording?
<none>
Kaz: We are reviewing the architecture pull request that are already merged. right?
McCool: They already got discussed and approved in architecture, but I want to have the security experts to doublecheck
McCool: Please speak up if you see a problem with the PR as I recap them
McCool: 911 and 912 impact the same section so it is better to look at the final result
McCool: A `native` specifier is still left over
Luca: while at it the statement about why the abstration layer is useful should be moved up
McCool: I'll prepare a pr to replace `native` with `low-level` to be consistent with the rest of the document
McCool: The flow of statements would be better as is
Kaz: The current order is fine
McCool: Better to fix only the naming
Kaz: We can consider adding the defintion of `hardware abstraction layer` for the next version spec
Thing Description pending PR
McCool: A number of PR not yet merged
… they mainly are about moving from SHOULD (assertion) to should (not assertion)
<McCool> wot-thing-description PR 1826 - Resolve privacy-immutable-id-as-property
<McCool> wot-thing-description PR 1827 - Resolve security-context-secure-fetch
<McCool> wot-thing-description PR 1828 - Resolve td-security-oauth2-device-flow
PR 1828
<kaz> wot-thing-description PR 1828 - Resolve td-security-oauth2-device-flow
McCool: All the references to the device flow are removed
McCool: People can provide feedback until the PR is discussed and merged in the TD call this week.
Discovery Pending PRs
McCool: Lots of PR, many cover multiple concerns by interest
PR 485
<kaz> wot-discovery PR 485 - Resolve exploration-secboot-oauth2-flows
McCool: Not enough implementations using Oauth2 for bootstrapping
… The `client` Oauth2 is supported
McCool: We can discuss futher this in the Discovery call
PR 486
<kaz> wot-discovery PR 486 - Resolve security assertions
McCool: This PR demotes assertion terms to not assertion (e.g. SHOULD -> should, MAY -> may)
<McCool> w3c/
PR 487
<kaz> wot-discovery PR 487 - Resolve privacy assertions
McCool: This also demotes assertions as well.
PR 402
<kaz> wot-discovery PR 402 - Register DID service names
McCool: DID is related to security, but requires additional polishing and a diagram
Issue 185
<kaz> wot-discovery Issue 185 - OAuth2 and SSE Notificiations
McCool: This has to be deferred, but it is interesting
Kaz: Given the discussion so far during this call, I've started to feel we should have another dedicated meeting with all the WG participants to finalize the removal of features at-risk.
McCool: I prefer splitting by topic and have the WG have a last say
McCool: We would have a scheduling problem to leave 2 weeks for review
Kaz: Do you think having a 2-hour Discovery call today would be able to finalize the difficult situation? If so, I think that meeting would be kind of similar to my proposed dedicated meeting to finalize the updates around the features at-risk removal.
Luca: This should belong to Profile and not Discovery
[adjourned]