TSC Open Meeting - March 28th 2019

[MikeRalphson]

NOTE: This meeting is on Thursday at 9am - 10am PT, 5pm-6pm UTC
Zoom Meeting link: https://zoom.us/j/975841675

In order to give some more visibility into the topics we cover in the TSC meetings here is the planned agenda for the next meeting. Hopefully this will allow people to plan to attend meetings for topics that they have an interest in. And for folks who cannot attend they can comment on this issue prior to the meeting. Feel free to suggest other potential agenda topics.

Proposed Agenda

Topic	Owner	Decision/NextStep
JWT security issues	@whitlockjc
Security Scheme Scheme PR	@darrelmiller
Making the case for roles vs scopes	@MikeRalphson
Proposal to bikeshed on proposal	@tsc
Merge outstanding PRs	@OAI/tsc
Issues labelled review	@OAI/tsc

/cc @OAI/tsc Please add other items as you see fit

[cmheazel]

@MikeRalphson I will only have telephone access tomorrow and that is frequently unreliable. So I want to provide a brief status report related to the JWT issue:

I am working on a pull request which will contain the changes to the OAS document needed to implement Isabelle's cryptographic extension proposal. It will contain the following changes:

1. addition of a signature field to the Media Type Object. This field is of type Signature Object
2. definition of a Signature Object which contains sufficient information to describe the digital signature approach used.
3. addition of Signature Objects to Components, allowing them to be referenced from within the OAS document
   Right now I'm validating that the fields in the Signature Object are sufficient for their purpose. Once that is done, I will convert it into MarkDown and post it as a pull request.

[darrelmiller]

@cmheazel Is the work you are doing only applicable to sigining of requests/response or does it also cover encryption of contents?

[cmheazel]

@darrelmiller It should cover both. That's one of the bits I plan to validate.