07:22:34 RRSAgent has joined #webauthn 07:22:34 logging to http://www.w3.org/2016/09/20-webauthn-irc 07:22:36 RRSAgent, make logs public 07:22:38 Zakim, this will be 07:22:38 I don't understand 'this will be', trackbot 07:22:39 Meeting: Web Authentication Working Group Teleconference 07:22:39 Date: 20 September 2016 07:22:58 present= 07:23:01 agenda= 07:23:07 Agenda: https://public.etherpad-mozilla.org/p/webauthn-tpac-2016 07:23:18 wseltzer has changed the topic to: Agenda 20 Sept. https://public.etherpad-mozilla.org/p/webauthn-tpac-2016 07:40:04 yaronf has joined #webauthn 07:40:46 @wseltzer: are you joining WebEX? 07:41:11 Thx! 07:41:47 weiler has joined #webauthn 07:43:34 You are on WebEX but there's no audio. 07:48:27 jcj_moz has joined #webauthn 07:50:47 rbarnes has joined #webauthn 07:50:51 https://public.etherpad-mozilla.org/p/webauthn-tpac-2016 07:50:58 alexei-goog has joined #webauthn 07:51:08 RobTrace has joined #webauthn 07:51:22 mdadas has joined #webauthn 07:51:27 I can hear you, but quality is real bad. 07:52:03 JeffH has joined #webauthn 07:52:12 present+ 07:52:20 sam agreed to scribe, but i don't see him here 07:52:36 SamSrinivas has joined #webauthn 07:52:39 present+ 07:52:40 nadalin has joined #webauthn 07:52:42 present+ 07:52:43 present+ 07:52:45 present+_ 07:52:48 selfissued has joined #webauthn 07:52:53 Introductions by all. 07:52:59 scribenick: SamSrinivas 07:53:01 Topic: Spec updates from VGB 07:53:01 Richard asks Vijay to give overview of status 07:53:05 SamS or SamW scribe? 07:53:14 SamS 07:53:15 oh SamS 07:53:20 present+ 07:53:30 Rolf has joined #webauthn 07:53:59 Vijay giving big view: We are focusing on looking through end to end scenarios. 07:54:43 relevant repo for those following along: https://github.com/w3c/webauthn 07:55:24 One set of PRs is focuses on that. Two large issues in current list: (Issue 1) Attestation -- Rolf and Vijay discussing extensively (Issue 2) Origins --- what that means. Jeff has PR which does a lot of that. 07:55:44 present+ 07:55:45 (SamW, glad for you to take over -- let me know -- either way) 07:56:15 gmandyam has joined #webauthn 07:56:25 present+ 07:56:33 Vijay says: i18n folks asked us how we are doing -- some places where we need to pay attention -- prompt messages, internaationalized origin names (domian names). 07:56:34 present+ 07:56:54 present+ yaronf(remote) 07:57:08 zakim, who is here? 07:57:08 Present: JeffH, weiler, alexei-goog, rbarnes, _, nadalin, jcj_moz, gmandyam, wseltzer, yaronf(remote) 07:57:10 On IRC I see gmandyam, Rolf, selfissued, nadalin, SamSrinivas, JeffH, mdadas, RobTrace, alexei-goog, rbarnes, jcj_moz, weiler, yaronf, RRSAgent, mkwst, adrianba, slightlyoff, 07:57:10 ... Zakim, trackbot, wseltzer 07:57:13 We have not had objections to the security model etc for a while -- meaning not fundamental structural issues. Vijay would like to get to implementations rolling. 07:57:16 present- _ 07:57:46 present+ Ketan, nadalin, Rolf, selfissued 07:58:08 Axel has joined #webauthn 07:58:19 present+ SamSrinivas 07:58:21 present+ Axel, RobTrace, vgb, dirkbalfanz 07:58:38 Agenda bash. Afternoon Google people wants to talk about compatibility with issues, later afternoon accessibility issues discussion. 07:58:52 sorry "google wants to talk about compatiblity with u2f". 07:59:05 s/with issues/with u2f/ 07:59:23 Tony: We have to decide whether we want to WD-03 before we go with CR. 08:00:05 Vijay: We should get to more frequent working drafts, perhaps every other week as we work through the existing issues after current pull requests -- there are 60 issues. 08:00:51 Tony: Problem is that other groups watching us will complain about having to watch through frequent change. We should have milestones which 'external' people can invest in for review -- we should mark those in some way. 08:01:34 Vijay: Pull request convergence has become slow -- wiating times one month. We should have quicker cadence and frequent WD will force that. 08:01:48 Tony: Let us now discuss open pull requests. 08:02:05 https://github.com/w3c/webauthn/pull/161 08:02:12 We have outstanding attestation PR #161 -- vijay and rolf? 08:03:01 Rolf: Am happy in general with current status. Wouild like to get feedback on readability. 08:04:19 Vijay: Downside of having it in PR means it is not in WD and so very limited set of peole reviewing it. We should merge it in and there may be issues like incompletenees of TPM structure. But those are minor can can be fixed. 08:04:48 Vijay: (Okes the pull request in real time) 08:04:55 https://github.com/w3c/webauthn/pull/194 08:05:06 Tony: #194 Transport Hints 08:05:09 deiu has joined #webauthn 08:05:21 brunoj has joined #webauthn 08:06:16 Sebastien has joined #webauthn 08:06:29 Alexei: is a narrative of what exactly client does with transport hints. 08:06:54 Tony: Can you fix markup issues and merge it in? 08:07:07 Alexei: I think that is what we should do. 08:07:17 Jeff: The enum does not include plain Bluetooth 08:07:58 Alexei: The reason is we didn't need it in U2F coz nobody wanted to implement it. 08:08:00 Rolf: What are people using then? 08:08:24 Alexei: Bluetooth Low Energy (as against classic Bluetooth) 08:08:24 Tony: Alexei, you'll fix and create new issue? 08:08:24 Alexei: Yes 08:08:47 https://github.com/w3c/webauthn/pull/196 08:09:07 Tony: #196: Few outstanding technical issues Vijay opened this morning 08:09:27 Vijay: Need to be explicit about what errors are thrown in what situation. Havent' gotten a lot of feed back. 08:10:00 Tony: Didn't Yaron ask about this? 08:10:12 Vijay: No, he was talking about whether we have privacy leaks thrygh errors rather than what the error details are. That's my recollection. 08:10:13 hyojin has joined #webauthn 08:10:32 Jeff: Question: Why do you call it scoped credential description and use the term 'descriptor'? 08:10:51 Vijay: We will make it consistent to 'descriptor' 08:11:18 Vijay: any other opinions? 08:11:22 Room: Silence 08:11:49 Tony: So will you close that out? 08:11:49 Vijay: Will do it during the day today. 08:12:18 https://github.com/w3c/webauthn/pull/198 08:13:41 Richard: What we are doing here is transitioning from the client computing the origin to it being speciied by the caller. Isn't that material change? 08:14:28 Vijay: We are saying that the client will check what is specified and make sure it is permitted. 08:16:50 SamSrinivas_ has joined #webauthn 08:17:35 Mike: I'll review 201 right now. 08:19:04 SamSrinivas_ has joined #webauthn 08:19:09 Jeff: will resolve 202. 08:19:53 Tony: We have 203 08:20:00 kaorumaeda has joined #webauthn 08:20:01 Jeff: This is simple, adds secure context qualifier to all interfaces in the API. 08:22:43 https://github.com/w3c/webauthn/issues/6 08:23:20 SamSrinivas has joined #webauthn 08:23:29 https://github.com/w3c/webauthn/issues/8 08:23:32 Brad: Security Context went to CR last week. 08:24:31 Tony: We need to create a milestone (in response to Jeff). Next we have #53, error codes. 08:24:59 VIjay: This will merge along with error code changes. 08:25:05 Tony: We have #160 08:25:30 Jeff: That is fixed. 08:25:36 JC: Has reviewed, is ok. 08:26:04 Dirk: What algorithm are using to jump between issues? 08:26:08 Tony: All issues tagged with WD-02. We are trying to close those today. 08:26:41 Tony: #173 08:27:14 Jeff: Fixed in a pull request 08:27:27 Tony: #174? 08:27:54 Giri: I couldn't find it in the standard. It meant something else. 08:28:10 Vijay: It has been renamed to 'origin'. 08:28:30 Dirk: I'll close. 08:28:51 Vijay: Don't close -- there is an outstanding PR.. Jeff's changes 08:29:12 Dirk: which giant PR? 08:29:18 Vijay: #202 08:30:04 Tony: #178 08:30:54 Jeff: Will close 08:31:07 Tony: #179? Utf8 string? 08:31:29 Jeff: I 08:31:42 will fix this. But its not fixed rightnow. 08:32:01 Tony: That takes through open WD-02 issues. 08:32:07 Giri: #200? 08:32:29 JC: It just got closed 5 minutes before. 08:33:04 Tony: Will you do a republish? 08:33:09 Vijay: Yes 08:33:19 Richard: Is WD-02 closed for issues? 08:33:27 Tony: Yes, issues will go against WD-03. 08:34:29 Richard: 3 weeks between WD drafts. Anyone object? 08:34:44 Vijay: Seems ok --- aligned with calls. 08:35:59 Vijay: Hoping to get to last call within next few WDs. 08:36:11 Richard: We have a CR milestone for Oct 31. Reminder. 08:36:28 Alexei: Hiint; Get on a VPN and network issues go away. 08:40:34 yaronf has joined #webauthn 08:40:58 Tony: Short break until network problems resolve. 08:41:08 weiler_ has joined #webauthn 08:50:38 Vijay, Jeff: #12 -- assign to WD-03 08:51:04 Vijay: #13 --may have addressed this already. 08:51:34 Jeff: Vijay will reference this in a PR which will be merged 08:53:22 Vijay: #22 -- we can put this beyond CR and do it in V2 of spec 08:55:54 weiler_ has joined #webauthn 08:59:09 jcj_moz_ has joined #webauthn 09:00:18 Sam, Alexei, Tony: Use case discussion: Authenticaiton required at remote machine. Authenticator present on local machine. 09:00:35 Richard: Different point. Can there be a situaton where the test of user presence = 0. 09:00:56 Giri: Example, presence of a TPM, 09:01:18 Richard: We should have tesst of user presence = 0 as an option 09:02:29 Vijay: We can just say "Set the bit to 1" in the spec and not handle it in v1 of spec. 09:02:47 Vijay: Spec already says so. 09:05:19 Jeff: We should put this in Level 2 (= v2). 09:05:24 weiler has joined #webauthn 09:06:23 yaronf has joined #webauthn 09:06:28 Vijay: Level is w3c terms which usually means 'version' elsewhere. 09:18:28 weiler has joined #webauthn 09:21:28 kaorumaeda has joined #webauthn 09:25:38 kaorumaeda_ has joined #webauthn 09:37:39 RobTrace has joined #webauthn 09:37:50 kaorumaeda has joined #webauthn 09:40:23 kaorumaeda_ has joined #webauthn 09:42:52 kaorumaeda has joined #webauthn 09:44:38 rbarnes has joined #webauthn 09:45:25 jcj_moz has joined #webauthn 09:46:00 SamSrinivas has joined #webauthn 09:46:22 Tony: Issue #24 hasn't had updates for a while 09:47:00 Jeff: There are diagrams which need review 09:47:05 Vijay: Will review 09:47:28 Issue #25 Server challenge time out 09:47:47 Vijay: That was addressed in one of my PRs, and when I check it in it should close. 09:48:05 Tony: WIll be WD-02 09:49:12 dsinger has joined #webauthn 09:50:22 yaronf has joined #webauthn 09:52:08 selfissued has joined #webauthn 09:54:58 Tony: There is a youtube video of paint drying. 09:55:07 https://www.youtube.com/watch?v=nGA-GCq7JWM 09:55:22 schuki has joined #webauthn 09:55:24 https://github.com/w3c/webauthn/issues/66 09:55:27 https://github.com/w3c/webauthn 09:55:28 Mike: Which issue are we not discussing? 09:55:37 Tony: Jeff on issue #66 09:55:49 nadalin has joined #webauthn 09:56:06 https://github.com/w3c/webauthn/issues/66 09:56:09 Jeff: If someone agrees with my resolution close it. 09:56:31 yaronf has left #webauthn 09:57:06 TOny: #79 has had not activity for a quite a whi.e 09:57:31 Alexei: Leave it at CR 09:58:40 Tony: #85? 09:59:03 Vijay: non-normative -- can be in security considerations, is not affecting spec. 09:59:18 not affecting normatively, that is. 10:01:17 Tony: #87 10:01:30 Vijay: wonder whether this is relevant any more 10:02:18 Rolf has joined #webauthn 10:04:20 Vijay: Will change text to adjust to this 10:07:20 dsinger has joined #webauthn 10:09:52 Tony: #91 could be a blocker for CR? 10:10:02 JC: Would people vote no? 10:10:15 JC: It is not normative. 10:10:21 dsinger has joined #webauthn 10:11:18 jun has joined #webauthn 10:11:24 Vijay: This is about "how to write a server" and this is strange to have here. 10:11:49 Dirk: I found the example this points to and that doc says "this explainer doc is out of sync with spec - read the spec instead"! 10:12:03 Tony: Put in comments "Will address this post-CR" 10:12:29 Richard: Well, this group is not chartered to do this, actually. Lets close this. 10:12:37 Richard: Has been closed 10:13:12 dsinger has left #webauthn 10:14:54 Vijay: #95will close. 10:29:17 Vijay: #102 will be done by Vijay 10:31:53 Alexei: #116 leave it open 10:37:17 selfissued_ has joined #webauthn 10:49:45 JeffH has joined #webauthn 10:50:19 Jeff: leave #125 open for CR 10:51:33 RIchard: #131 is simple editorial word fix 10:51:49 q+ re: post-lunch agenda 10:55:38 #133 and #208 resolved togetehr with clarifying text. Giri to do it. 10:56:29 gmandyam has joined #webauthn 11:03:03 breaking for one hour , 'til 1pm local. U2F at 1pm, followed by implementation. 11:12:52 [closed the Webex] 11:50:02 JeffH has joined #webauthn 11:54:57 jcj_moz has joined #webauthn 12:02:20 weiler has joined #webauthn 12:03:49 rbarnes has joined #webauthn 12:04:04 rrsagent, make minutes 12:04:04 I have made the request to generate http://www.w3.org/2016/09/20-webauthn-minutes.html weiler 12:04:19 does anyone need or want WebEx? 12:09:40 (WebEx is up and running, just in case.) 12:10:16 RobTrace has joined #webauthn 12:16:48 gmandyam_ has joined #webauthn 12:17:39 jcj_moz_ has joined #webauthn 12:32:39 nadalin has joined #webauthn 12:44:44 crystal has joined #webauthn 13:16:09 jun has joined #webauthn 13:18:03 weiler has joined #webauthn 13:19:12 Sebastien has joined #webauthn 13:36:38 harry has joined #webauthn 13:38:51 naomi has joined #webauthn 13:39:28 Virginie_ has joined #webauthn 13:46:33 crystal_ has joined #webauthn 13:46:54 crystal_ has left #webauthn 13:48:42 jcj_moz_ has joined #webauthn 13:49:02 gmandyam has joined #webauthn 13:55:01 kaorumaeda has joined #webauthn 13:59:08 SamSrinivas has joined #webauthn 14:04:09 re extensions as long as there's no MUST/SHOULD normative text and it's clearly marked as extensions, should be fine 14:04:26 I think testing IdP/RP support is something W3C is not optimized for, but would be worth a discussion and I'm sure somehting reasonable is possible. 14:06:17 brunoj has joined #webauthn 14:07:57 though i'm not really enthusiastic about having things specified that aren't implemented 14:12:34 agreed. 14:12:39 I think you'd have to argue for it. 14:13:27 http://www.w3.org/2016/09/20-webauthn-minutes.html 14:13:36 rrsagent, make minutes 14:13:36 I have made the request to generate http://www.w3.org/2016/09/20-webauthn-minutes.html weiler 14:13:56 Thank you! 14:43:30 weiler has joined #webauthn 15:13:13 jcj_moz has joined #webauthn 15:24:08 naomi has joined #webauthn 15:26:15 q+ 15:26:20 q- weiler 15:31:15 q+ 15:42:39 q? 15:42:44 harry: you still in the queue? 15:43:42 nope 15:43:44 q- hhalpin 15:43:47 q- harry 15:50:46 alexei-goog has joined #webauthn 15:56:11 weiler has joined #webauthn 16:11:43 weiler has joined #webauthn 16:34:10 https://ifaa.alipay.com/specifications.htm 16:34:29 JeffH has joined #webauthn 16:35:30 uri ? 16:36:31 https://ifaa.alipay.com/index.htm 16:38:54 https://ifaa.alipay.com/joinIndex.htm 16:52:04 weiler has joined #webauthn 16:53:32 rbarnes has joined #webauthn 17:09:26 weiler has joined #webauthn 17:27:03 rbarnes has joined #webauthn 17:34:19 rbarnes has joined #webauthn 17:37:36 rbarnes has joined #webauthn 17:50:40 naomi has joined #webauthn 18:09:00 harry has joined #webauthn 19:16:21 rbarnes has joined #webauthn 20:55:24 kaorumaeda has joined #webauthn 21:24:55 kaorumaeda has joined #webauthn 21:50:47 kaorumaeda_ has joined #webauthn 21:57:54 kaorumaeda has joined #webauthn 22:42:59 harry has joined #webauthn