16:58:59 RRSAgent has joined #webauthn 16:58:59 logging to http://www.w3.org/2017/05/03-webauthn-irc 16:59:01 Zakim has joined #webauthn 16:59:04 present= 16:59:08 zakim, clear agenda 16:59:08 agenda cleared 16:59:11 present+ 16:59:28 Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017May/0035.html 16:59:34 Meeting: Web Authentication WG 16:59:38 Chair: Nadalin 17:00:30 Rolf has joined #webauthn 17:00:51 gmandyam has joined #webauthn 17:01:29 present+ nadalin, selfissued 17:01:41 apowers has joined #webauthn 17:02:18 present+ gmandyam 17:02:24 present+ 17:02:30 present+ jcj_moz 17:02:43 selfissued has joined #webauthn 17:02:44 present+ 17:03:18 weiler has joined #webauthn 17:03:57 zakim, who is here? 17:03:57 Present: wseltzer, nadalin, selfissued, gmandyam, jyasskin, jcj_moz, battre 17:04:00 On IRC I see weiler, selfissued, apowers, gmandyam, Rolf, Zakim, RRSAgent, wseltzer, jcj_moz, trackbot, schuki, mkwst, jyasskin, adrianba, battre, jochen___, slightlyoff 17:04:10 present+ apowers 17:04:32 jeffh has joined #webauthn 17:04:36 kpaulh has joined #webauthn 17:04:53 present+ 17:05:42 present+ jeffh 17:06:19 nadalin: trying to get to an implementation draft 17:06:59 ... 8 PRs, review the priority: implementation ones 17:07:13 ... then any others people feel must absolutely be in implementation draft 17:07:39 ... not waiting until it's perfect for implementation draft, since we want feedback from implementers and developers 17:07:47 jeffh: 5 PRs now open 17:07:55 ... others closed or marked for CR 17:08:11 https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AWD-05 17:08:29 nadalin: start with 379 17:08:31 Where is implementation draft defined in current W3C process? - see https://www.w3.org/2017/Process-20170301/#Reports 17:08:59 angelo: we don't need that urgently 17:09:06 nadalin: other implementers? 17:09:13 angelo has joined #webauthn 17:09:14 jcj_moz: fine slipping from this release 17:09:27 alexei: ok to push to next WD 17:09:31 JeffH: fine by me 17:09:45 We are talking about 379. Alexei, J.C., Angelo, and Jeff are ok with waiting until next WD 17:10:02 nadalin: 427 17:10:04 https://github.com/w3c/webauthn/pull/427 17:10:22 jeffh: jeffrey and I were talking about a few changes 17:10:44 jyasskin: some details about how transport is dealt with 17:10:52 ... fine to merge parts 17:11:11 ... not critical to get by implementation draft 17:11:25 giri: there's no "implmentation draft" in Process 17:11:42 Implementation draft is not part of W3C. We are going to snap something in between. 17:11:44 nadalin: we're trying to get that as an in-between snap-to stage 17:11:52 ... can still change before CR 17:12:17 ... but it will be harder to justify breaking changes later 17:12:23 jcj_moz: Mozilla is ok with that process 17:12:51 ... re 427, it's not material for WD-05, as we won't have multiple transports 17:13:24 angelo: ok for us 17:14:45 alexei: getting implmentation will help us figure out what should happen 17:14:54 nadalin: move this one to WD-06 17:15:08 nadalin: 429 17:15:15 https://github.com/w3c/webauthn/pull/429 17:15:30 angelo: people seem on-board with the idea 17:15:38 ... can we get consent on the call to merge? 17:15:54 nadalin: alexei and jeffH requested changes 17:16:04 angelo: look like editorial 17:16:20 ... I think I can address them 17:16:26 alexei: substance looks right 17:16:45 s/alexei/jyasskin/ 17:17:08 nadalin: can we get agreement to do the merge if angelo makes changes today? 17:17:26 gmandyam: can we propose changes re selection criteria? 17:17:58 @@: this PR adds one specific selection criteria 17:18:08 gmandyam: add dictionary 17:18:36 @@: this PR only adds one, as a side effect, cleans up the API by making it a dictionary 17:19:05 ... if you have issues with the creation of dictionary, put them in this PR 17:19:30 gmandyam: Qualcomm objects if we can't consider other criteria 17:19:48 ... e.g. adding criteria for RP to select authenticator enclave 17:20:24 @@: I'm ok adding more things, just as a separate PR for the next WD 17:20:50 gmandyam: then move the attachment out, and just create the dictionary 17:21:03 @@: the attachment is already there, this just moves it 17:22:10 gmandyam: make it an empty dictionary, then address parameters separately 17:22:46 @@: this one was already in the spec, we just didn't know where 17:23:01 gmandyam: please record Qualcomm's objection 17:23:25 selfissued: we've been talking about this feature for weeks 17:23:40 ... we should discuss each individual feature independently. 17:24:01 nadalin: I didn't hear an objection to the approach; but that it didn't contain everything you want 17:24:26 ... we've generalized the approach to make it extensible 17:24:36 gmandyam: but we'll be arguing as each one is added 17:25:12 @@: don't you want each element discussed on its merits? 17:26:00 ... I think that's what we're doing, but the two criteria under discussion were already in the API 17:26:18 gmandyam: I'm not blocking the merge 17:27:42 ... I think we shouldn't be debating each criterion in a separate PR 17:27:51 ... so can I propose more in this PR? 17:28:35 selfissued: we already had those two; nothing stops you from proposing another 17:29:11 nadalin: Agreement that once angelo updates 429, he can merge it 17:30:44 JeffH: 426, fix the figure 17:31:03 nadalin: 432 17:31:20 https://github.com/w3c/webauthn/pull/432 17:32:08 JeffH: Mike West pushed us, if we're going to rename, do so sooner rather than later 17:32:28 rolf: looked like straightforward search-and-replace 17:33:44 dmitriz has joined #webauthn 17:34:21 jcj_moz: I like calling it public key, because it is 17:35:02 JeffH: should we punt to WD-06 and query the TAG? 17:35:12 q+ 17:35:54 q+ 17:36:32 q- 17:37:06 @@: aligned with Credential Management 17:37:26 angelo: my worry, we change everything, then the WG decides there's a better name, and then we have to change again 17:38:01 jcj_moz: I'm not going to propose further rename; when I have to explain "scoped credential", I always explain it as public key 17:38:15 alexei: I just want to merge 17:38:26 nadalin: Any objection to merge? 17:38:55 no objection to merge 17:39:00 .., and please, never change it again 17:39:17 do it! do it! ;) 17:39:54 nadalin: hearing no objections, merge it 17:40:16 is it time to write tests now? 17:40:25 nadalin: that gets us through the open WD-05 PRs 17:40:52 ... any other priority: implementation that have to be in WD-05? 17:41:00 ... for this week or early next 17:41:23 JeffH: I have some 17:41:32 ... dealing with origin and RPID 17:41:49 ... do we need them for WD-05, implementers? 17:42:27 jeffh: 255, 259, 260 17:43:09 ... where we talk about origin; right now the spec is inconsistent 17:43:23 angelo: tuple vs hostname not a problem for edge 17:43:24 alexei-goog has joined #webauthn 17:43:25 present+ 17:44:43 jeffh: if I were implementing, I'd want to clear up that ambiguity 17:46:31 @@: same-orgin code serializes the origin, not just the host 17:47:56 jcj_moz: specify serializing the origing, rather than leaving undefined? 17:48:17 jeffh: do we want the relaxing the host option? 17:48:42 ... Do we want to polish it for WD-05 or -06? 17:49:12 @@: 06. We haven't yet worked on the relaxing part 17:49:23 jcj_moz: I'll have more thoughts further in 17:49:43 nadalin: we'll mark this as WD-06 17:49:48 present- 17:49:59 jeffh: I'll work on that 17:50:09 nadalin: 259 and 260 too? 17:50:19 jeffh: yes 17:50:47 ... moving all of those to -06 17:51:34 nadalin: any other priority implemntation issues that people feel need to be covered? 17:51:58 gmandyam: question on attestation verification 17:52:27 ... do we need normative procedures from RP perspective? 17:52:51 @@: should be written down somewhere 17:53:02 gmandyam: could be non-normative guidance to RPs 17:53:27 ... normative could raise conflicts 17:53:53 @@: section 6 should call out to other specs. Don't think it's critical to fix for WD-05 17:54:10 nadalin: issue 412? 17:55:26 alexei-goog: we have 2 fields, RawID and ID, confusing 17:55:53 dmitriz has joined #webauthn 17:56:10 jyasskin: wait on sorting this out 17:56:26 nadalin: ok 17:56:40 ... Can we delcare WD-05 and get this published? 17:56:45 ... any objections? 17:57:01 so we are going to punt #412 to WD-06? 17:57:09 ... we'll publish it and point people to it 17:57:32 nadalin: reminder, no call next week 17:58:04 [adjourned] 17:58:10 zakim, list attendees 17:58:10 As of this point the attendees have been wseltzer, nadalin, selfissued, gmandyam, jyasskin, jcj_moz, battre, apowers, kpaulh, jeffh, alexei-goog 17:58:17 present+ rolf, jfontana 17:58:23 zakim, list attendees 17:58:23 As of this point the attendees have been wseltzer, nadalin, selfissued, gmandyam, jyasskin, jcj_moz, battre, apowers, kpaulh, jeffh, alexei-goog, rolf, jfontana 17:58:28 rrsagent, draft minutes 17:58:28 I have made the request to generate http://www.w3.org/2017/05/03-webauthn-minutes.html wseltzer 17:58:32 rrsagent, make logs public 17:58:34 rrsagent, draft minutes 17:58:34 I have made the request to generate http://www.w3.org/2017/05/03-webauthn-minutes.html wseltzer 17:58:51 s/@@/jyasskin 19:00:34 dmitriz has joined #webauthn 20:12:07 dmitriz has joined #webauthn 20:15:46 dmitriz_ has joined #webauthn 20:24:32 dmitriz_ has joined #webauthn 20:27:29 dmitriz_ has joined #webauthn 20:33:07 Zakim has left #webauthn 20:40:06 dmitriz_ has joined #webauthn 20:54:52 dmitriz_ has joined #webauthn 21:07:17 dmitriz_ has joined #webauthn 21:10:52 dmitriz_ has joined #webauthn 21:21:15 dmitriz_ has joined #webauthn 21:24:16 dmitriz_ has joined #webauthn 21:37:00 dmitriz has joined #webauthn