17:17:19 <RRSAgent> RRSAgent has joined #webauthn
17:17:19 <RRSAgent> logging to http://www.w3.org/2017/03/22-webauthn-irc
17:17:48 <wseltzer> present+
17:18:03 <wseltzer> present+ jeffh, vgb, jyasskin, Rolf
17:18:22 <wseltzer> present+ angelo, JeffH, jfontana, Ketan, gmandyam, nadalin
17:21:35 <angelo> We were looking at 379 and 378. Jeff: I think we need a more comprehensive solution than a point solution.
17:21:52 <kpaulh> kpaulh has joined #webauthn
17:21:53 <angelo> We agree we can put this on the backburner.
17:22:17 <Rolf> sorry, I have to drop-off now.
17:23:04 <angelo> We are looking at 384
17:23:54 <angelo> Mike West has made changes to the PR. The PR 384 roughly captures everything there is about the idea of what the merge of the two APIs would look like
17:24:35 <angelo> Names such as ScopedCredential haven't been changed.
17:26:04 <gmandyam> q+
17:26:26 <gmandyam> Re: credman, please see question at https://lists.w3.org/Archives/Public/public-webauthn/2017Mar/0157.html.  Where in the PR is this addressed?
17:26:52 <vgb> q+
17:27:03 <angelo> Jeff: As a RP, I don't want to have to worry about what kind of credential I want to get.
17:27:27 <angelo> This PR will help broad adoption.
17:30:26 <angelo> Angelo: from the Edge point of view, I am attracted to the idea of getAll and getting all kind of credential there is. However, I am also concerned that the change will trickle down and delay the release of the spec.
17:30:56 <selfissued> selfissued has joined #webauthn
17:31:57 <angelo> Giri: from a device vendor perspective, I am concerned about authenticator scoping.
17:33:58 <angelo> Mike West: I acknowledge the authentication api spec has more of a requirement of user interference from a hardware perspective.
17:34:43 <jeffh_> jeffh_ has joined #webauthn
17:34:57 <wseltzer> present+ alexei-goog, battre, mkwst
17:35:09 <angelo> Mike: the current PR delegates the responsibility of showing user info to the authenticator. But this can be changed.
17:36:03 <angelo> Giri: the authenticator shouldn't have to worry abotu example.com vs www.example.com
17:36:39 <angelo> Mike: I doubt it. Authenticators do have to care about that.
17:38:11 <angelo> Giri: cred man is clear that UA is in charge of handing over cred info and differentiating that info.
17:39:08 <angelo> Mike: the UA has more control over cred info. For the authenticator aspect, we can teach UA to recognize user mediation.
17:40:58 <angelo> Giri: I don't believe the current authenticator scoping is different from the way how cred man is doing.
17:41:40 <angelo> Vijay: Mike has split the cred man into two versions: base and xx. We should be looking at base.
17:41:51 <battre> https://w3c.github.io/webappsec-credential-management/base.html
17:42:30 <angelo> Giri: I havent' taken a look at the base one. I can take a look at the one.
17:42:57 <battre> https://w3c.github.io/webappsec-credential-management/sitebound.html is the other document that is specific to passwords
17:45:27 <angelo> Mike: the current spec is that the authenticator would never hand over credential without further user mediation.
17:46:04 <angelo> Jeff: I think the overall direction of the cred man spec is good. We just need to polish it more.
17:46:38 <angelo> We should look at the extension-related PR 386
17:46:59 <angelo> Tony: Jeff and Mike Jones should take it over.
17:47:22 <angelo> Mike Jones: I looked every line about extension and registry
17:47:42 <angelo> The one thing I noticed that IANA spec and the main spec are wildly out of sync.
17:48:28 <angelo> mJones: I put things more related to the main spec back into the main spec and keep the IANA spec small to prevent out of sync in the future.
17:48:53 <wseltzer> present+ selfissued
17:49:08 <angelo> The main goal of PR is to get the IANA spec get sponsorship from IETF
17:49:18 <jeffh_> please note when MikeJ @selfissued says "IANA spec" he is referring to https://github.com/w3c/webauthn/blob/master/draft-hodges-webauthn-registries.xml
17:50:32 <angelo> Another part of the spec is that it is now clear that all the extensions in the spec are no different than other extensions, except that they are registered at the IANA spec.
17:51:33 <angelo> We should merge this very soon so that we can get this going at the beginning of IETF next week
17:53:03 <angelo> Jeff: I have a review in progress so that we can fix detail level stuff.
17:53:38 <angelo> Jeff: I will finish the review later this afternoon.
17:53:49 <angelo> Jeff: I am fine with the registry portion.
17:55:30 <angelo> Vijay: can we break the index.bs and the registry into two things because the index.bs change is substantial.
17:55:46 <angelo> The change would make extension processing critical.
17:56:05 <angelo> MikeJ: that's not the intention of the PR.
17:57:05 <battre> present-
17:57:34 <angelo> Vijay: our decision earlier was that a cal would never fail because of an extension. That may or may not be the right decision. But that is not related to submission to IETF.
17:58:50 <angelo> MikeJ: I can split the PR into two but I would prefer getting them in at once so that it is a better sell to Kathleen.
17:59:31 <angelo> MikeJ: once I split up the PR and vijay and jeff reviewed it, is vijay authorized to merge it?
18:00:12 <angelo> Last item: Tony is still working through the richard co-chair stuff.
18:00:45 <wseltzer> [pasting a few lines from before rrsagent joined; I'll fix minutes]
18:00:55 <wseltzer> 13:07 < jeffh> tony:  meting canclled next week due to IETF
18:00:55 <wseltzer> 13:08 < gmandyam> present+ gmandyam
18:00:55 <wseltzer> 13:08 < angelo> We will cancel the meeting next week due to IETF
18:00:55 <wseltzer> 13:08 < angelo> We will start talking about the proposal about credential management
18:00:58 <wseltzer> 13:09 < angelo> We are looking at 344
18:01:00 <wseltzer> 13:09 < Rolf> present+
18:01:03 <wseltzer> 13:09 < angelo> Kim is stuck on traffic and won't be able to join. But she has addressed the concerns by Jeff
18:01:06 <wseltzer> 13:09 < angelo> Does Jeff have time to look at the issue?
18:01:08 <wseltzer> 13:10 < angelo> There are two nits that Jeff have problems with. But Kim has addressed the change.
18:01:11 <wseltzer> 13:10 < angelo> Vijay will merge it soon
18:01:14 <wseltzer> 13:11 < angelo> Giri: can we make the point that silent authentication is not going to be part of the spec?
18:01:17 <wseltzer> 13:12 < angelo>  Jeff: we have punted silent auth to version 2 of the spec.
18:01:19 <wseltzer> 13:13 < angelo> Angelo: we have a couple of issues related to silent auth. Can we close them
18:01:22 <wseltzer> 13:15 < angelo> Angelo: I am planning on addressing 350 after I address the three other PRs I have.
18:01:25 <wseltzer> 13:15 < angelo> 375 is an editorial change and we can wait
18:01:28 <wseltzer> 13:16 < angelo> Vijay and Jeff will try to look at 378 within the next two weeks
18:01:31 <wseltzer> rrsagent, draft minutes
18:01:31 <RRSAgent> I have made the request to generate http://www.w3.org/2017/03/22-webauthn-minutes.html wseltzer
18:01:33 <wseltzer> rrsagent, draft minutes
18:01:33 <RRSAgent> I have made the request to generate http://www.w3.org/2017/03/22-webauthn-minutes.html wseltzer
18:01:36 <wseltzer> RRSAgent?
18:01:44 <wseltzer> rrsagent, make logs public
18:02:01 <wseltzer> Meeting: Web Authentication
18:02:04 <wseltzer> Chair: Nadalin
18:02:12 <wseltzer> rrsagent, draft minutes
18:02:12 <RRSAgent> I have made the request to generate http://www.w3.org/2017/03/22-webauthn-minutes.html wseltzer
19:57:44 <Zakim> Zakim has left #webauthn