16:45:54 RRSAgent has joined #webauthn 16:45:54 logging to http://www.w3.org/2017/04/05-webauthn-irc 16:45:56 RRSAgent, make logs public 16:45:56 Zakim has joined #webauthn 16:45:58 Zakim, this will be 16:45:58 I don't understand 'this will be', trackbot 16:45:59 Meeting: Web Authentication Working Group Teleconference 16:45:59 Date: 05 April 2017 16:47:42 weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Apr/0011.html 16:47:46 agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Apr/0011.html 16:59:07 jeffh has joined #webauthn 16:59:42 Rolf has joined #webauthn 17:00:36 present+ mkwst 17:00:44 present+ 17:00:51 apowers has joined #webauthn 17:00:57 selfissued has joined #webauthn 17:02:37 kspaulh has joined #webauthn 17:03:02 present+ battre 17:03:50 present+ 17:04:09 present+ 17:04:32 (What does present+ do? I do it because others do it.) 17:04:37 present+ jeffh 17:04:50 present+ 17:05:08 SamSrinivas has joined #WebAuthn 17:05:50 angelo has joined #webauthn 17:06:00 I will scribe 17:06:13 gmandyam has joined #webauthn 17:06:21 present+ gmandyam 17:06:30 scribe: angelo 17:06:47 zakim, who's here? 17:06:47 Present: mkwst, weiler, battre, jcj_moz, selfissued, jeffh, kspaulh, gmandyam 17:06:50 On IRC I see gmandyam, angelo, SamSrinivas, kspaulh, selfissued, apowers, Rolf, jeffh, Zakim, RRSAgent, weiler, jyasskin, jcj_moz, schuki, adrianba, jochen___, battre, slightlyoff, 17:06:50 ... mkwst, wseltzer, trackbot 17:07:20 present+ apowers, angelo, nadalin 17:07:22 We will start reviewing the PRs and all implementer-related issues so that we can start having feedbacks 17:07:25 chair: nadalin 17:08:41 present+ Rolf 17:08:52 Angelo: I think the elephant in the room is the CredMan merge. Everyone is thinking about it. Let's start talking about it. 17:09:13 I'm muted 17:09:23 MikeW: I don't have much update from the last time. 17:10:04 mkwst: I am confident we have most everything in the spec. 17:10:47 For example, there are questions about whether the API should be in nested frame, et.c 17:10:52 s/the spec/the present credential managment (credman) spec draft/ 17:11:17 mkwst: I believe PR has everything in place to give the direction. 17:13:21 angelo: is in favor of PR #384 -- makes interface more clean overall -- tho concerned about timing 17:13:31 Is there a redline of the webauthn spec with PR 384 incorporated that is available? 17:13:37 ...we need to merge soon and start polishing 17:13:43 mkwst: I believe there are enough details there 17:14:10 J.C.: the shape of the PR is ready 17:14:22 Tony: J.C. would you implement CredMan? 17:14:27 J.C.: yes 17:14:31 jcj_moz: we are supportive of the change... altho we have not committed to impl'g credman, if webauthn depends on it, then is more simple decision 17:15:03 Tony: I am concerned about changes from CredMan trickle down and impact the spec 17:15:44 Angelo: I am in favor of the change. Of course I am concerned about the timeline. But I believe to avoid further delaying timeline, we should go ahead and merge it. 17:16:09 mkwst: CredMan is fairly stable given that the API has been adopted by websites. 17:17:32 mkwst: believes that the present credman is firm enough for webauthn to build upon 17:17:46 mkwst: the main change about credman is extensions 17:18:16 Giri: I am concerned about the extensions point 17:18:53 mkwst: the current spec doesn't dictate what the UI looks like but just recommends it. It has alg that may impose limitation on the UI. 17:20:11 Giri: requireUserMediation is not in the same scope as the rest. 17:22:29 present+ samsrinivas 17:22:30 JeffH: I'd prefer having a detailed review 17:22:37 mkwt: The user mediation in credential selection only is there to make sure the user is involved. If the user is involved in webauthn that might be sufficient for that. 17:24:59 Tony: I propose we have by the end of the week for people to propose concrete proposal. Otherwise we will merge this 17:25:10 Note for posterity: jeffh's transcription is more accurate for me than angelo's re: CredMan. We're not committing to implementing CredMan at this time. 17:26:44 We are going through all the issues marked as priority implementer 17:27:21 Tony: would #60 be ready to close if we do the merge 17:28:54 165 + 166: doesn't matter to Edge or Firefox. Feel free to make the change. 17:29:34 JeffH: 167 it probably doesn't matter. 17:29:38 Angelo: I agree 17:31:16 For 210 it impacts UI rather than API so I don't think it matters. 17:31:50 219: JC without Richard here, I don't know how to resolve this. 17:32:17 Tony: Jeff, Wendy and I talked to him. It will be 3 weeks until he decides whether he will come back to this. 17:33:28 rrsagent, make log public 17:33:31 JC: what we at Mozilla to get out of this is just to get this is to get more explanation. Plus this would be partially resolved by CredMan 17:33:35 rrsagent, draft minutes 17:33:35 I have made the request to generate http://www.w3.org/2017/04/05-webauthn-minutes.html weiler 17:34:00 JC: I will add comments on 219 and close 219 17:35:33 For 233: it doesn't impact the API. I just wanted to add more formal text but that's it. 17:37:15 Therefore I remove the priority-implementation from 233 17:38:12 249: Jeff will contact Boris to resolve this. It will likely be resolved once we slap SameObject on it 17:38:27 We are looking at 250 17:38:54 250: Jeff: if we merge CredMan, this will be automatically resolved. 17:39:14 255: Jeff will make this 17:39:21 255: Jeff will fix this 17:40:44 260, 259, 255 are all assigned to Jeff 17:42:55 278: this is just polishing. Angelo is totally fine with doing this. But overall this doesn't impact implementation. 17:44:21 283: mkwst 283 seems related to another cancel change. It seems like would be resolved once fetch is integrated. 17:46:13 285: everyone seems to agree on this. It's just the matter of doing it. 17:47:21 296: JeffH: it's mine. 17:50:11 rrsagent, draft minutes 17:50:11 I have made the request to generate http://www.w3.org/2017/04/05-webauthn-minutes.html weiler 17:50:17 296: mkwst: no opinion what to call it. 17:50:35 jeffh: want to enable UAF smartphones to be CTAP clients 17:50:47 ...for example 17:51:38 302: we are ok with doing it 17:52:09 302: JeffH: Vijay seems to still have some issues with it. 17:52:49 316: Angelo + Jeff both agree it matters 17:53:04 Angelo: I am assuming JC believe so too 17:54:03 316: JC self-assigned it 17:54:53 327, 326: jeff will make the change 17:55:23 328: that has to do with ScopedCred once the CredMan merge is done. 17:59:47 331: Angelo: I am ok with punting it. I feel like people who have a more vested interest in the phone-related scenario should push for this 17:59:57 if they feel it is necessary 18:00:16 337: JeffH: I don't think it is necessary 18:02:14 rrsagent, draft minutes 18:02:14 I have made the request to generate http://www.w3.org/2017/04/05-webauthn-minutes.html weiler 18:02:15 thnks mkwst 18:02:20 337: Dirk and Richard haven't proposed a new change. Windows is shipping a server side library to help reduce developer burden. We should be ready to close it. 18:02:22 present- 18:02:23 rrsagent, draft minutes 18:02:23 I have made the request to generate http://www.w3.org/2017/04/05-webauthn-minutes.html weiler 18:02:54 rrsagent, draft minutes 18:02:54 I have made the request to generate http://www.w3.org/2017/04/05-webauthn-minutes.html weiler