See also: IRC log
<selfissued> (What does present+ do? I do it because others do it.)
I will scribe
<weiler> scribe: angelo
We will start reviewing the PRs and all implementer-related issues so that we can start having feedbacks
Angelo: I think the elephant in the room is the CredMan merge. Everyone is thinking about it. Let's start talking about it.
<kspaulh> I'm muted
MikeW: I don't have much update from the last time.
mkwst: I am confident we have most everything in the present credential managment (credman) spec draft.
For example, there are questions about whether the API should be in nested frame, et.c
mkwst: I believe PR has everything in place to give the direction.
<jeffh> angelo: is in favor of PR #384 -- makes interface more clean overall -- tho concerned about timing
<gmandyam> Is there a redline of the webauthn spec with PR 384 incorporated that is available?
<jeffh> ...we need to merge soon and start polishing
mkwst: I believe there are enough details there
J.C.: the shape of the PR is ready
Tony: J.C. would you implement CredMan?
J.C.: yes
<jeffh> jcj_moz: we are supportive of the change... altho we have not committed to impl'g credman, if webauthn depends on it, then is more simple decision
Tony: I am concerned about changes from CredMan trickle down and impact the spec
Angelo: I am in favor of the change. Of course I am concerned about the timeline. But I believe to avoid further delaying timeline, we should go ahead and merge it.
mkwst: CredMan is fairly stable given that the API has been adopted by websites.
<jeffh> mkwst: believes that the present credman is firm enough for webauthn to build upon
mkwst: the main change about credman is extensions
Giri: I am concerned about the extensions point
mkwst: the current spec doesn't dictate what the UI looks like but just recommends it. It has alg that may impose limitation on the UI.
Giri: requireUserMediation is not in the same scope as the rest.
JeffH: I'd prefer having a detailed review
<Rolf> mkwt: The user mediation in credential selection only is there to make sure the user is involved. If the user is involved in webauthn that might be sufficient for that.
Tony: I propose we have by the end of the week for people to propose concrete proposal. Otherwise we will merge this
<jcj_moz> Note for posterity: jeffh's transcription is more accurate for me than angelo's re: CredMan. We're not committing to implementing CredMan at this time.
We are going through all the issues marked as priority implementer
Tony: would #60 be ready to close if we do the merge
165 + 166: doesn't matter to Edge or Firefox. Feel free to make the change.
JeffH: 167 it probably doesn't matter.
Angelo: I agree
For 210 it impacts UI rather than API so I don't think it matters.
219: JC without Richard here, I don't know how to resolve this.
Tony: Jeff, Wendy and I talked to him. It will be 3 weeks until he decides whether he will come back to this.
JC: what we at Mozilla to get out
of this is just to get this is to get more explanation. Plus
this would be partially resolved by CredMan
... I will add comments on 219 and close 219
For 233: it doesn't impact the API. I just wanted to add more formal text but that's it.
Therefore I remove the priority-implementation from 233
249: Jeff will contact Boris to resolve this. It will likely be resolved once we slap SameObject on it
We are looking at 250
250: Jeff: if we merge CredMan, this will be automatically resolved.
255: Jeff will make this
... Jeff will fix this
260, 259, 255 are all assigned to Jeff
278: this is just polishing. Angelo is totally fine with doing this. But overall this doesn't impact implementation.
283: mkwst 283 seems related to another cancel change. It seems like would be resolved once fetch is integrated.
285: everyone seems to agree on this. It's just the matter of doing it.
296: JeffH: it's mine.
... mkwst: no opinion what to call it.
<jeffh> jeffh: want to enable UAF smartphones to be CTAP clients
<jeffh> ...for example
302: we are ok with doing it
... JeffH: Vijay seems to still have some issues with it.
316: Angelo + Jeff both agree it matters
Angelo: I am assuming JC believe so too
316: JC self-assigned it
327, 326: jeff will make the change
328: that has to do with ScopedCred once the CredMan merge is done.
331: Angelo: I am ok with punting it. I feel like people who have a more vested interest in the phone-related scenario should push for this
if they feel it is necessary
337: JeffH: I don't think it is necessary
<jcj_moz> thnks mkwst
337: Dirk and Richard haven't proposed a new change. Windows is shipping a server side library to help reduce developer burden. We should be ready to close it.
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/the spec/the present credential managment (credman) spec draft/ Present: Rolf angelo apowers gmandyam jcj_moz jeffh kspaulh mkwst nadalin samsrinivas selfissued weiler Found Scribe: angelo Inferring ScribeNick: angelo WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Apr/0011.html Found Date: 05 Apr 2017 Guessing minutes URL: http://www.w3.org/2017/04/05-webauthn-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]