16:55:14 RRSAgent has joined #webauthn 16:55:14 logging to http://www.w3.org/2017/05/17-webauthn-irc 16:55:16 RRSAgent, make logs public 16:55:16 Zakim has joined #webauthn 16:55:18 Zakim, this will be 16:55:18 I don't understand 'this will be', trackbot 16:55:19 Meeting: Web Authentication Working Group Teleconference 16:55:19 Date: 17 May 2017 16:55:26 present+ weiler 16:55:31 regrets+ wseltzer 16:56:24 rrsagent, make logs public 17:02:08 apowers has joined #webauthn 17:02:40 Ketan has joined #webauthn 17:03:03 present+ apowers, Ketan, jfontana, jcj_moz 17:04:16 jeffh has joined #webauthn 17:04:56 present+ jyasskin, selfissued 17:05:17 present+ jeffh 17:05:26 present+ nadalin 17:06:20 scribenick: weiler 17:06:43 zakim, who's here? 17:06:43 Present: weiler, apowers, Ketan, jfontana, jcj_moz, jyasskin, selfissued, jeffh, nadalin 17:06:45 On IRC I see jeffh, Ketan, apowers, Zakim, RRSAgent, weiler, mkwst, battre, adrianba, jyasskin, wseltzer, jcj_moz, trackbot, schuki, jochen___, slightlyoff 17:07:03 zakim, make me a cup of coffee 17:07:03 I don't understand 'make me a cup of coffee', jeffh 17:07:56 topic: https://github.com/w3c/webauthn/pull/375 17:08:05 jeffh: don't spend time on it. it's editorial. 17:08:12 topic: https://github.com/w3c/webauthn/pull/379 17:08:35 Add isPlatformAuthenticatorReady function to the API surface 17:09:08 selfissued: wait for google participants. 17:09:17 jeffh: vgb has nit-level comments. 17:10:04 skipped 407/408 17:10:14 topic: address empty allowlist in 'use existing cred' alg, fixes #387 17:10:26 topic: https://github.com/w3c/webauthn/pull/427 17:10:30 jeffh: i need to fix this one. 17:10:41 topic: https://github.com/w3c/webauthn/pull/442 17:10:53 move AAGUID for selecting authnr into new AuthenticatorSelectionCriteria 17:11:25 jyasskin: just not done. 17:11:42 ... would like it split out, but needs better fleshing out anyway 17:12:12 topic: https://github.com/w3c/webauthn/pull/460 17:12:26 Adds requireUserVerification option in AuthenticatorSelectionCriteria , from Alexei 17:12:41 nadalin: wd-06 issue? 17:12:50 nadalin: wd-06 issue. 17:13:24 JeffH: I need to review this one more 17:13:40 selfissued: set a timeline and agree to merge by default at expiration? 17:14:30 jeffh: was removed by error before. we need to be more careful. but jyasskin (and angelo) have comments, too. 17:15:25 ... discuss by next call 17:15:31 topic: https://github.com/w3c/webauthn/pull/463 17:15:38 redraw fig 3, polish attestation & assertion signature definitions and prose 17:16:30 jeffh: I find it hard to understand. redrew to be top-down, but no normative change except for clarifying how attestation may change in the case of a packed attestation. was ambiguous before 17:16:41 ... figure is ready to go. 17:17:22 ... propose merge as-is. follow up on jyasskin's @@ issues with another PR 17:17:32 yasskin: ok w/ me. 17:17:41 jcj: this is clearer. 17:18:39 nadalin: do it. 17:18:44 topic: https://github.com/w3c/webauthn/pull/464 17:18:56 reconciling origin and RP ID handling 17:19:09 agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017May/0188.html 17:19:14 weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017May/0188.html 17:19:55 jeffh: folks should review @2 (formerly make credential alg) before ... I went through whole spec for originID. Needs review! 17:20:13 jcj: thank you for doing this. I'll go through this today. 17:22:53 topic: issues! 17:23:10 address empty allowlist in 'use existing cred' alg, fixes #387 17:23:14 dmitriz has joined #webauthn 17:23:17 https://github.com/w3c/webauthn/pull/427 17:23:27 topic: https://github.com/w3c/webauthn/pull/427 17:23:44 https://github.com/w3c/webauthn/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20sort%3Acreated-asc%20milestone%3AWD-06%20 17:24:03 topic: https://github.com/w3c/webauthn/issues/416 17:24:07 rpID seems to have changed meaning a bit 17:24:47 nadalin: this one should be closed. 17:25:12 topic: https://github.com/w3c/webauthn/issues/360 17:25:25 Explain how Token Binding IDs get associated with an HTML context 17:25:35 jeffh: i've been working on this. 17:25:53 ... this is blocked on change to Fetch. 17:26:01 ... mark it for CR, not WD-06? 17:26:18 topic: https://github.com/w3c/webauthn/issues/259 17:26:28 jeffh: this is addressed by 464. 17:26:39 255 is also. 17:26:45 topic: https://github.com/w3c/webauthn/issues/167 17:26:55 jeffh: this may be able to just go away. 17:27:04 ... i just need to verify it 17:27:46 topic: https://github.com/w3c/webauthn/issues/412 17:27:55 RawId vs Id is confusing 17:28:27 jeffh: I tend to agree with mike west on this. not a high priority IMHO. 17:28:33 nadalin: relabel for CR? 17:28:36 jeffh: fine. 17:28:41 topic: https://github.com/w3c/webauthn/issues/349 17:28:51 selfissued has joined #webauthn 17:28:56 Add getAuthenticatorInfo to the Authenticator Model section 17:29:05 jeffh: this was punted because there was a rush. 17:29:26 there is an example in UAF. 17:30:47 selfissued: seems like somethng we should do 17:31:03 jyasskin: in 410 I suggested replacing the whole model with @3, but it's a bigger change. 17:31:23 selfissued: but it's not a public spec. 17:31:30 https://fidoalliance.org/specs/fido-v2.0-rd-20161004/ 17:33:00 s/@3/CTAP/ 17:33:56 topic: https://github.com/w3c/webauthn/issues/245 17:34:15 remove "required" on ScopedCredentialDescriptor.id 17:34:24 jeffh: may have gone away. needs to be looked at. 17:34:39 ... i'll assign myself as a reviewer. jcj also? 17:34:49 jcj: YES! I'LL DO THAT! 17:35:58 topic: https://github.com/w3c/webauthn/issues/393 17:36:18 jeffh: I still want to do this. 17:36:21 rename "attestation data" to be "attested credential" 17:37:25 selfissued: this is not a breaking change 17:37:39 topic: https://github.com/w3c/webauthn/issues/392 17:37:40 U2F Attestation only lists Basic Attestation as supported 17:39:17 nadalin: still valid... 17:39:32 topic: https://github.com/w3c/webauthn/issues/95 17:39:40 Authenticator Selection Extension - Client Processing - Clarification 17:39:55 nadalin: may not be valid anymore. 17:40:04 jeffh: will look at it. 17:40:11 nadalin: hold for CR 17:40:22 topic: https://github.com/w3c/webauthn/issues/182 17:40:28 normalize RFC2119 language 17:40:49 jeffh: we OUGHT [RFC2119] to go through this 17:40:56 selfissued: MUST? 17:41:06 nadalin: REQUIRED [RFC2119] 17:41:16 selfissued: assign to me. 17:41:46 s/assign/MAY [RFC2119] assign/ 17:41:57 topic: https://github.com/w3c/webauthn/issues/278 17:42:18 jeffH: i think was addressed by credman changes. I'll double-check and close. 17:42:32 topic: https://github.com/w3c/webauthn/issues/283 17:42:36 rssagent, draft minutes 17:42:51 s/rssagent, draft minutes// 17:42:58 rssagent, draft minutes 17:43:04 s/rssagent, draft minutes// 17:43:12 rrsagent, draft minutes 17:43:12 I have made the request to generate http://www.w3.org/2017/05/17-webauthn-minutes.html weiler 17:43:38 rrsagent, make logs public 17:43:53 topic: https://github.com/w3c/webauthn/issues/285 17:44:10 selfissued: jyasskin, would you look at this and close it? 17:44:23 jyasskin: YES 17:44:27 topic: https://github.com/w3c/webauthn/issues/292 17:44:41 jeffh: associated w/ 283 re: what's a session. 17:45:30 What does "which has no other operations in progress" mean in practice? 17:45:53 jeffh: I'll look at it. not high priority. 17:46:05 topic: https://github.com/w3c/webauthn/issues/323 17:46:05 tokenBinding member of ClientData should be tokenBindingID 17:46:30 jeffh: this is just a rename. we should just do it. 17:46:39 topic: https://github.com/w3c/webauthn/issues/326 17:46:40 hashAlg -> hashAlgorithm? 17:46:50 nadalin: another renaming. should just do it? 17:47:17 selfissued: we agreed to do this in april. 17:47:27 327 also on the list to do. 17:48:14 topic: https://github.com/w3c/webauthn/issues/329 17:48:23 jeffh: some open discussion; need to look at it more. 17:48:25 topic: https://github.com/w3c/webauthn/issues/351 17:48:34 References to "algorithm" and "alg" should be same string 17:48:44 nadalin: assign to jeffh 17:49:31 selfissued: in CTAP examples, we're passing whole identifer in json - we should use short form. 17:49:42 jeffh: just close this? 17:50:09 selfissued: we should change it to alg in publickey credential parameters 17:50:52 topic: https://github.com/w3c/webauthn/issues/362 17:51:01 Specify the set of hash algorithms UAs can select between 17:51:38 rrsagent, draft minutes 17:51:38 I have made the request to generate http://www.w3.org/2017/05/17-webauthn-minutes.html weiler 17:54:05 who spoke up wrt hash alg agililty? 17:55:09 pls add a comment to https://github.com/w3c/webauthn/issues/362 weiler 17:55:14 thx 17:55:25 weiler: it's generally a good idea to have a stoty re: hash alg agililty 17:55:42 topic: https://github.com/w3c/webauthn/issues/387 17:55:50 jeffh: 427 addresses this. 17:55:56 topic: https://github.com/w3c/webauthn/issues/414 17:56:17 jeffh: this is minor stuff. move along 17:56:29 topic: https://github.com/w3c/webauthn/issues/442 17:56:41 move AAGUID for selecting authnr into new AuthenticatorSelectionCriteria 17:57:29 [discussion of automotive history.] 17:57:52 selfissued: we talked about this 17:59:53 selfissued: with FIDO2 hat, review PR re: tracking webauthn. 18:00:19 adios 18:00:27 rrsagent, draft minutes 18:00:27 I have made the request to generate http://www.w3.org/2017/05/17-webauthn-minutes.html weiler 19:29:07 Zakim has left #webauthn