See also: IRC log
<scribe> scribenick: weiler
jeffh: don't spend time on it. it's editorial.
Add isPlatformAuthenticatorReady function to the API surface
selfissued: wait for google participants.
jeffh: vgb has nit-level comments.
skipped 407/408
jeffh: i need to fix this one.
move AAGUID for selecting authnr into new AuthenticatorSelectionCriteria
jyasskin: just not done.
... would like it split out, but needs better fleshing out
anyway
Adds requireUserVerification option in AuthenticatorSelectionCriteria , from Alexei
nadalin: wd-06 issue?
... wd-06 issue.
JeffH: I need to review this one more
selfissued: set a timeline and agree to merge by default at expiration?
jeffh: was removed by error
before. we need to be more careful. but jyasskin (and angelo)
have comments, too.
... discuss by next call
redraw fig 3, polish attestation & assertion signature definitions and prose
jeffh: I find it hard to
understand. redrew to be top-down, but no normative change
except for clarifying how attestation may change in the case of
a packed attestation. was ambiguous before
... figure is ready to go.
... propose merge as-is. follow up on jyasskin's @@ issues with
another PR
yasskin: ok w/ me.
jcj: this is clearer.
nadalin: do it.
reconciling origin and RP ID handling
jeffh: folks should review @2 (formerly make credential alg) before ... I went through whole spec for originID. Needs review!
jcj: thank you for doing this. I'll go through this today.
address empty allowlist in 'use existing cred' alg, fixes #387
https://github.com/w3c/webauthn/pull/427
rpID seems to have changed meaning a bit
nadalin: this one should be closed.
Explain how Token Binding IDs get associated with an HTML context
jeffh: i've been working on
this.
... this is blocked on change to Fetch.
... mark it for CR, not WD-06?
jeffh: this is addressed by 464.
255 is also.
jeffh: this may be able to just
go away.
... i just need to verify it
RawId vs Id is confusing
jeffh: I tend to agree with mike west on this. not a high priority IMHO.
nadalin: relabel for CR?
jeffh: fine.
Add getAuthenticatorInfo to the Authenticator Model section
jeffh: this was punted because there was a rush.
there is an example in UAF.
selfissued: seems like somethng we should do
jyasskin: in 410 I suggested replacing the whole model with CTAP, but it's a bigger change.
selfissued: but it's not a public spec.
<apowers> https://fidoalliance.org/specs/fido-v2.0-rd-20161004/
remove "required" on ScopedCredentialDescriptor.id
jeffh: may have gone away. needs
to be looked at.
... i'll assign myself as a reviewer. jcj also?
jcj: YES! I'LL DO THAT!
jeffh: I still want to do this.
rename "attestation data" to be "attested credential"
selfissued: this is not a breaking change
U2F Attestation only lists Basic Attestation as supported
nadalin: still valid...
Authenticator Selection Extension - Client Processing - Clarification
nadalin: may not be valid anymore.
jeffh: will look at it.
nadalin: hold for CR
normalize RFC2119 language
jeffh: we OUGHT [RFC2119] to go through this
selfissued: MUST?
nadalin: REQUIRED [RFC2119]
selfissued: MAY [RFC2119] assign to me.
jeffH: i think was addressed by credman changes. I'll double-check and close.
selfissued: jyasskin, would you look at this and close it?
jyasskin: YES
jeffh: associated w/ 283 re: what's a session.
What does "which has no other operations in progress" mean in practice?
jeffh: I'll look at it. not high priority.
tokenBinding member of ClientData should be tokenBindingID
jeffh: this is just a rename. we should just do it.
hashAlg -> hashAlgorithm?
nadalin: another renaming. should just do it?
selfissued: we agreed to do this in april.
327 also on the list to do.
jeffh: some open discussion; need to look at it more.
References to "algorithm" and "alg" should be same string
nadalin: assign to jeffh
selfissued: in CTAP examples, we're passing whole identifer in json - we should use short form.
jeffh: just close this?
selfissued: we should change it to alg in publickey credential parameters
Specify the set of hash algorithms UAs can select between
<jeffh> who spoke up wrt hash alg agililty?
<jeffh> pls add a comment to https://github.com/w3c/webauthn/issues/362 weiler
<jeffh> thx
weiler: it's generally a good idea to have a stoty re: hash alg agililty
jeffh: 427 addresses this.
jeffh: this is minor stuff. move along
move AAGUID for selecting authnr into new AuthenticatorSelectionCriteria
[discussion of automotive history.]
selfissued: we talked about
this
... with FIDO2 hat, review PR re: tracking webauthn.
<jeffh> adios
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/@3/CTAP/ Succeeded: s/assign/MAY [RFC2119] assign/ Succeeded: s/rssagent, draft minutes// Succeeded: s/rssagent, draft minutes// Present: weiler apowers Ketan jfontana jcj_moz jyasskin selfissued jeffh nadalin Regrets: wseltzer Found ScribeNick: weiler Inferring Scribes: weiler Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017May/0188.html WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 17 May 2017 Guessing minutes URL: http://www.w3.org/2017/05/17-webauthn-minutes.html People with action items:[End of scribe.perl diagnostic output]