See also: IRC log
<weiler> scribenick: weiler
nadalin: just editorial
[we said the same thing last week!]
[last week we were waiting for google]
nadalin: I'll talk w/ angelo to make sure he addresses.
jeffh: queued for after 464
... cover 464 out of order since we have limited time from
jyasskin
jeffh: have not addressed
detailed comments from jyasskin yet
... note on rpid definition, gopefulyl addressing issue
260
... jyasskin raises suborigins. I need to read this. is it
implemented?
jyasskin: i think not. stalled for a while. may be some new activity. something to think about.
jeffh: punt on suborigins and go ahead and merge 464?
jyasskin: even we're revisiting ports, makes sense to merge this.
jeffh: we do NOT want to include
the port.
... we want to match HSTS and cookies; they are whole-host.
jyasskin: that answers my concern
nadalin: jyasskin will review? (even w/o jeffh hasn't finished w/ details)
jeffh: want to work more on it. want review of this AM's changes. goal to merge Friday/Monday. want to get this done and go back to 427.
nadalin: monday is holiday. goal of tuesday.
jyasskin: will get this reviewed. don't expect signifiant problems.
jeffh: *cackles*
... more reviewers good. jc?
... 427 after 464. 427 largely done. jyasskin noticed some
stuff that needs attn.
nadalin: this is rolf's....
jyasskin: this needs more
specification. need to be spelled out more - acronyms not great
for readability.
... by pulling in two more selection criteria, it starts
interacting w/ user verification changes. may want to pull
extra bits into user verification. at least make sure all is
aligned.
... this ties into 460.
... @@ says this ties into biometric auth.
jeffh: 442/460 are linked.
giri: should we assume that @2 need to be separate PRs?
selfissued: should be able to
evaluate these independently. each proposed selection criteria
should be written up separately
... so it's not an "all or none" decision to take them.
jeffh: +1
nadalin: who will split functionality of options out? (460)
@3: not 460, but 442.
[see: https://github.com/w3c/webauthn/pull/442#issuecomment-303794031
]
giri: don't get too hung up on Q4.... merge the PR, fix normative processing reqs for UA.
jyasskin: hard to understand selection criteria w/o a sketch of the process rules/algorithm.
giri: agree, but alg. doesn't need to be final to merge the PR. in favor if merging AAGUID criteria w/ understanding that once user verficiation is merged, need to look at alg in totoal
jyasskin: 442 has no alg for aaguid; needs something even if imperfect.
giri: ok
alexei: can we go back to 460?
alexei: can objectors please explain themselves?
jyasskin: just doing user
verification doesn't guarantee same suer created/using
cred.
... needs to be passed to authenticator. need to say was
authenticator does w/ it.
alexei: I keep forgetting that
we're specifying authenticator behavior here in the web
spec.
... I'll clarify authenticator behavior.
selfissued: desc of alg @5 is
wrong. assumes authenticator can do this, but client doesn't
have this knowledge.
... may need to send req through to authenticator and see what
happens.
alexei: client needs to call getinfo whenever authenticator shows up
selfissued: specs don't say that
alexei: implementation issue. need to figure out how to get that into the specs
jeffh: i would characterize this as an implementation consideration. advice to implementor.
alexei: we're writing pseudocode in the spec .... if we're gonna do that, I'll just add this.
selfissued: we do want this functionality. just that right now we're making assumptions
selfissued: I took action item. other things have been higher priority. i'll write a PR
https://github.com/w3c/webauthn/issues/466 is the first we haven't covered - opened 5 days ago.
https://github.com/w3c/webauthn/issues?page=1&q=is%3Aopen+is%3Aissue+milestone%3AWD-06
rpID seems to have changed meaning a bit
jeffh: will be closed by PR464
nadalin: origins stuff from last week: 259/255 will get wrapped up in that. and 260
jeffh: 167 just goes away. confirm from jyasskin/mike west / @6?
issue 393: rename "attestation data" to be "attested credential"
jehhf: re: issue 393: we should do that.... just needs to be cranked out.
<Rolf> Talking about issue #283
<Rolf> Not assigned to anyone yet.
<jcj_moz> scribenick: Rolf
according to JeffH: that one can wait
Now on 285: Will that one be picked up after credman merge?
Assigned to JeffH+jyasskin
jyasskin has identified 4 items -- simple editing change to be done
Now 292:
might be related to Issue 316 (cancel operation)
lower priority?
326 is fixed
by PR 464
Now 329
Only 2 items left: attachment+transport
Seems simple to do.
Now 351:
Simple do it as proposed in the comments of that issue
Now 362:
More complicated.
Needs more thinking
392 already discussed. Now 393:
Simple - just do it.
Now 414:
JeffH is working on it
Now 416:
Will be fixed by PR 464
Now 462: undefined terms
relevant for milestone: CR.
Simple, but work to add defs
Now: 466
MikeJ working on that.
rp.id already present.
So: just do it.
Now 467:
proposal exists. Please review.
Now 471:
Now 472:
Optimization to reduce number of bytes if only a single item is relevant
thank you - go for it
<weiler> scribenick: weiler
474:
jeffh: need yjasskin, jcj's input.
selfissued: does not allowing host #'s make it harder to test?
jeffh: dunno. w/ HSTS, we disallowed all but domain names. HTTP strict transport security. policy to say "only-TLS".
jcj: ... not a big deal to not be using port numbers.
jeffH; not only no ports; also no IP addrs.
nadalin: adjourned
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/260/issue 260/ Succeeded: s/have/want/ Succeeded: s/HSVS/HSTS/ Succeeded: s/et this/get this/ Present: weiler wseltzer jyasskin selfissued_ nadalin KetanMehta jcj_moz AkshayKumar jeffh alexei-goog gmandyam Rolf dirk Regrets: angelo Found ScribeNick: weiler Found ScribeNick: Rolf Found ScribeNick: weiler Inferring Scribes: weiler, Rolf Scribes: weiler, Rolf ScribeNicks: weiler, Rolf Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017May/0247.html Found Date: 24 May 2017 Guessing minutes URL: http://www.w3.org/2017/05/24-webauthn-minutes.html People with action items:[End of scribe.perl diagnostic output]