16:58:10 RRSAgent has joined #webauthn 16:58:10 logging to http://www.w3.org/2017/06/07-webauthn-irc 16:58:12 RRSAgent, make logs public 16:58:12 Zakim has joined #webauthn 16:58:14 Zakim, this will be 16:58:14 I don't understand 'this will be', trackbot 16:58:15 Meeting: Web Authentication Working Group Teleconference 16:58:15 Date: 07 June 2017 16:59:51 Rolf has joined #webauthn 17:00:15 weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Jun/0067.html 17:00:19 agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Jun/0067.html 17:01:02 jeffh has joined #webauthn 17:01:07 present+ jeffh 17:01:12 zakim, who's present? 17:01:14 selfissued has joined #webauthn 17:01:14 I don't understand your question, weiler. 17:01:14 present+ 17:01:19 zakim, who's on the call? 17:01:19 Present: jeffh, Rolf 17:01:41 present+ weiler 17:02:31 gmandyam has joined #webauthn 17:02:36 present+ gmandyam 17:02:55 present+ 17:03:16 present+ jyasskin kpaulh balfanz 17:03:32 kpaulh has joined #webauthn 17:03:37 +present 17:03:58 present+ christiaan, Ketan, jfontana 17:04:04 zakim, who's on the call? 17:04:04 Present: jeffh, Rolf, weiler, gmandyam, selfissued, jyasskin, kpaulh, balfanz, present, christiaan, Ketan, jfontana 17:04:23 present- present 17:04:25 zakim, who's on the call? 17:04:25 Present: jeffh, Rolf, weiler, gmandyam, selfissued, jyasskin, kpaulh, balfanz, christiaan, Ketan, jfontana 17:04:44 chair: nadalin 17:06:59 scribe: weiler 17:07:08 present+ 17:07:20 nadalin: We're meeting at TPAC; plan accordingly. Day not certain. 17:07:57 selfissued: jeffh, please report on what you've been up to. 17:08:10 Ketan has joined #webauthn 17:08:29 present+ 17:08:37 jeffh: finished 427 and merged it. 17:08:42 jyasskin: fine. 17:09:05 jeffh: 427 could still use review. submitted PR 489. cleans up many easy issues. 17:09:50 nadalin: skip over 375 (editorial). 17:10:31 angelo has joined #webauthn 17:11:40 ... 379: 17:11:59 angelo: I think I've addressed everything. 17:12:19 jeffh: this needs some review 17:13:41 angelo: @@ is not part of credential mgnt; don't see why this should be added. 17:14:29 topic: https://github.com/w3c/webauthn/pull/379 17:14:33 "Add isPlatformAuthenticatorReady function to the API surface " 17:15:25 angelo: add mike west as a reviewer? 17:15:39 jyasskin: would be nice to have example of the use of this func (but I've not read this spec) 17:16:28 topic: https://github.com/w3c/webauthn/pull/460 17:16:34 Adds requireUserVerification option in AuthenticatorSelectionCriteria 17:16:55 @1: no changes not worth discussion today: 17:17:46 topic: https://github.com/w3c/webauthn/pull/476 17:18:10 rolf: this PR is about adding one option. 17:18:45 selfissued: tis this just a boolean or richer? 17:18:54 s/tis/is/ 17:23:11 dirk: sees like a nice-to-have, but since we don't have interop impl. w/o this, let's get a smaller version out the door and save this for future work. 17:23:56 nadalin: we're in the process of rewriting the charter and I've been thinking about work for the next version. this might count. 17:24:04 sellfissued et al: concur 17:24:38 giri: auth selection criterion? 17:25:38 nadalin: suggested to postponed 476. 17:25:41 ... now 477 17:25:56 topic: https://github.com/w3c/webauthn/pull/477 17:26:43 jyasskin: I support dirk's request to postpone, @2 17:27:19 nadalin: any objection to postponing 476/477? 17:27:29 ... [silence] 17:27:36 topic: https://github.com/w3c/webauthn/pull/479 17:28:06 rolf: more generic... @3 ... by model identifier. 17:36:32 selfissued: ietf has a doc saying that it's useful to say what was used but not to limit what may be used. 17:36:51 ... trying to encode knowledge re: what ID provider does in an RP is just asking for breakage. 17:37:16 jeffh: mike jones refers to: https://tools.ietf.org/html/draft-ietf-oauth-amr-values 17:38:33 ... some RPs will only support a certain class of authenticators in the forseeable future. 17:39:14 ... corporate perspective is tht only certain authenticaotrs will be supported. 17:39:24 nadalin: but this can be picked up as reg time 17:39:31 jeffh: but there's a UX issue 17:44:19 dirk: current dictionary is okay. propose leaving this as an extension. 17:44:23 giri: opposed. 17:45:05 dirK; in dict now: is auth built into platform or cross-platform. 2) supports user verification or not 17:45:38 s/dirK;/dirk:/ 17:46:19 jeffh: require resident key and attachment are current ones in the spec. 17:46:40 selfissued: alexei's PR for user verification needs to go in, also. 17:47:31 jeffh: AAGUID list is optional. pretty simplistic. does not cause harm. aguid is a good hook for us to have. 17:48:04 angelo: we should learn more about how it's been used. 17:48:14 ... how do you select authenticators based on aaguid? 17:48:42 jeffh: not sure how our mobile app does it. 17:51:24 christiaan: [describes model of shopping for a laptop and finding that some have an aaguid not on some list...] 17:51:33 rrsagent, draft minutes 17:51:33 I have made the request to generate http://www.w3.org/2017/06/07-webauthn-minutes.html weiler 17:51:53 rrsagent, make logs public 17:53:43 angelo: concerned that RPs have to maintain large list of approved authenticators. 17:58:53 q+ 17:59:09 q- 18:00:53 wseltzer: wondering if this is worth a specific write up and Q on the mailing list, to make sure people are focused on the argument around it. clearly some differences in understanding. 18:03:03 nadalin: will anyone step up to write this up? if not, I'm inclined to leave it for v2? 18:03:14 dirk: and as an extension in this version? 18:06:11 nadalin: defer this PR; leave text as extension? 18:06:13 dirk: support 18:06:33 angelo: okay. 18:06:49 [giri opposed, but has dropped from call.] 18:07:18 rolf: doesn't change my mind, though I can accept that I'm in the minority. 18:07:20 jeffh: +1 18:07:26 nadalin: put this to list. 18:08:01 ... meet again next week 18:08:08 rrsagent, draft minutes 18:08:08 I have made the request to generate http://www.w3.org/2017/06/07-webauthn-minutes.html weiler 23:27:08 Zakim has left #webauthn