See also: IRC log
<kpaulh> +present
<scribe> scribe: weiler
nadalin: We're meeting at TPAC; plan accordingly. Day not certain.
selfissued: jeffh, please report on what you've been up to.
jeffh: finished 427 and merged it.
jyasskin: fine.
jeffh: 427 could still use review. submitted PR 489. cleans up many easy issues.
nadalin: skip over 375
(editorial).
... 379:
angelo: I think I've addressed everything.
jeffh: this needs some review
angelo: @@ is not part of credential mgnt; don't see why this should be added.
"Add isPlatformAuthenticatorReady function to the API surface "
angelo: add mike west as a reviewer?
jyasskin: would be nice to have example of the use of this func (but I've not read this spec)
Adds requireUserVerification option in AuthenticatorSelectionCriteria
@1: no changes not worth discussion today:
rolf: this PR is about adding one option.
selfissued: is this just a boolean or richer?
dirk: sees like a nice-to-have, but since we don't have interop impl. w/o this, let's get a smaller version out the door and save this for future work.
nadalin: we're in the process of rewriting the charter and I've been thinking about work for the next version. this might count.
sellfissued et al: concur
giri: auth selection criterion?
nadalin: suggested to postponed
476.
... now 477
jyasskin: I support dirk's request to postpone, @2
nadalin: any objection to
postponing 476/477?
... [silence]
rolf: more generic... @3 ... by model identifier.
selfissued: ietf has a doc saying
that it's useful to say what was used but not to limit what may
be used.
... trying to encode knowledge re: what ID provider does in an
RP is just asking for breakage.
jeffh: mike jones refers to:
https://tools.ietf.org/html/draft-ietf-oauth-amr-values
... some RPs will only support a certain class of
authenticators in the forseeable future.
... corporate perspective is tht only certain authenticaotrs
will be supported.
nadalin: but this can be picked up as reg time
jeffh: but there's a UX issue
dirk: current dictionary is okay. propose leaving this as an extension.
giri: opposed.
dirk: in dict now: is auth built into platform or cross-platform. 2) supports user verification or not
jeffh: require resident key and attachment are current ones in the spec.
selfissued: alexei's PR for user verification needs to go in, also.
jeffh: AAGUID list is optional. pretty simplistic. does not cause harm. aguid is a good hook for us to have.
angelo: we should learn more
about how it's been used.
... how do you select authenticators based on aaguid?
jeffh: not sure how our mobile app does it.
christiaan: [describes model of shopping for a laptop and finding that some have an aaguid not on some list...]
angelo: concerned that RPs have to maintain large list of approved authenticators.
wseltzer: wondering if this is worth a specific write up and Q on the mailing list, to make sure people are focused on the argument around it. clearly some differences in understanding.
nadalin: will anyone step up to write this up? if not, I'm inclined to leave it for v2?
dirk: and as an extension in this version?
nadalin: defer this PR; leave text as extension?
dirk: support
angelo: okay.
[giri opposed, but has dropped from call.]
rolf: doesn't change my mind, though I can accept that I'm in the minority.
jeffh: +1
nadalin: put this to list.
... meet again next week
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/tis/is/ Succeeded: s/dirK;/dirk:/ Present: jeffh Rolf weiler gmandyam selfissued jyasskin kpaulh balfanz christiaan Ketan jfontana wseltzer battre Found Scribe: weiler Inferring ScribeNick: weiler Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Jun/0067.html Found Date: 07 Jun 2017 Guessing minutes URL: http://www.w3.org/2017/06/07-webauthn-minutes.html People with action items:[End of scribe.perl diagnostic output]