See also: IRC log
nadalin: WebAuthn meets Thursday
nadalin: we acknowledged
Qualcomm's objection and pushed them to v2
... I've worked with Sam on a re-charter to extend the
group
... proposing that v2 of the spec looks at authenticator
options
... that's L2WD
gmandyam: need clarification whether these issues will be addressed prior to Rec
nadalin: no, they'll be addressed in v2
gmandyam: we should record an organization-by-organization consensus
nadalin: the objections were recorded in last week's minutes
selfissued: proposed consensus is that these issue are post-recommendation
gmandyam: then we'd re-raise the issues at CR, and possibly at charter review
nadalin: 479
jeffh: Rolf proposed some changes
Rolf: my recollection on last
week's call, strong objection to all three PRs
... I'm happy to work on them, but only if they're going
somplace
nadalin: this one is still marked WD06
dirk: I was happy with this functionality in extension
<jeffh> dirkbalfanz: is happy with having #479 functaionality as an extension, not as a normative part of the spec
<jeffh> rolf: notes that browsers feel that extensions are optional and thus it is unlikely at this time it wold be implemented
gmandyam: can any authenticator mechanism be re-proposed as extensions?
nadalin: if accepted by the
group
... so authenticator selection has been pushed off to Level 2,
but if you'd like to see them as extensions, someone can write
them up and propose per normal process
gmandyam: Qualcomm suggests that
we pursue that for all authenticator selection criteria not in
the spec now
... draft them as client extensions
nadalin: 484
https://github.com/w3c/webauthn/pull/484
gmandyam: we can put in normative requirement that authenticator follow FIDO criteria?
jeffh: I wouldn't do that
gmandyam: I wasn't expecting this
to be approved as-is, but
... with what's there now, an authenticator without
rate-limiting would be ok
jeffh: there are multiple kinds of authenticators and criteria
gmandyam: jeffh, why don't you
write up a proposal?
... Trust path
... I don't know if you want to do it as a client-directed
extension
... if RP won't accept self-authenticated, not sure it makes
sense to offer
jeffh: I haven't looked at the
trust path
... we don't need rate limiting
gmandyam: can you create a PR?
christiaan: if as an RP, we
decide not to support osme kind of attestation
... I'd think the right thing is to tell the user
... "not accepted by your RP"
... so even if we (Google) only accepted certain attestations,
we'd say bring everything to us so we can give intelligible
user message
jeffh: we're more inclined to accept any authenticator that accepts protocol, better than username-password
selfissued: from MS, I agree with
jeffh
... still better than username-password
gmandyam: if trust anchor is
going to be verified at RP, then not a client-directed
extension
... I don't mind dropping this
... I want to hear more on rate-limiting
nadalin: close the trust path part; if the rest is still open, discuss next week
gmandyam: and close Issue 461, to
which the trust path responds
... call it wontfix
<jeffh> we have a label of "declined"
nadalin: 487
jeffh: just do it
... editorial
... 475, make the spec officially Level 1
... matching credential Management
<jeffh> https://github.com/w3c/webauthn/issues/475
nadalin: will you do that Jeff?
jeffh: happy to
https://github.com/w3c/webauthn/milestone/10
nadalin: 20 issues
jeffh: we should decide whether these all need to be done for WD06
nadalin: we wanted to get to stage where next draft was CR
selfissued: start by looking at the renames?
https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+label%3Asubtype%3Arenaming
nadalin: 79
jeffh: under 358
... editorial cleanup, sloppiness in the spec
... 393 and possibly 430 for WD06
... 488
Rolf: 480
... I think the algorithm is wrong
jeffh: I agree
Rolf: does everyone agree on solution
jeffh: no. I have to think about
it
... I believe our intent was just to invoke the authenticator
once with the list
<jeffh> adios
[adjourned]
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/criterial/criteria/ Succeeded: s/agre/agree/ Present: battre gmandyam wseltzer Rolf nadalin apowers jeffh jfontana selfissued dirk christiaan Regrets: weiler angelo jyasskin No ScribeNick specified. Guessing ScribeNick: wseltzer Inferring Scribes: wseltzer Found Date: 14 Jun 2017 Guessing minutes URL: http://www.w3.org/2017/06/14-webauthn-minutes.html People with action items:[End of scribe.perl diagnostic output]