16:52:38 <RRSAgent> RRSAgent has joined #webauthn
16:52:38 <RRSAgent> logging to http://www.w3.org/2017/07/12-webauthn-irc
16:52:40 <trackbot> RRSAgent, make logs public
16:52:40 <Zakim> Zakim has joined #webauthn
16:52:42 <trackbot> Zakim, this will be
16:52:42 <Zakim> I don't understand 'this will be', trackbot
16:52:43 <trackbot> Meeting: Web Authentication Working Group Teleconference
16:52:43 <trackbot> Date: 12 July 2017
17:02:26 <jfontana> jfontana has joined #webauthn
17:02:33 <battre> present+
17:03:53 <Rolf> Rolf has joined #webauthn
17:04:47 <weiler> present+ weiler
17:04:55 <Rolf> present+
17:06:09 <jcj_moz> present+ jcj_moz
17:08:25 <wseltzer> present+
17:08:48 <jcj_moz> scribenick: jcj_moz
17:08:56 <weiler> present+ apowers, jfontana, nadalin
17:09:23 <jcj_moz> tony: Welcome back to the regularly scheduled calls, jcj_moz
17:09:31 <jcj_moz> ... Open PRs, so we're continuing with PR #379
17:09:45 <jcj_moz> ... Angelo, have you been able to update this?
17:09:55 <jcj_moz> Angelo: I'll do so later today
17:10:02 <jcj_moz> tony: That leaves us with #460
17:10:23 <kpaulh> kpaulh has joined #webauthn
17:10:43 <jcj_moz> ... This is assigned to Mike Jones, but he's busy with IETF next week
17:10:50 <weiler> https://github.com/w3c/webauthn/pull/460
17:11:03 <jcj_moz> Angelo: I don't think Mike talked to me after last week's meeting
17:11:07 <jcj_moz> tony: OK
17:11:09 <weiler> "Adds requireUserVerification option in AuthenticatorSelectionCriteria "
17:11:21 <weiler> https://github.com/w3c/webauthn/pull/498
17:11:23 <jcj_moz> tony: That leaves us with PR #498
17:11:29 <alexei-goog> alexei-goog has joined #webauthn
17:11:39 <jcj_moz> ... the Algorithm fixup.
17:11:59 <jcj_moz> ... Is Jeff here?
17:12:06 <jcj_moz> No, he couldn't be here this week or next due to IETF
17:12:15 <jcj_moz> Tony: OK.
17:13:00 <jcj_moz> ... There are 16 open issues for WD-06 : https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AWD-06
17:14:26 <jcj_moz> tony: #278... Angelo, you hadn't had a chance to finish this up?
17:14:32 <jcj_moz> Angelo: I have not, unfortunately
17:14:48 <jcj_moz> tony: #283 which is also Angelo
17:14:57 <jcj_moz> Angelo: Those two should be solved w/ one PR
17:15:44 <jcj_moz> tony: #292 which has Angelo and Jeff on it
17:15:49 <jcj_moz> Angelo: I'll work with Jeff on that one
17:16:02 <jcj_moz> tony: #460 is Jeff's, too...
17:16:13 <jcj_moz> ... Also tied to #498
17:16:57 <jcj_moz> <going through issues list>
17:18:37 <jcj_moz> tony: jcj_moz, can you resolve last comment on #474?
17:18:41 <jcj_moz> jcj_moz: Yes, will do
17:18:56 <jcj_moz> tony: #485 is addressed by PR #379
17:21:52 <jcj_moz> tony: We should talk about #254
17:22:00 <jcj_moz> jcj_moz: Not an issue in practice in Firefox
17:22:01 <weiler> present+ angelo, Ibrahim
17:22:14 <weiler> chair: jfontana, nadalin
17:22:17 <jcj_moz> Angelo: This seems to be a spec correctness issue rather than a real tech issue
17:22:54 <kpaulh> present+
17:23:19 <jcj_moz> jcj_moz: I *think* this is all immutable data anyway (once page loads) so it shouldn't be a spec compat issue
17:24:40 <jcj_moz> ... This seems to be not as critical for WD-06 as it might have seemed
17:24:46 <jcj_moz> tony: So this could move to WD-07?
17:25:13 <battre> https://github.com/w3c/webappsec-credential-management/pull/93
17:25:52 <jcj_moz> jcj_moz: It seems like not even a point of contention - we needed the values/origin and copied them to the Runnable
17:25:53 <jcj_moz> angelo: Yeah, we have clear guidelines on how to code these sorts of things
17:27:27 <jcj_moz> tony <commented on issue 254>
17:27:40 <jcj_moz> tony: We need at least 2 interop impls to get to CR, and I'd like to set a timeline
17:27:54 <jcj_moz> ... so we can see if it's realistic to be at CR by TPAC in November
17:28:05 <jcj_moz> ... I sent a note out to the 3 browser vendors
17:28:09 <jcj_moz> ... and got a response from jcj_moz
17:28:43 <jcj_moz> ... at the WD-05 level
17:28:52 <jcj_moz> Rolf: This is at WD-05, right?
17:28:58 <jcj_moz> tony: That's what JC implemented
17:29:06 <jcj_moz> ... and I gather that's what Edge is implementing
17:30:00 <jcj_moz> ... Would like to get a rough estimate from the chrome team
17:35:07 <angelo> angelo has joined #webauthn
17:35:15 <angelo> I will scribe for now
17:35:22 <weiler> scribenick: angelo
17:38:14 <angelo> Edge is working on an implementation that is based on WD-05. We typically ship the API first behind a flag, turn it on by default for small group of insiders, and then eventually ship to all Windows 10 users.
17:38:45 <weiler> present+ alexei-goog
17:39:41 <angelo> JC: Firefox doesn't have infinite resources too. We are working on WD-05, testing to make sure the implementation works well, and then move to next major draft (likely CR).
17:40:40 <angelo> Alexei: I thought our plan is to not ship WD-05 publicly but just use it for interop.
17:41:35 <angelo> JC: we will not ship the WD-05 publicly but will have the hardware out of the door.
17:43:00 <angelo> Alexei: for some of the developers, it's concerning that the gap between the implementation and the draft is getting big.
17:43:07 <angelo> JC: +1
17:43:42 <weiler> rrsagent, draft minutes
17:43:42 <RRSAgent> I have made the request to generate http://www.w3.org/2017/07/12-webauthn-minutes.html weiler
17:43:48 <weiler> rrsagent, make log public
17:44:39 <angelo> Tony: at one point, the spec will have to converge.
17:44:54 <angelo> Angelo: we will likely have a more stablized version by Sept.
17:45:22 <angelo> Alexei: we should have a framework for how the interop testing.
17:46:41 <apowers> to be clear: CTAP 1.0 = U2F; CTAP 2.0 = the CBOR-based protocol
17:47:44 <angelo> Alexei: angelo what do you think?
17:50:12 <angelo> Angelo: our initial implementation will have Hello and CTAP working. Given that CTAP is designed to be backwards compatible with U2F, our implementation will likely work with U2F.
17:50:20 <angelo> Alexei: SGTM
17:51:00 <angelo> JC: there's a nice library that fakes U2F hardware.
17:51:20 <angelo> Tony: so we're looking at interop at Sept?
17:52:27 <jcj_moz> J.C.'s test site- https://webauthn.bin.coffee/
17:53:04 <jcj_moz> Rust U2F implementation- https://github.com/jcjones/u2f-hid-rs/
17:53:06 <jcj_moz> will send emails too
17:53:11 <angelo> JC: we can do interop right now. We can use soft-token to do interop testing.
17:53:57 <angelo> Angelo: Alexei, when can you guys do interop?
17:55:59 <angelo> Alexei: we don't plan to do soft token and will jump straight to hardware. I will echo with Domenic here that we don't usually do much timeline estimate. If I have to guess, I'd say it's around end of year.
17:56:32 <angelo> Domenic: is there a shared test repo?
17:56:57 <angelo> Angelo: Adam Powers wrote a small web platform test. We should pull him in when we start interop testing.
17:57:35 <wseltzer> no meeting next week, resume on the 26th
17:57:41 <angelo> Tony: no meeting next week. See you the week after
17:58:08 <apowers> Adam Powers is working on better WPTs too :)
17:59:01 <jfontana> jfontana has left #webauthn
18:01:59 <weiler> rrsagent, draft minutes
18:01:59 <RRSAgent> I have made the request to generate http://www.w3.org/2017/07/12-webauthn-minutes.html weiler
20:01:20 <Zakim> Zakim has left #webauthn