16:59:35 <RRSAgent> RRSAgent has joined #webauthn
16:59:35 <RRSAgent> logging to http://www.w3.org/2017/07/26-webauthn-irc
16:59:37 <trackbot> RRSAgent, make logs public
16:59:37 <Zakim> Zakim has joined #webauthn
16:59:39 <trackbot> Zakim, this will be
16:59:39 <Zakim> I don't understand 'this will be', trackbot
16:59:40 <trackbot> Meeting: Web Authentication Working Group Teleconference
16:59:40 <trackbot> Date: 26 July 2017
16:59:51 <apowers> apowers has joined #webauthn
16:59:55 <selfissued> selfissued has joined #webauthn
17:00:37 <jfontana> jfontana has joined #webauthn
17:00:51 <jeffh> jeffh has joined #webauthn
17:01:08 <apowers> present+
17:02:23 <gmandyam> gmandyam has joined #webauthn
17:02:26 <jeffh> present+ jeffh
17:02:48 <gmandyam> present+ gmandyam
17:05:01 <wseltzer> present+
17:05:07 <angelo> angelo has joined #webauthn
17:06:06 <jcj_moz> scribenick: jcj_moz
17:06:38 <jcj_moz> Tony: We're sort of stalled, spinning on WD-06
17:06:50 <jcj_moz> We want these issues resolved for WD-06
17:07:47 <jcj_moz> We need to resolve things soon to make it to CR by TPAC
17:07:55 <jcj_moz> jeffh: I've got observations
17:08:08 <jcj_moz> ... My understanding is that the implementing folks are doing WD-05
17:08:26 <jcj_moz> ... so if there are issues coming up in WD-05, are they being filed in Github?
17:08:44 <jcj_moz> Tony: I think nothing impeding implementation yet
17:10:22 <jcj_moz> jeffh: WD-05 might have implementation issues because it's a draft, and we want to make sure we address that
17:10:40 <jcj_moz> jeffh: Please make sure as implementing, when issues come up, that they get submitted
17:11:09 <jcj_moz> jcj_moz: The 3 issues I filed are from implementation
17:11:15 <jcj_moz> Tony: Let's look at open PRs
17:12:30 <jcj_moz> Tony: Regarding https://github.com/w3c/webauthn/pull/379 ... Angelo, are you updating this to resolve the comments?
17:12:33 <jcj_moz> angelo: Yes.
17:13:41 <jcj_moz> Tony: And now 460 - https://github.com/w3c/webauthn/pull/460
17:14:38 <jcj_moz> jeffh: Alexei signed up for this, but we moved this on to selfissued
17:14:40 <weiler> present+ AkshayKumar, Ibrahim, jcj, jbradley, jfontana, selfissued
17:14:54 <jcj_moz> Tony: This one (#460) is one develoeprs have pointed out
17:16:34 <weiler> present+ ChsitiaanBrand
17:16:39 <angelo> angelo has joined #webauthn
17:16:47 <angelo> hi jc, I can take it over from here
17:17:06 <angelo> 460 is valuable for U2F devices
17:17:07 <weiler> q+
17:17:25 <jcj_moz> scribenick: angelo
17:17:43 <angelo> JC: I haven't encountered the problem yet because I have been dealing with only U2F so far
17:17:56 <jcj_moz> jcj_moz: I want to make sure #460 is not an implementation issue for Mozilla
17:18:10 <jcj_moz> ... and it isn't, it affects CTAP devices
17:18:13 <jcj_moz> ... OK
17:18:57 <angelo> MikeJ: I can start working on 460 now that IETF is mostly over
17:19:28 <angelo> Giri: in the absence of require user verification, does that mean the authenticator can provide silent authentication?
17:19:50 <angelo> Tony: i don't think it's for silent auth
17:21:54 <weiler> q?
17:22:33 <weiler> ack me
17:24:23 <weiler> present+ angelo
17:24:28 <angelo> We're talking about pull request 498, which is moved to WD05
17:24:32 <jcj_moz> https://github.com/w3c/webauthn/pull/498
17:24:36 <angelo> We're talking about pull request 498, which is moved to WD07
17:25:15 <angelo> For 498, it appears that usually implementers just figure out what to do. We still should polish it  but it's not necessary at the moment.
17:25:34 <angelo> For 505, since it's a simple typo, it's merged right away
17:26:08 <angelo> We're discussing 510
17:26:22 <angelo> We're discussing pull request 510
17:27:22 <angelo> The nice thing about client extension is that the RPs can use extensions without necessarily changing the standard
17:28:01 <angelo> biometricCriteria would be dictionary within a dictionary if it's added to authenticator selection
17:28:34 <angelo> Because of so, it may be best to review a little bit about how client extensions are done.
17:29:30 <weiler> https://github.com/w3c/webauthn/pull/510
17:30:21 <angelo> JC: Just looking at it, I think dictionary within dictionary would be fine. But I am not familiar with all the extensions so I will have to spend more time looking at it.
17:30:53 <angelo> Giri: for 510, I don't think it'd be blocking for WD07. If anything, I'd consider it for CR target
17:31:37 <angelo> JC: I am certainly not philosophically opposed to this. This is why we have extensions.
17:31:54 <angelo> Tony: I will assign MikeJ to this pull request since he worked on the extension part
17:32:36 <angelo> Giri: one more comment: I remembered we made a IANA registry. It'd be best if we can bring this extension into one of the pre-defined extensions in the IANA registry.
17:33:18 <angelo> MikeJ: in practice, when a registry is published, the author (W3C) would make a recommendation to the IETF of what to do with extensions.
17:33:32 <angelo> MikeJ: almost always these recommendations are accepted.
17:33:48 <weiler> rrsagent, draft minutes
17:33:48 <RRSAgent> I have made the request to generate http://www.w3.org/2017/07/26-webauthn-minutes.html weiler
17:34:19 <weiler> RRSAgent, make logs public
17:34:47 <weiler> chair: nadalin, jfontana
17:35:12 <angelo> Akshay: the default state of the authenticator is they are stored on the devices
17:35:36 <angelo> JC: for U2F devices, the keys are always not resident
17:36:10 <angelo> Akshay: for FIDO 2.0 devices, the keys are always stored on the devices.
17:37:28 <angelo> MikeJ: I will take some time reviewing 502
17:37:55 <angelo> Angelo: I am fine with making it higher priority but it shouldn't have to take too much time since this is really one line of code
17:38:19 <angelo> Tony: if MikeJ review it, we don't have an issue with making it happen
17:38:46 <angelo> Tony: Let's go through the issues
17:39:27 <angelo> for 393, i'd like to move it to WD07
17:40:15 <angelo> https://github.com/w3c/webauthn/issues/393
17:40:50 <angelo> https://github.com/w3c/webauthn/issues/182 moved to CR
17:41:35 <angelo> JC: https://github.com/w3c/webauthn/issues/278 I don't think it's necessary to make them inherit from one thing
17:42:04 <angelo> MikeJ: we should probably get Jeffrey to take a look because he's working on gatekeeping the Web IDL
17:42:27 <angelo> Christiaan will talk to Jeffrey about reviewing 278
17:42:56 <angelo> Tony will add a comment that 278 should be closed if no more action from Jeffrey
17:43:51 <angelo> https://github.com/w3c/webauthn/issues/283 we can move this to CR. There may be some interop issue but I doubt it
17:43:56 <angelo> https://github.com/w3c/webauthn/issues/292
17:44:18 <angelo> https://github.com/w3c/webauthn/issues/292 is a potentially subtle interop issue but mostly a subtle issu
17:44:20 <angelo> https://github.com/w3c/webauthn/issues/292 is a potentially subtle interop issue but mostly a subtle issue
17:44:37 <angelo> JC: we will learn a lot more about we go through interop testing process
17:44:51 <jcj_moz> https://github.com/w3c/webauthn/issues/466
17:45:08 <angelo> Tony: we can punt https://github.com/w3c/webauthn/issues/466 to a later timeline
17:45:51 <angelo> https://github.com/w3c/webauthn/issues/473
17:46:13 <angelo> Jeff: https://github.com/w3c/webauthn/issues/473 we can punt this to a later time
17:46:23 <angelo> Tony: but this would change API names
17:46:33 <angelo> MikeJ: let's decide a name and just do it
17:47:22 <angelo> jeff: https://github.com/w3c/webauthn/issues/473 suggested names
17:47:41 <angelo> mikeJ: we will make a PR for https://github.com/w3c/webauthn/issues/473
17:48:08 <angelo> MikeJ was gonna create a PR for https://github.com/w3c/webauthn/issues/474
17:48:26 <angelo> the text was already in the spec but https://github.com/w3c/webauthn/issues/474 is just about polishing it
17:48:58 <angelo> After the PR is published, JeffH will review it
17:49:23 <angelo> 345 has a PR on it
17:49:52 <angelo> https://github.com/w3c/webauthn/issues/485 has a PR on it too
17:50:09 <angelo> https://github.com/w3c/webauthn/issues/488 is a naming issue too
17:51:06 <weiler> rrsagent, draft minutes
17:51:06 <RRSAgent> I have made the request to generate http://www.w3.org/2017/07/26-webauthn-minutes.html weiler
17:51:48 <angelo> https://github.com/w3c/webauthn/issues/488 mikeJ will create a PR for this
17:52:53 <angelo> Tony: onces all the issues and pull requests for WD06 are done, we can publish WD06
17:54:15 <angelo> WD07 is in september and the CR can happen at TPAC in Nov
17:55:47 <angelo> JC: I've been testing the google demo site but so far I haven't been successful
17:56:54 <apowers> can everyone post their demo sites in IRC?
17:56:56 <jcj_moz> I'm pushing changes to "webauthndemo" to https://github.com/jcjones/webauthndemo/commits/mozilla-updates
17:57:45 <jcj_moz> the Mozilla demo site is https://webauthn.bin.coffee/
17:59:28 <angelo> for edge: There's a public demo site targeted at WD03 on the public facing microsoft edge site. I coded up a demo site for WD05 but haven't had all of the hashing/crypto there.
17:59:59 <angelo> my biggest concern so far is the hashing
18:00:41 <John_Bradley> John_Bradley has joined #webauthn
18:00:56 <angelo> JC: The same for us too.
18:01:41 <angelo> Angelo: I know there're issues with some of the edge cases but I guess we will all encounter this kind of issue
18:03:36 <jeffh> apowers: have iop during 2nd wk sep?
18:04:20 <jeffh> jcj_moz: can meet up f2f wk of 11-
18:04:22 <jeffh> Sep
18:04:58 <weiler> rrsagent, draft minutes
18:04:58 <RRSAgent> I have made the request to generate http://www.w3.org/2017/07/26-webauthn-minutes.html weiler
18:05:07 <jcj_moz> apowers:
18:05:37 <jcj_moz> apowers: If we're serious about trying to do an interop in Sydney, just send me an email and I'll see what I can do on my side
18:14:31 <apowers> will do
19:33:59 <Zakim> Zakim has left #webauthn