See also: IRC log
<jcj_moz> scribenick: jcj_moz
Tony: We're sort of stalled, spinning on WD-06
We want these issues resolved for WD-06
We need to resolve things soon to make it to CR by TPAC
jeffh: I've got
observations
... My understanding is that the implementing folks are doing
WD-05
... so if there are issues coming up in WD-05, are they being
filed in Github?
Tony: I think nothing impeding implementation yet
jeffh: WD-05 might have
implementation issues because it's a draft, and we want to make
sure we address that
... Please make sure as implementing, when issues come up, that
they get submitted
jcj_moz: The 3 issues I filed are from implementation
Tony: Let's look at open
PRs
... Regarding https://github.com/w3c/webauthn/pull/379...
Angelo, are you updating this to resolve the comments?
angelo: Yes.
Tony: And now 460 - https://github.com/w3c/webauthn/pull/460
jeffh: Alexei signed up for this, but we moved this on to selfissued
Tony: This one (#460) is one develoeprs have pointed out
<angelo> hi jc, I can take it over from here
<angelo> 460 is valuable for U2F devices
<scribe> scribenick: angelo
JC: I haven't encountered the problem yet because I have been dealing with only U2F so far
<jcj_moz> jcj_moz: I want to make sure #460 is not an implementation issue for Mozilla
<jcj_moz> ... and it isn't, it affects CTAP devices
<jcj_moz> ... OK
MikeJ: I can start working on 460 now that IETF is mostly over
Giri: in the absence of require user verification, does that mean the authenticator can provide silent authentication?
Tony: i don't think it's for silent auth
We're talking about pull request 498, which is moved to WD05
<jcj_moz> https://github.com/w3c/webauthn/pull/498
We're talking about pull request 498, which is moved to WD07
For 498, it appears that usually implementers just figure out what to do. We still should polish it but it's not necessary at the moment.
For 505, since it's a simple typo, it's merged right away
We're discussing 510
We're discussing pull request 510
The nice thing about client extension is that the RPs can use extensions without necessarily changing the standard
biometricCriteria would be dictionary within a dictionary if it's added to authenticator selection
Because of so, it may be best to review a little bit about how client extensions are done.
<weiler> https://github.com/w3c/webauthn/pull/510
JC: Just looking at it, I think dictionary within dictionary would be fine. But I am not familiar with all the extensions so I will have to spend more time looking at it.
Giri: for 510, I don't think it'd be blocking for WD07. If anything, I'd consider it for CR target
JC: I am certainly not philosophically opposed to this. This is why we have extensions.
Tony: I will assign MikeJ to this pull request since he worked on the extension part
Giri: one more comment: I remembered we made a IANA registry. It'd be best if we can bring this extension into one of the pre-defined extensions in the IANA registry.
MikeJ: in practice, when a
registry is published, the author (W3C) would make a
recommendation to the IETF of what to do with extensions.
... almost always these recommendations are accepted.
Akshay: the default state of the authenticator is they are stored on the devices
JC: for U2F devices, the keys are always not resident
Akshay: for FIDO 2.0 devices, the keys are always stored on the devices.
MikeJ: I will take some time reviewing 502
Angelo: I am fine with making it higher priority but it shouldn't have to take too much time since this is really one line of code
Tony: if MikeJ review it, we
don't have an issue with making it happen
... Let's go through the issues
for 393, i'd like to move it to WD07
https://github.com/w3c/webauthn/issues/393
https://github.com/w3c/webauthn/issues/182 moved to CR
JC: https://github.com/w3c/webauthn/issues/278 I don't think it's necessary to make them inherit from one thing
MikeJ: we should probably get Jeffrey to take a look because he's working on gatekeeping the Web IDL
Christiaan will talk to Jeffrey about reviewing 278
Tony will add a comment that 278 should be closed if no more action from Jeffrey
https://github.com/w3c/webauthn/issues/283 we can move this to CR. There may be some interop issue but I doubt it
https://github.com/w3c/webauthn/issues/292
https://github.com/w3c/webauthn/issues/292 is a potentially subtle interop issue but mostly a subtle issu
https://github.com/w3c/webauthn/issues/292 is a potentially subtle interop issue but mostly a subtle issue
JC: we will learn a lot more about we go through interop testing process
<jcj_moz> https://github.com/w3c/webauthn/issues/466
Tony: we can punt https://github.com/w3c/webauthn/issues/466 to a later timeline
https://github.com/w3c/webauthn/issues/473
Jeff: https://github.com/w3c/webauthn/issues/473 we can punt this to a later time
Tony: but this would change API names
MikeJ: let's decide a name and just do it
jeff: https://github.com/w3c/webauthn/issues/473 suggested names
mikeJ: we will make a PR for https://github.com/w3c/webauthn/issues/473
MikeJ was gonna create a PR for https://github.com/w3c/webauthn/issues/474
the text was already in the spec but https://github.com/w3c/webauthn/issues/474 is just about polishing it
After the PR is published, JeffH will review it
345 has a PR on it
https://github.com/w3c/webauthn/issues/485 has a PR on it too
https://github.com/w3c/webauthn/issues/488 is a naming issue too
https://github.com/w3c/webauthn/issues/488 mikeJ will create a PR for this
Tony: onces all the issues and pull requests for WD06 are done, we can publish WD06
WD07 is in september and the CR can happen at TPAC in Nov
JC: I've been testing the google demo site but so far I haven't been successful
<apowers> can everyone post their demo sites in IRC?
<jcj_moz> I'm pushing changes to "webauthndemo" to https://github.com/jcjones/webauthndemo/commits/mozilla-updates
<jcj_moz> the Mozilla demo site is https://webauthn.bin.coffee/
for edge: There's a public demo site targeted at WD03 on the public facing microsoft edge site. I coded up a demo site for WD05 but haven't had all of the hashing/crypto there.
my biggest concern so far is the hashing
JC: The same for us too.
Angelo: I know there're issues with some of the edge cases but I guess we will all encounter this kind of issue
<jeffh> apowers: have iop during 2nd wk sep?
<jeffh> jcj_moz: can meet up f2f wk of 11-
<jeffh> Sep
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: apowers jeffh gmandyam wseltzer AkshayKumar Ibrahim jcj jbradley jfontana selfissued ChsitiaanBrand angelo Found ScribeNick: jcj_moz Found ScribeNick: angelo Inferring Scribes: jcj_moz, angelo Scribes: jcj_moz, angelo ScribeNicks: jcj_moz, angelo WARNING: No "Topic:" lines found. Found Date: 26 Jul 2017 Guessing minutes URL: http://www.w3.org/2017/07/26-webauthn-minutes.html People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]