16:48:03 RRSAgent has joined #webauthn 16:48:03 logging to http://www.w3.org/2017/09/13-webauthn-irc 16:48:05 RRSAgent, make logs public 16:48:05 Zakim has joined #webauthn 16:48:07 Meeting: Web Authentication Working Group Teleconference 16:48:07 Date: 13 September 2017 16:49:29 agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Sep/0211.html 16:49:44 weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Sep/0211.html 16:50:00 present+ weiler 17:02:25 Rolf has joined #webauthn 17:04:34 WD07 has joined #webauthn 17:05:15 jfontana has joined #webauthn 17:06:10 kpaulh has joined #webauthn 17:09:22 I will contribute 17:09:37 scribenick: jfontana 17:09:59 No issues on 498 17:10:11 Topic: 593 17:11:20 present+ 17:11:58 topic: 544 17:12:05 ketan has joined #webauthn 17:12:15 https://github.com/w3c/webauthn/pull/544 17:12:18 present+ AkshayKumar, Alexei, kpaulh, battre, jfontana, ketan, Rolf, nadalin, ChristiaanBrand 17:12:41 topic: 545. Angelo thinks it is ready to go. JC has a question posted. 17:12:54 https://github.com/w3c/webauthn/pull/545 17:13:17 JCJ_moz is not present 17:14:10 regrets: jcj_moz 17:14:20 Angelo: it's ready. But let's wait til jeffH can look at it and merge it 17:14:38 topic 546 https://github.com/w3c/webauthn/pull/546 17:14:46 rrsagent, draft minutes 17:14:46 I have made the request to generate http://www.w3.org/2017/09/13-webauthn-minutes.html weiler 17:15:01 rrsagent, make log public 17:15:26 Christiaan: suggests to merge this PR. No disagreement 17:15:40 Angelo: it does not break anything 17:16:17 dmitriz has joined #webauthn 17:17:18 Alexei: there are some typos. I will fix and merge in. 17:17:45 topic: https://github.com/w3c/webauthn/pull/553 17:17:58 tony. this is not a big issue right? 17:18:19 Alexei: it is not a big issue if everyone agrees to merge this in. 17:18:26 Alexei; merging 17:18:50 topic: https://github.com/w3c/webauthn/pull/555 17:19:10 dirk, we are not sending this over the wire 17:19:41 alexei: updated and merged. 17:19:58 topic: https://github.com/w3c/webauthn/pull/558 17:22:58 direK: think the concern if someone put PII in the field 17:24:56 dirk: wa yI see this, we have to clean up some of things that fell through the cracks and one thing is that we are forgetting to pass ID back to RP 17:25:07 present+ dmitriz 17:26:44 dirk: PII has many definitions 17:26:51 q+ 17:27:51 ack ws 17:28:03 dirk: we could in the spec say when you pass in this value make sure it is not one of those things that can be user identified. 17:28:27 wseltzer: offering a legal point of view 17:28:48 wseltzer: question will you be sharing PII with someone you were not expecting 17:29:10 christiaan: only one who will see info. is RP. the wire is not in scope here 17:29:36 q+ 17:30:08 akshay: is the solution that we can put anything in here? 17:31:43 present+ jyasskin 17:31:49 ack jy 17:32:18 JYasskin: we need to alert RP to this issue and let them choose accordingly. 17:32:50 rolf: how is this solved in u2f today 17:33:00 christiaan: u2f does not have this issue 17:34:12 Jyasskin: if userID is PII, then credential name is PII. RP can treat it that way. 17:34:39 wseltzer: some RPs would rather not see PII 17:35:15 tony: put note in there to say privacy consideration section should be updated. with note about sharing PII with some you were not expecting to share it with 17:37:08 tony: we still are pending the FIDO thing to finish before we merge this one. lets hold off and get the FIDO issue resolved 17:37:15 Christiaan: that sounds perfect. 17:37:25 some open issues hanging around 17:38:23 tony: tryign to triage some issues. i'm moving editorial, non-normative to public recommendation 17:39:16 tony: trying to get us to CR and not worrying so much about editorial, non-normative 17:39:22 tony: want to make you aware 17:40:08 topic: https://github.com/w3c/webauthn/issues/507 17:40:16 topic: https://github.com/w3c/webauthn/issues/506 17:40:28 these are both about u2f attestation 17:40:41 Rolf: they are good to go in my opinon 17:41:51 topic: https://github.com/w3c/webauthn/issues/506 17:42:09 tony: these are the cancel and about issues. #383 is part of that 17:42:41 about should be "abort" 17:44:15 topic: 125 addressed by 507 and 579 17:44:25 Rolf: ready to be merged 17:46:22 topic: 548. mjones is looking at this one. 17:46:54 tony: Dirk opened up 544. asked mjones to look at this one 17:47:38 topic: 557. can dirk explain 17:47:42 dirk dropped off 17:48:01 current topic is https://github.com/w3c/webauthn/issues/557 17:49:39 Alexei: dirk's comment shouldn't public key be at top of attestation. that is what the first statement on 557 is. 17:51:13 alexei will clear up incorrect language to clarify. Will verify with Dirk. 17:51:24 tony: so no issue with this if we clear up the language? 17:51:36 tony: can someone create a PR for this one. 17:51:41 alexei: yes. 17:52:15 akshay: authenticators don't need to change. 17:52:21 alexei: correct 17:53:26 present+ angelo 17:53:54 rrsagent, draft minutes 17:53:54 I have made the request to generate http://www.w3.org/2017/09/13-webauthn-minutes.html weiler 17:57:37 chair: nadalin 18:01:12 tony: no call the week of Sept. 25 18:01:19 adjourn 18:01:30 tony: remember to have AC reps vote on the re-charter. John will chair next week, 20 Sept. No call 27 Sept. 18:01:34 rrsagent, draft minutes 18:01:34 I have made the request to generate http://www.w3.org/2017/09/13-webauthn-minutes.html weiler