W3C

- DRAFT -

Web Authentication Working Group Teleconference

18 Oct 2017

See also: IRC log

Attendees

Present
jcj_moz, elundberg, jeffh, gmandyam, selfissued, akshayku, jfontana_, angelo
Regrets
weiler
Chair
jfontana_
Scribe
elundberg

Contents

<jcj_moz> email arrived, look for it, "New W3C Web AuthN Meeting Coordinates"

<selfissued> It's saying "the meeting will start when Adam Powers arrives"

<jcj_moz> selfissued: The GotoMeeting John just sent to the list?

<jeffh> waiting for organizer?

<jcj_moz> I'm getting waiting for organizer, waiting on jfontana

<jcj_moz> jeffh, selfissued, gmandyam: https://global.gotomeeting.com/join/418535189 new link

<jcj_moz> ...since it's already on the public list

<selfissued> There on the "Even newer W3C Web AuthN dial-in for 10/18" at https://global.gotomeeting.com/join/418535189

<jeffh> ok i'm on

<jcj_moz> scribenick: elundberg

starting with PR #636

https://github.com/w3c/webauthn/pull/636

<jfontana_> We have moved the meeting dial in here https://global.gotomeeting.com/join/205778085 AC: 205-778-085

gmandyam: We already got a similar PR and the group then decided it was not necessary

akshayku: We are not ready for privacy CA

<jeffh> see also: https://github.com/w3c/webauthn/issues/628#issuecomment-337662680

gmandyam: We want to see trust anchor part of the selection criteria at some point, but not necessary right now

jeffh: Propose postponing #636 and #628 to level 2

#636 and #628 left open and postponed to level 2 milestone

https://github.com/w3c/webauthn/issues/624

also https://github.com/w3c/webauthn/pull/633

jeffh: Approve merging

#633 merged, #624 closed

https://github.com/w3c/webauthn/pull/498

jeffh: This is still in progress
... Let's merge this and then wrap up in a follow-up issue

mkwst_: Approve merging; this gets a lot of issues fixed

<selfissued> I agree with merging #498 soon and doing the other operation in a second PR

<jcj_moz> https://github.com/w3c/webauthn/pull/620

<selfissued> This closes so many things we should proceed

jeffh: I need to review this, please don't merge #620 just yet

https://github.com/w3c/webauthn/pull/544

<selfissued> We should be able to merge #620 before the next call

jcj_moz: Review comments require changes
... We could move this to CR

jeffh: We need to do this and we need to do this right

https://github.com/w3c/webauthn/pull/653

jeffh: Marking #653 for CR
... I've reviewed https://github.com/w3c/webauthn/pull/651 and have some comments on it
... I'll take care of it and close it
... Those who have been working on the exclude credentials list please review that this is correct

https://github.com/w3c/webauthn/pull/643

gmandyam: This is an implementation consideration
... It's a CR milestone

<jcj_moz> https://github.com/w3c/webauthn/pull/641/files

<jcj_moz> I don't understand the details, but it reads fine

jeffh will review #641

jeffh: I stuck #639 on WD07 because I think it's ready to go

https://github.com/w3c/webauthn/issues/537

angelo: This needs work, some tricky stuff

https://github.com/w3c/webauthn/issues/536

<selfissued> Angelo will look at #537 in the next few days

jeffh: This is fixed by #498
... Hopefully we can merge that later today

akshayku: #506 and #507 have been around a long time, we should close them
... CTAP says put all zeroes

jeffh: #506 is closed by #539 which has been merged
... #507 likewise

https://github.com/w3c/webauthn/issues/629

jeffh: Tony has been claiming that we won't do this for CR, perhaps not level 1
... If I understand correctly, we'll won't support the RP telling the authenticator whether to do UP or UV

akshayku: I think we can mark #629 for next version

akshayku will comment and close #629

https://github.com/w3c/webauthn/issues/116

jcj: This is related to #537

https://github.com/w3c/webauthn/issues/554

jeffh: I want this closed

#554 closed

https://github.com/w3c/webauthn/issues/574

<selfissued> JC: #574 doesn't match what any of the browsers are doing

jcj_moz: This is a dupe of #613 and #574

<selfissued> JC: We should say that the list should be re-processed whenever an authenticator is hot-plugged

jcj_moz: I think we could write a PR that ignores the bigger issue for WD07, and just changes the text to something wishy-washy that allows hotplugging. Underspecified, but compatible with what browsers are currently doing

jeffh: Can the spec language be informed by FF's implementation?

jcj_moz: I'm not sure about how to write it, but I can try writing a PR

<selfissued> JC will write at PR

https://github.com/w3c/webauthn/issues/560

<jcj_moz> https://github.com/w3c/webauthn/pull/639

elundberg: jeffh has approved, if noone objects we can merge this

jcj_moz: I'll review and merge

someone help me operate the bots please?

thanks jcj_moz

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/10/18 18:03:08 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: jcj_moz elundberg jeffh gmandyam selfissued akshayku jfontana_ angelo
Regrets: weiler
Found ScribeNick: elundberg
Inferring Scribes: elundberg

WARNING: No "Topic:" lines found.

Found Date: 18 Oct 2017
Guessing minutes URL: http://www.w3.org/2017/10/18-webauthn-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report
[End of scribe.perl diagnostic output]