<weiler> scribenick: selfissued
Casey Piper works at Google
He still needs to join the group
Talk to Google's AC representative or talk to Christiaan so the legal stuff is taken care of
<jcj_moz> https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AWD-07
<jcj_moz> https://github.com/w3c/webauthn/pull/544
<jfontana> https://github.com/w3c/webauthn/pull/544
We are looking at WD-07 PRs
#544 is breaking - so we need to decide about it soon
Angelo wants to create a PR to show what it will look like if we add the abortable functionality
He plans to do this later today
<jyasskin> I believe the example in #544 is https://s3.amazonaws.com/pr-preview/AngeloKai/webauthn/abort.html#sample-aborting
Currently expanding options - but could add to public key options
Jeff H believes this functionality should be in CredMan
Angelo: CredMan is already updated
<elundberg> sorry, DST change threw me off
JC believes that if this is CredMan credential request options, then this is ready to go
JC: There should not be a default
value
... The member should be null unless the client wants it. This
is mostly a CredMan change.
Angelo: The algorithm part needs to be updated
Angelo will try to get all of this done this week
<jcj_moz> https://github.com/w3c/webauthn/pull/620
We will be finishing off #544
Jeffrey will address the comments on #620 and merge it later today
<angelo> I am gonna jump off the call to spend more time working on 544
<Rolf> yes, sounds good.
Rolf is happy
https://github.com/w3c/webauthn/pull/623
#623 needs updates in response to #620
Jeffrey will not have time to update #623 before the end of TPAC
Tony: We are trying to get to a version of WD-07 that can go to CR without breaking changes
#623 was moved to the CR milestone
<jcj_moz> https://github.com/w3c/webauthn/pull/651
https://github.com/w3c/webauthn/pull/651
<jcj_moz> https://github.com/w3c/webauthn/pull/651#discussion_r148131877
Jeff H made a counter-proposal in the review thread
Jeff H doesn't believe that that the current proposal is correct
Jeff H: We would need to make parallel change to both MakeCredential and GetAssertion
We don't know if Johann will be available to work on this
JC can help him work on this
<jeffh> s/makecredential/authenticatorMakeCredential/
<jeffh> s/getassertion/authenticatorGetAssertion/
https://github.com/w3c/webauthn/pull/667
Sensible limits for RP and User Entity fields
JeffH and selfissued will review
https://github.com/w3c/webauthn/pull/665
Needs additional reviews
Akshay and Mike to review
<jyasskin> jyasskin won't get to review #665 before the end of TPAC, so don't wait for me.
And JeffH and Angelo
We're done discussing PRs. We'll now talk about issues.
https://github.com/w3c/webauthn/issues/116
JC doesn't know that this has to go into WD-07. JeffH agrees.
This describes things you should do upon an abort
We moved this to CR
https://github.com/w3c/webauthn/issues/254
Addressed by PR #655
https://github.com/w3c/webauthn/issues/565
JeffH: This is largely editorial
Moving to CR
https://github.com/w3c/webauthn/issues/587
JeffH: We need the spec language to be correct but we don't necessarily need to add this to the IDL
Emil Lundberg agreed to have a look at this
<jcj_moz> https://github.com/w3c/webauthn/issues/658
https://github.com/w3c/webauthn/issues/658
JeffH reviewed this yesterday and commented
The language that Angelo pointed to is loose on purpose
WebAuthn is not specific to CTAP on purpose
https://github.com/w3c/webauthn/issues/661
Will be fixed by PR #663
This takes us through the open issues
Tony: If we get things done by Friday I will confirm with people and then generate a WD-07 spec
If all the issues get closed by Friday
Tony: Any objections?
No objections heard
Then we'll have WD-07 at TPAC
<jyasskin> https://github.com/w3c/webauthn/issues/644
<Rolf> 644 has L2 milestone
Adam Langley brings https://github.com/w3c/webauthn/issues/644 to our attention
He believes we need this for CR
There's not yet a PR
This had been categorized as a V2 feature
Akshay: Not sure what do do with silent signatures and the UV bit
In some cases you only need user presence
Akshay: The three values proposed look fine but this doesn't enable silent authenticators
Akshay can create a PR for this if people agree
JeffH: This enables the RP to say
that it really needs user verification
... This is orthogonal to the discussion about passing the
attestation through
Tony: Adam will review this with Christiaan
Adam: Christiaan e-mailed a document about Chrome's attestation behavior
Tony: This is about the privacy CA/attestation proxy discussion
Adam: Most disruptive is moving the AAGUID from the signed data into the attestation
Tony: The Web Payments meeting is Wednesday afternoon
Sam: The Web Payments WG meeting is on Tuesday
The discussion is on payments and authentication
Out of time - call ending
Tony appreciates people's hard work towards WD-07
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) FAILED: s/makecredential/authenticatorMakeCredential/ FAILED: s/getassertion/authenticatorGetAssertion/ Present: jeffh weiler nadalin jfontana jcj_moz jyasskin agl selfissued angelo AkshayKumar CaseyPiper DmitriZagidulin JohnBradley Christiaan Rolf elundberg Ibrahim Found ScribeNick: selfissued Inferring Scribes: selfissued WARNING: No "Topic:" lines found. Found Date: 01 Nov 2017 People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]