scribenick elundberg
jfontana: some updates from other groups:
<wseltzer> scribenick: elundberg
jfontana: privacy WG wants to
talk to us
... still waiting to talk to webappsec
... nothing from web platform group
... web payments is working on review, targeting end of
jan
... waiting for response from accessible platform
architecture
selfissued: I created two new PRs
<jeffh> https://github.com/w3c/webauthn/pull/739
<jeffh> https://github.com/w3c/webauthn/pull/737
nadalin: https://github.com/w3c/webauthn/pull/479
akshayku: this looks fine to me, but should we move this to L2?
<jfontana> elundberg: do you want help with scribe?
@jfontana yes please, if I miss something
<jfontana> ok
nadalin: I will mark #479 as L2
<jfontana> https://github.com/w3c/webauthn/pull/510
https://github.com/w3c/webauthn/pull/510
<jfontana> mjones has a review to do jeffH has not signed off on.
<jfontana> Tony: I want mjones ot sign off on this
jeffh: I will re-review
https://github.com/w3c/webauthn/issues/623
nadalin: still waiting for jeffh
and Rolf to review
... we also assigned this to akshayku on the last call
<jfontana> Akshay: I will look at this again
https://github.com/w3c/webauthn/pull/687
elundberg: waiting for #705
https://github.com/w3c/webauthn/pull/705
<jfontana> elundberg: 687 is waiting for 705
nadalin: waiting for reviews
<jfontana> JeffH: I am the assignee.
jeffh: I need to catch back up on this
agl: there's problem with the
text, but this PR only moves it
... I agree that shouldn't block merging this
akshayku: let me look at this
nadalin: jeffh please merge if akshayku agrees
https://github.com/w3c/webauthn/pull/718
nadalin: I'd like selfissued to
look at this
... this looks related to #626
selfissued: I'll review, but I don't know what this is trying to accomplish
elundberg: I've realized recently that #718 targets RP issues, so it might be confusing to refer to Infra procedures for that - i.e. maybe we should close #718 with no action
https://github.com/w3c/webauthn/pull/737
selfissued: this is a one-line
change fixing a copy-paste mistake
... we should review and merge right now on the call
agl: the object is JSON, yes, but
the contained values are CBOR
... the type is "text", but the content type is "bytes", but
there's no "bytes" in JSON
... I suggest using a JS object instead of a JSON object
... because JS has ArrayBuffer for bytes
https://github.com/w3c/webauthn/issues/739
selfissued: this replaces "JSON
string" with "USVString"
... I'd like jeffh or jyasskin to confirm that that is
correct
jcj_moz: that sounds right to me, but I'll get Boris to double check
<jfontana> Tony: does that get done this week?
jcj_moz: yes
<jfontana> jcjones: I will ping him this week
https://github.com/w3c/webauthn/issues/322
jeffh: #705 will close #322
https://github.com/w3c/webauthn/issues/394
<jfontana> JeffH: we just need to take a look at it. see if there is anything to say in the spec
<jfontana> selfissued: what is this proposing to do?
<jfontana> selfissued: does anyone understand the rationale
<jfontana> elundberg: it is not possible to do anything with credential ID if it is wrong
<jfontana> elundberg: if cred ID is mainputlated, then RP will look up another public key and then not be able to verify the signature.
<jfontana> alexei: how about I create an issue and verify or debunk
<jfontana> rolf: for me it is a non issue, and we all know why
<jfontana> elundberg: I agree
<jeffh> JeffH: see also figure 3: https://w3c.github.io/webauthn/#fig-attStructs
<jfontana> https://github.com/w3c/webauthn/issues/417
<jfontana> selfissued: there is PR that closes this
https://github.com/w3c/webauthn/issues/565
<jfontana> https://github.com/w3c/webauthn/issues/565
<jfontana> Tony: alexei, you created this issue. what is the status?
nadalin: we're trying to figure out the status of this
jeffh: someone needs to write some spec prose
<jfontana> elundberg, I'll back off
@jfontana ok, thanks for filling in
jeffh: all the info is in the issue, someone just needs to create a PR
selfissued: I'll create a PR
https://github.com/w3c/webauthn/issues/570
nadalin: looks like we just need
to reference the CTAP spec
... this is assigned to selfissued, please take a look
selfissued: will do
https://github.com/w3c/webauthn/issues/626
selfissued: someone had
previously proposed to replace the typedef record<DOMString,
any> with a partial dictionary
... this does effectively the same thing, but is more strictly
typed and matches what the web does better
... I propose we do this as proposed in #346
agl: Google agrees with either solution
jcj_moz: FF wants to change from
any-any
... #346 seems reasonable
selfissued: I'll do this
https://github.com/w3c/webauthn/issues/645
jeffh: this may be a non-issue, I
need to catch back up
... will look at this in the near term
https://github.com/w3c/webauthn/issues/647
jeffh: this is just editorial stuff that ought to be clarified and properly referenced
selfissued: can I give this to jeffh, who seems to know what this is about?
jeffh: done
https://github.com/w3c/webauthn/issues/658
Angelo: I thought the spec wasn't clear here
jeffh: we decided nov 1st that
we'll add a note explaining the step's purpose
... I'll do that
https://github.com/w3c/webauthn/issues/694
selfissued: it looked like agl was about to do this
agl: yes, will do
https://github.com/w3c/webauthn/issues/713
elundberg: this is addressed by #718
https://github.com/w3c/webauthn/issues/713
https://github.com/w3c/webauthn/issues/715
jcj_moz: I think we need to write
a PR for this
... I'll take a stab at it
https://github.com/w3c/webauthn/issues/725
selfissued: this is addressed by #737
discussion moves on past #725
agl: there's some confusion
around extensions and CBOR
... if clients pass unknown extension inputs through untouched,
do authenticators need to know to detect that?
selfissued: yes, authenticators should be prepared to detect invalid extension inputs
agl: #738 is related
does that mean I should stop scribing? :)
agl: I would be interested in
whether other browsers are interested in implementing this
transparent transcoding
... I don't think Google will
(I didn't catch the responses from jcj_moz and akshayku)
agl: if we don't have consensus on how to do that, maybe we shouldn't have it in the spec
jzj_moz: I think we should keep it through CR at least, and see then what's being implemented and not
jcj_moz*
<jcj_moz> https://github.com/w3c/web-platform-tests
<jcj_moz> PR is https://github.com/w3c/web-platform-tests/pull/7500
<jeffh> http://web-platform-tests.org/
<weiler> trackbot, end meeting
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Default Present: weiler, jeffh, elundberg, jcj_moz, battre, wseltzer, selfissued, akshayku, alexei, agl, jfontana, John_Bradley, rolf, nadalin, alexei-goog Present: weiler jeffh elundberg jcj_moz battre wseltzer selfissued akshayku alexei agl jfontana John_Bradley rolf nadalin alexei-goog Found ScribeNick: elundberg Inferring Scribes: elundberg WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2018Jan/0064.html Found Date: 10 Jan 2018 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]