<weiler> scribenick: jfontana
Tony: press releases and blog
posts out about FIDO, W3C. Press has been fairly decent about
it.
... widely spread
Wendy: we shared it with prospects and members...
Tony: there was some activity on
the mail thread
... still looking how token binding, payments and PSD2 fits
together. some chatter at IW about blockchain. None of this is
fugured out
that was tony
JeffH: the web authN authentication composes with this stuff..need to figure that out.
jbradley: if they want to call a web site a wallet we can help with that.
jeffH: there is some careful work here. not easy
wseltzer: ... have to work with other groups at W3C to figure this out
tony: I think we should move on to tasks at hand
<wseltzer> wseltzer: dependencies need both specification and implementation, so interested folks should please work with WebAppSec and implementers
<wseltzer> ... on feature policy
thanks, Wendy. I was distracted.
tony: on to issues.
https://github.com/w3c/webauthn/pull/859
elundberg: I think consensus is
to close this
... looks like JC and Akshay object
<apowers> DIDAuth demo from Veres One / Digital Bazaar: https://credential-repository.demo.digitalbazaar.com/ https://credential-issuer.demo.digitalbazaar.com/ https://credential-verifier.demo.digitalbazaar.com/
tony: this is untriaged PR
<apowers> or video for those that don't feel like click on a website: https://www.youtube.com/watch?v=bm3XBPB4cFY
Akshay: I don't think this is something we can decide at this point in time
elungberg: I think we should close this
jeffH: the intent is
interesting
... helps RPS from shooting themselves in the foot.
... do we want to code into spec. that's question
... emil were you trying to do this
elundberg: yes.
rolf: it should become a security consideration.
jeffH: we have issue on
that
... i am fine in closign this, but genral thrust we need to
follow up on
elunberg 858 is a more conservative version of this. lets move to 858
JeffH. OK
tony: are these un-triaged things we need to put on list.
https://github.com/w3c/webauthn/issues/854
apowers: this is cbor and parsed json objects during authentication
JeffH; i am not in favor of making changes in this at this point.
apowers: one resolution. cobr in both and include javascript properties. concern: confused devs.
selfissued: truth is web authn
implemetation will have to understand CBOR
... i think this is asking for a breaking change.
tony: it is a nasty breaking change
jeffH: I would not do this
tony: close . no action
apowers: I am fine with
that.
... i just wanted to bring it up for discussion
https://github.com/w3c/webauthn/issues/862
elundberg: this is about CTAP
selfissued: CTAP is not web authN , it is one kind of authenticator, also platform and other native authenticators
elundberg: we have said this parametrs exists and is always set to true.
selfissued. in future we may want to be able to set to "not true" . we need to keep it
akshay: I say we keep this.
tony: it is doing no harm right
now. there is no real technical reason
... close this one.
https://github.com/w3c/webauthn/issues/863
akshay: this is similar to FIDO issue.
tony: I will assign to you
(akshay)
... it is not a PR milestone.
jeffH; that can be changed. it is our indication that we triaged it.
tony: OK I will set at L2
... let akshay come back
https://github.com/w3c/webauthn/issues/865
elundberg: I did my best to
respond. I think we can close it. Or leave open for more
comment.
... basically main point is with authenticators no way to
backup credentials.
... most of thread is about that. It is more an idea for some
kind of key management . that is out of scope.
selfissued. this is out of scope
scribe: close
christiaan: apple matches
credentials and key chain. if we close this , someone can do
this, but not in our scope.
... some situation where it might be feasible
rolf: this comment is already in there, it is up to app vendor.
tony: can you close this one.
selfissued: closed
https://github.com/w3c/webauthn/issues/866
tony: seems like fine editorial change
jeffH: I will take it.
tony: that takes us through the
un-triaged issues we had, now back to Pull requests for
PR
... skip 375
https://github.com/w3c/webauthn/pull/821
jeffH: needs merged from master.
tony: did rolf have unanswered
question?
... can Giri sign off and then we can do the merge if JeffH and
rolf agree
https://github.com/w3c/webauthn/pull/827
tony: think this has been approved
akshay: i think this can be merged.
https://github.com/w3c/webauthn/pull/829
jeffH: I need to review
elundberg: rolf had comment I did not understand.
jeffH: I can and will do it in writing in github
https://github.com/w3c/webauthn/pull/832
tony: jeffH had comments.
jeffH: comments are addressed.
elundberg: I am fine with it if jeffH is fine with it.
jeffH: merged.
selfissued: there is grammar that needs to be fixed.
jeffH: Ok
https://github.com/w3c/webauthn/pull/836
selfissued: you are on review
list
... I have not looked at this
tony: JeffH can you merge if selfissue approves.
jeffH. sounds fine to me.
https://github.com/w3c/webauthn/pull/842
jeffH: work in progress.
https://github.com/w3c/webauthn/pull/849
eludberg: wiating for refiew.
aksay: I will look
... I am fine with it.
https://github.com/w3c/webauthn/pull/850
jeffH: need to review.
https://github.com/w3c/webauthn/pull/858
selfissued. I reviewed it looks fine
JeffH: I want to review. will merge if jeffH is ok with it.
https://github.com/w3c/webauthn/pull/860
jeffH: this is a good catch. some text disappeared and is getting stuck back in. is it same text.
elundberg: I have not checked.
jeffH: make sure it is right then pull trigger.
elundberg: I will
https://github.com/w3c/webauthn/pull/861
jeffH: needs review
tony: Open issues
akshay: IAMA pleased mike is taking care of this
selfissued: IANA. maanged to get RSA algorithms to get registers. also get elliptical curve registered. I will add web authn and as courtesy add FIDO ones.
apowers: thanks
slefissued. dropped
scribe: off call.
tony: https://github.com/w3c/webauthn/issues/116
... is this still ongoing.
jeffH: yes.
https://github.com/w3c/webauthn/issues/140
jeffH: need ot review against privacy considerations
https://github.com/w3c/webauthn/issues/151
jeffH: on could argue we need some implementation language.
tony: keep this one open, some of comments warrant this
elundberg: to me looks like roaming authenticators solve this
tony: we need some verification
on this.
... elundberg would you like to do this.
elundberg: maybe this is related to authenticator taxonomy
jeffH: can you link it to
that.
... next
https://github.com/w3c/webauthn/issues/294
jeffH: work with boris
https://github.com/w3c/webauthn/issues/301
tony: editorial
https://github.com/w3c/webauthn/issues/301
tony: i think this has been addressed. will check with self-issued.
https://github.com/w3c/webauthn/issues/334
tony: angelo not on, skip
... I will skip to 358
https://github.com/w3c/webauthn/issues/358
tony: No call next week.
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/lcose/close/ Present: elundberg weiler wseltzer jeffh jfontana Ketan apowers Akshay Rolf selfissued Christiaan Found ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Found Date: 11 Apr 2018 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]