<elundberg> has the call started?
having connection problems with audio. I can scribe.
scribe: if I can get audio going
<elundberg> looks like the call isn't up yet
<jeffh> did u or someone issue the commands doc'd here https://www.w3.org/2008/04/scribe.html?
<elundberg> not yet
trackbot, start telcon
<trackbot> Meeting: Web Authentication Working Group Teleconference
<trackbot> Date: 25 April 2018
<scribe> scribe: jfontana
<scribe> agenda: https://lists.w3.org/Archives/Public/public-webauthn/2018Apr/0200.html
<apowers> "the host has not yet joined the meeting"
<apowers> looks like we're waiting for sam?
<jeffh> sam unavailable he sent email to list
sam said he cannot attend today. Wendy, can you activate the call.
<jeffh> punt to next week?
<elundberg> or other telcon platform?
<apowers> I can start a GoToMeeting
<apowers> https://www.gotomeet.me/AdamPowers
<apowers> You can also dial in using your phone. United States: +1 (872) 240-3412 Access Code: 418-535-189
<selfissued> We are on Adam's gotomeeting - please join there
<jeffh> https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+no%3Amilestone
tony: untriaged issues
elundberg: this is issue we might need to consider now. Chrome has started implementing this
jeffH: good point!
tony: this gets into authenticator selection . that is why we flagged the other one as level 1
level 2
scribe: we extended charter to take on different authenticators. Add this to PR level?
gmandyam: it's not a was to provide ease to RP it is for a service. explanatory text would be useful
tony" want to leave this issue as is. Open up a new issue.
scribe: don't want to take this one in this current release. do it in level 2 where we have set up authenticator enhancements.
elundberg: Chrome not about adding options. It is how the browser will behave with what is already there.
tony: I don't read it that way
JeffH: there is also 863 and they are at odds with each other
Christiaan jons
joins
jeffH: do we just want to comment further in these two issues 867 and ??
tony: we can continue discussion at level 2
863 is the other issue
tony: we are on issue 867
https://github.com/w3c/webauthn/issues/867
<jeffh> clarification: tony said he set the milestone for issues #863 and #867 to L2 -- and we can continue detailed discussion in those issues. if someone wants to propose editorial text for the PR milestone, go ahead and we'll evaluate it appropriately....
thank you for clarification.
christiaan: we (google) strongly object to doing nothing. I advise against tell the RP nothing
<jeffh> cbrand: chrome wants the behavior to remain "the same as it used to be" (?) -- need to give RP the info it needs....
tony: to soem extent this has to do with authenticator selection.
<jeffh> cbrand: tho current spec text is ambiguous ....
aksahy joins
akshay
tony: you were assigned to it.
akshay: two authenticators and
user touches wrong one.
... if user does that, we says authenticator not there.
cbrand: clarify. use to be send
creds down, and you make all authenticators visible, if user
touches wrong one we say....
... in Web Authn there are local credentials.
... if i send credentials down and there are no matches.
akshay: returns invalid
cbrand: what happens if there is no credential registered on the platform?
akshay: this is limitation we have now.
cbrand: think about the way we
send allowed creds down now. it might be possible to use one of
those fields for bound or not bound
... what Kim has opened is important. What do you do?
... i don't think we can solve now
akshay: this can be a replacement for attachment property or something.
cbrand: should also go back to transports. there is not way tranpsort info. makes it into standard registration. we should fix that too.
jeffH: agl opended a pr in the last few hows.
cbrand: it is about this
<jeffh> https://github.com/w3c/webauthn/pull/882
akshay: we should discuss what to
do with attachments.
... I think we missed that users can roam around and there is
not local connection
... discuss in Amsterdam
... how much control does RP and how do we do that.
... does RP want...
... there is some gaps. it all points down to attachment
property
cbrand: don't do any behavioral changes, leave it the way it is until Amsterdam so we can do through all the issues.
tony: keep in level 2 , yes.
gmandyam: why can't we say go to dev boards and say support this extension.
cbrand: this is a 90% use case, don't want to put that in an extension
gmandyam: I hate to say never, but it is an implementation solution
<jeffh> cf: https://www.w3.org/TR/webauthn/#authenticatorSelection
cbrand: I want RP to say I want this class of authenticator
tony: leaving these at level 2
and discuss more in Amsterdam FIDO meeting. We will have W3
people there.
... that takes us to 871
https://github.com/w3c/webauthn/issues/871
tony: who is matthew limpkin (sp)
submitter?
... seems this is not appropriate issue.
jeffH: define appropriate.
tony: seems out of scope.
elundberg: they are suggesting
only the global and ??what it covers
... don't think it would change any of the algorithms. it is
abstract authenticator ..
tony: what do we do?
jeffH: signature counter are a
deep topic. agl wanted to remove them
... i don't think we take this on. It influences the
authenticator model
akshay: in some scenarioes, RP may want it. let's discuss in level 2.
selfissued: close it
tony: i would push out
jeffH: this discussion is more nuanced than just this issue
tony: push it out and we will discuss.
elundberg: not changign the API, just how to implement counters.
tony: that is a breaking change. don't want to take that one right now.
jeffH: adding note. selfissued
put a note in
... also
gmandyam: is this a complexity issue?
elundberg: ...thinking about credential counters.
akshay: no certification issue here. both class of counters are allowed
tony: move on
https://github.com/w3c/webauthn/issues/873
JeffH: I need to look into this
one. will tighten things to origin that has been lowered.
... this is arguing to scope cred to a domain lowered
origin
JeffH
JeffH: it is subtle but important
distinction
... do not decide off hand, however
selfissue: need reviewer
JeffH: assign issue to me. done.
tony: leave it untriaged at this point come back next week
https://github.com/w3c/webauthn/issues/876
akshay: related to null not being allowed or base cred man spec
tony: if we go this route the Web App Sec would need to take up as well.
akshay: cred man has something that does not allow null
jefH: I nee to take a look at
this. I thought we had figured out how to make this work at
cred man level
... lets make it a Pr milestone now
tony: takes us through un-triaged
issues
... any updates on pull requests that are outstanding.
elundberg: 882 is un-triaged
https://github.com/w3c/webauthn/pull/882
tony: moving this to milestone.
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: (no one) gmandyam elundberg dmitriz jeffh Regrets: weiler wseltzer Found Scribe: jfontana Inferring ScribeNick: jfontana Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2018Apr/0200.html Found Date: 25 Apr 2018 People with action items: WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]