W3C

- DRAFT -

Web Authentication Working Group Teleconference

18 Jul 2018

Attendees

Present
John_Bradley, akshay, apowers, elundberg, jeffh, jfontana, nadalin, Ketan
Regrets
weiler
Chair
nadalin, fontana
Scribe
john

Contents

test

trackbot, start telcon

<trackbot> Meeting: Web Authentication Working Group Teleconference

<trackbot> Date: 18 July 2018

<scribe> scribe: john

<weiler> scribenick: jfontana

tony: IBM has been loing at the spec

jeffH: have they added issues.

tony: yes.
... they will be at interop next week

july 27

https://github.com/w3c/webauthn/pull/994

https://github.com/w3c/webauthn/pull/999

selfissue: wondering why text was left out

jeffH: crux of issue, incorrect to have text in that paragraph

tony: jeffH can merge #999 and emil can merge #994

https://github.com/w3c/webauthn/pull/998

selfissue: looking at this now

tony: if mike approves we can get it merged.

jeffH: we are still discussing it

tony: if yo agree, merge it

https://github.com/w3c/webauthn/pull/997

jeffH: good to go

tony: as far as issues, want to look at are open technical ones.

selfissue: #997 PR is OK

tony: emil, merge, yes.

https://github.com/w3c/webauthn/issues/621

akshay: I do not see a problem here, an jeff tell me intended behavour

jeffH: it is transaction confirmation.
... I think the objection by ??? is less about security and more about use case.

jbradley: is there a use case for this make credential, I can't think of one

jeffH: think it is use case objection

akshay: if some use case, i want to show this on the authenticator

jeffH: i don't see a technical reason to disallow it
... more of a use case

jbradley: only reason may be , we might get an inconsistency.
... might be easier to say, it does not work, if you want to use it do make then use credential

akshay: if spec says both, then have to support both

jbradley: seems extereme to approve stuff not all authenticators will use

akshay: i can see use case...

jbradley: it is about signing somethign for the transaction and getting something back
... using it to display arbitrary text is not the intent of the spec.
... it is for payments.

akshay: Ok.
... if it is only used by payments and they have no use for it, we can remove it.
... jeffH do you think we should remove it

jeffH: we could put on a restriction on it for at authetication time to confirm a transaction

jbradley: are yo really getting a transaction confirmation. that is a slippery thing
... from non-repudiation point of view it might have different semantics

jeffH adding note to issue

akshay: I am fine using it just for make assertion
... need to solve as soon as possible

elundberg: I can do it.

jeffH: leave #621 open - I put a comment in there.

tony: why?

jeffH: we made decision and ti si snote. now do PR to implement the decision

akshay: close #631 if we write a PR

jeffH: agreed

tony" so this is a breaking change

scribe: from spec perspective
... we are adding , if this is new.....

tony: somebody could try this and the question is, if they don't support addition what will happen

selfissue: I will argue it is not a breaking change.
... it will be ignored if you try to use it at make cred time, but may work at get assertion time. it is not a breaking change.

jeffH: do we need to argue or go on

elundberg: I opened an issue.

https://github.com/w3c/webauthn/issues/712

jeffH: it is probably ready to merge. I need to add some to it.

tony: when

jeffH: it will get merged soon

https://github.com/w3c/webauthn/issues/750

jeffH: reply from Boris. I need to ask ... we are still working this
... we need to get the browser guys into it. what are they actually doing. think this is a spec level bug
... two aspects to this. I have a long comment I made 16 days ago
... we should change our spec web authN where we say required we should say we should say they get default values. take required key word off and give a default value
... then a separate issue is this magic algorithm in cred managment.
... we have a spec level issue. and we need to open another issue. this is detailed stuff
... they are not causing issues, but would be good to hear from browser folks

akshay: I will look at it.

https://github.com/w3c/webauthn/issues/905

parts 1 and 3 have been close

akshay: we can close it?

elundberg: i think kso

#863 helps close this. linked in thread

https://github.com/w3c/webauthn/issues/985

tony: jeffH was gong to open PR

jeffH: I need to do that

akshay: we are closing #905

tony: I beleive so
... those are the remaining issues.
... I think we have path to clsoe 621 and 712

elundberg is taking #621

tony: other issues to discuss, outside the technical ones we discussed. editorial

akshay: what did we decide on #985

it is an issue

jeffH: I need to do a PR

slefissue: I want to take about 972. I don't understand it.

https://github.com/w3c/webauthn/issues/972

apowers: I put together the text

selfissue: can you make the test a PR
... I will assign it to you.

tony: others?

akshay: #851, we were moving to to v2, but it has not been done yet
... #876

selfissued: it is technical. I just labeled it.

akshay: I think we need Google's input on this. assign to adam?

jeffH: angelo was going to chat with christiaan
... akshay can you do that.

akshay: re-direct to me and I will get help if I can't solve it

assigned to akshay

tony: jeffH what do you want to do with #996

https://github.com/w3c/webauthn/issues/996

jeffH: it reference three HTML specs, should it just be one
... i was asking for wendy and sam to put on this. i am waving a flag here.

tony: we need to get the technical one closed by next call and go for updated RD and resovle editorial before we go for PS
... have to be resolved or will miss Oct. for our PR mode.
... so we need to get these things finalized.

akshay: is #1001 a level 2 issue

selfissued: it needs to be labeled and given a milestone

tony: it is level 2

selfissue: need to label #764

akshay: #988

tony: that is moved to level 2

selfissue: #733 it is not labeled

https://github.com/w3c/webauthn/issues/733

jeffH: this in the accessibility court.

selfissue: can we assign this to someone?

jeffH: assign it to him.

akshay: can we assign a milestone to #988

jeffH: i don't think it is a problem..

tony: anything else

selfissue: #1000 does not have an assignee.

elundberg: at this point nothing to do for #1000

https://github.com/w3c/webauthn/issues/1000

tony: assigned to elundberg

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/07/18 18:04:24 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: John_Bradley akshay apowers elundberg jeffh jfontana nadalin Ketan
Regrets: weiler
Found Scribe: john
Found ScribeNick: jfontana

WARNING: No "Topic:" lines found.

Found Date: 18 Jul 2018
People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]