<elundberg> weiler: Chrome on my phone doesn't want to load the call URL in the agenda email
you had a mic for a bit and it was echoing
tony: yes, we did get updated CR draft out there
… published
… as far as IPR is concerned should be no issue going forward
… we can get things closed in time for PR submission.
… any qustions.
@weiler no comments on it. I have not looked at time tool.
tony: I think we can keep up if we can get thse PRs and issues closed.
https://github.com/w3c/webauthn/pull/1021
tony: akshay has singed off on this.
… no to enough acess rights , Mike can you do it. Yes.
https://github.com/w3c/webauthn/pull/1023
tony: we need emil to sign off on this. Mike has signed off
… can we give Jeff same authority he had before.
@weiler that should be fine.
toney: jeffH can you merge
jeffH: I can do it.
@weiler on time line. should I send out snippet of timeline to everyone.
https://github.com/w3c/webauthn/pull/1024
tony: this is ready to go. Dominic? he does not have rights.
jeffH: I can do it
tony: we don't have PRs without milestones, lets look at issues.
tony: https://github.com/w3c/webauthn/issues/876
… we had a decision on this.
… we have 3 technical issues
… #294, #1004, 876
… #1014 also
selfissue: can I go back to 876. we can 't close until credman is fixed.
… who can do PR
JeffH: I can
selfissue: I will add that
jeffH: i proposed it last week. I have work to do in credman and I will get to it next week.
https://github.com/w3c/webauthn/issues/1014
tony: not sure this is an issue
agl: we looked at this last week
tony: it is tagged an technical and i can't see it
jeffH: i think we agree we can pull technical tag
tony: i think that gets us down to the last 3 technical issues.
… we have #334, I don't think Christiaan is on the call today.
jeffH: there needs to be some clarification. And work I did with Emil on authenticator taxonomy. One could say it has been addressed to some degree, but it needs review or more detail
tony: who is good to review
… akshay?
akshay: sure.
assigned to akshay and christiaan
https://github.com/w3c/webauthn/issues/358
tony: assume jeffH is lookng at this
jeffH: we are not going to fix everything for PR, we have been chipping away at it
https://github.com/w3c/webauthn/issues/403
jeffH: this is on my list to address
https://github.com/w3c/webauthn/issues/462
tony: this goes along with the duplicates.
… you chipping away
jeffH: yes.
elundberg think there is some we can eliminate in # 462
https://github.com/w3c/webauthn/issues/578
tony: elundberg did you cover this with taxonomy
elundberg: I don't think so.
tony: would seem this might be a place this gets described also. can you look and this and incorporate?
elundberg: yes. will look at authenticator operations
https://github.com/w3c/webauthn/issues/585
tony: is it possible we wind up looking at server spec in FIDO re: RPs
jeffH: can we reference the server spec from FIDO.
tony: it should be public
heffH: someone can add a reference for it and we can wait for it to appear.
tony: I will make sure that goes public - FIDO server.
… it is out for IPR review
… we will make it a public document
apowers: the server spec is published
jeffH: we can reference it
<apowers> manu: https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-server-v2.0-rd-20180702.html
<apowers> doh
https://github.com/w3c/webauthn/issues/704
jeffH: this is just editorial
https://github.com/w3c/webauthn/issues/733
jeffH: waiting for feedback from the accessibility people
tony: can we get a message to them, sam
@weiler: I can figure it out.
https://github.com/w3c/webauthn/issues/764
elundberg: not much was can do here
tony: not sure there is much we actually would want to do here. I can cause other issues
… I suggest this winds up getting closed.
selfissue: closed or V2
tony: it comes down to authenticator selection, we can push it off or we can close it now.
agl: on the surface, this person is looking at silent authenticators, I am in favor of closing.
tony: I would agree on close
jeffH: close it with noted rational.
https://github.com/w3c/webauthn/issues/796
tony: cleanup
https://github.com/w3c/webauthn/issues/876
tony: back to this, we are OK with this
https://github.com/w3c/webauthn/issues/972
agl: this is awkward one. fido spec shows the whole complex thing, we want to reference the spec , but the spec is kind of nonsense and nobody does it.
… I will take on PR and try to work that diplomatically
https://github.com/w3c/webauthn/issues/980
agl: might be some minor cleanup here. but in has AppID implications.
tony: we don't want to do that.
… not sure a clarification would be any good in extension
agl: I think there is some confusion here.
… would it help to clarify, but something in the issue
… I will add a comment in the issue for Shane (author)
jeffH: that sounds good
https://github.com/w3c/webauthn/issues/981
jeffH: on this one, in FIDO registry there is , i think, 4 certificate flavors
… this is kind of an interop thing. Shane has a good point here, what should RPs implement for?
… this has broadened out, it might be good to constrain
gmandyam: is algorithm re-specified in the cert chain?
agl: it's x509 tells you ..... can put anything in
elundberg: should we add a note to refeence this registry that jeffH mentioned and say these 4 algorithms should be added
jeffH: I am putting in a comment now
agl: we could nail down more here
jeffH: you may want to
agl: as browsers implementing this spec, we pass what the token gives us. this is kind of a FIDO thing
elundberg: it is also related to assertion signatures.
… could have any flavor for user keys, but need to support all key formats
agl: the assertion key is negotiated to some extent.
… it has to work.
gmandyam: I ask about this at IETF. we have definitive algorithms and cert rules, it is up to RP whether they want to interpret or ignore
… what else can you say
jbradley: which anything should I implement is the question from shane
gmandyam: fair enough, but jeff's concern in valid
agl: if you want interop, you do not force attestation
jbradley: the other thing is, this might be valuable in the FIDO metadata
jbradley: never mind this might be circular
tony: OK, any other discussion on #981
https://github.com/w3c/webauthn/issues/1012
tony: we have a PR open against, should be ok
… we discussed #1014
… and #1019 is just editorial
jeffH: elundberg is assigned.
tony: that takes us through the issues.
… we have couple of open issued for triage.
https://github.com/w3c/webauthn/issues/1011
gmandyam: the PR does not remove Safety Net , it is just for augmentation.
… we can close it, but it not something for L1 perhaps
tony: we can tackle in L2
gmandyam: sure
… in Level2 timeframe there will products in market will have trust on attestation....it seems we can find a solution to position this so it is not a choice or of or the other
https://github.com/w3c/webauthn/issues/1020
tony: is this in our scope
elundberg: I plan to add a comment. Hopefully there will be a fix.
JeffH: in could bring clarification in the spec
gmandyam: user can leverage what is in the browser
elundberg: we don't require implementers of web authn are not required to implement ctap
… so it does not require external authenticators
gmandyam: isn't that the point
jeffH: summarize at bottom on issue, and he discusses risk... we know this. RPs can to things to accommodate this
<elundberg> s/hopefully there will be a fix/hopefully this will be a wontfix/
jeffH: it goes back to use cases in #334
… his point may be moot. and we need to explain it better.
selfissue: can you add that to #334
jeffH: sure
tony: last one is 1022
https://github.com/w3c/webauthn/issues/1022
tony: looks like we are doing this today, but it is not document well
tony: agl I will assign this one to you
… that is all I have for today.
… anything else?
elundberg: I am a bit worried aobut lcient operations we have , we have 3-4 ways to abort and return error. I am worried we might not be clear.
tony: can you put it into level 2
selfissue: I have editorial question. the current CR is not listed in the set of previous versions
jeffH: we typically had to add that manually after the editor's draft.
selfissue: I will create an issue and assign it to...
tony: sam
@weiler: were there any working drafts issued between the two CRS
tony: not that i am aware of
@weiler: you want the editor's draft to show that?
tony: yes.
Failed: s/hopefully there will be a fix/hopefully this will be a wontfix/
No scribenick or scribe found. Guessed: jfontana