<trackbot> Meeting: Web Authentication Working Group Teleconference
<trackbot> Date: 15 August 2018
<wseltzer> i/San Diego/https://www.w3.org/Privacy/permissions-ws-2018/cfp.html
test
<wseltzer> nadalin: We held interop end of June
<wseltzer> ... thanks Google for hosting
tony: interop results will be available and we will fold them in when we go to PR
<wseltzer> ... good number of authenticators and RPs
tony: we had some ggod success. I
did not see any major issues.
... does anyone have something to add?
... shane is just picking up the spec and implementing, so he
had good feedback.
... we will use this info to add to write up for testing
requirements
... FODO has an interop on Monday. The is there requirements
for WebAuthN. They will get some certifications out of that
.
... pull requests
... none that are un-triage
https://github.com/w3c/webauthn/pull/1031
https://github.com/w3c/webauthn/pull/1032
tony: adam had some comments.
adl: terminology is for the ??? spec. I think it is pretty nailed down
agl
scribe: there is time
https://github.com/w3c/webauthn/pull/1036
tony: emil opened this up. JeffH
and selfissue need to look at it
... agl gave link to terminology. does this solve your
issue.
selfissue: I will look later
today
... back to 1036
tony: emil opened
https://github.com/w3c/webauthn/pull/1041
tony: emil opened up and asked
for comments. JeffH, Akshay, others...
... that's it for PR
https://github.com/w3c/webauthn/issues/1022
tony: what do we want to do here. agl?
agl: I am looking for someone to take a look.
https://github.com/w3c/webauthn/issues/1034
tony: we understand what is
implemented. what do we need to do here?
... move it into a future thing
elundberg: may be something we can punt
agl I don't think thet appID should have an output.
selfissue: the whole extension
architecture requires each extension to have an output
... that's how you know it was acted upon
elundberg: we could always set it to true. I am just bringing this up now.
tony: I would like to punt if AGL does not have issue
agl: happy with that. will say chrome does not have this issue.
tony: akshay, what about edge
akshay: looking at that now.
tony: can you fill in what you find
elundberg: this is probably just an issue in the spec (and it's likely that implementations actually do what the spec meant to express)
tony: i moved it to level 2, but you can look at it now if you want.
https://github.com/w3c/webauthn/issues/1035
tony: I don't like to impose FIDO
restrictions on this spec where it is not necessary
... do we believe this test is part of generic validation or
something specific that FIDO would do.
gmandyam: seems like time stamp if flawed in FIDO context
rony: RP will make decision what
to accept
... the device is what it is.
AGL: does this require round trip phone home.
jbradley: I think there can be a cache, but can be timestamp
gmandyman: think time stamp is out of scope for webauthn
jbradley: from google perspective when they do these things on Android they expect time to be accurate
gmandyam: what if you have android running on a TV.
christiaan: today I think all clocks are accurate...if it is connected to the internet.
gmandyam: why do we have to say this in webauthn spec
christiaan: it's not expiration. if you don't set time, none of these devices work
tony: point is he is asking for this validation step.
akshay: it does not need to be there. webauthn does not need to worry about this
tony: think we close, no action.... do anyone disagree
https://github.com/w3c/webauthn/issues/1037
tony: this is back to UV
bit
... I have two thumbs up on this one
jbradley: any devices that does not set UP is broken by definition.
akshay: we can close this
https://github.com/w3c/webauthn/issues/1039
tony: this is a big one. I am tempted to say....all the info. is there I don't want to hold the spec up for this restructure unless the group thinks it should be done
jeffH: it is on the
implementers.
... if you think we can live without this polish than we move
it to L2
elundberg: this is a nice to have, I'm fine if we decide to close it
tony: it does not get closed. it goes ot L2
akshay: I think we can take this on
tony: christiaan any comments?
christiaan: I don't have a strong feeling here
agl: I would not call this a must from us.
tony: I will move to LW, emil if you can work on it that would be great.
elundberg: so if time, this would be nice to do
tony: yes .
gmandyam: if we try to work this back in, it could trigger another privacy review.
@weiler: I don't think they are that sensitive.
https://github.com/w3c/webauthn/issues/1040
jeffH: it is just cleanup.
tony: OK
https://github.com/w3c/webauthn/issues/294
jeffH: we are going to punt, hopefully
agl: I did look at this. not
entirely sure chrome wants to define its behavior, but if the
spec nails it down that's OK
... can write up what we do now, but can't guarantee what is
does tomorrow.
jeffH; you can write it up and say that
https://github.com/w3c/webauthn/issues/334
tony: this was akshay and christiaan
jeffH: need to look at this is
new use cases I added with Emil
... need some clarification. some assumptions.
eludberg: I made some changes, but then ended up cutting them.
akshay: we will look at it
https://github.com/w3c/webauthn/issues/358
tony: ongoing
https://github.com/w3c/webauthn/issues/360
JeffH: I am not sure what we are
going to do with this in the near future.
... I need to circle back around
https://github.com/w3c/webauthn/issues/403
jeffH: I still need to do this
https://github.com/w3c/webauthn/issues/462
tony: longterm thing
https://github.com/w3c/webauthn/issues/462
Pr open
https://github.com/w3c/webauthn/issues/578
followup
https://github.com/w3c/webauthn/issues/876
tony: hope to punt on this
https://github.com/w3c/webauthn/issues/936
tony: is this one done,, closed
elundbeg: I will take another look at it now...
https://github.com/w3c/webauthn/issues/972
tony: what are people doing today
agl: I looked this morning and
most browers don't implement it
... I think the only browser that is implementing is edge. what
they find may be the answer
akshay: I will look at it
tony: looks like we could get rid of this one quickly
https://github.com/w3c/webauthn/issues/981
tony: I think we have views on
this one
... akshay says we should potentially close this one
agl: we could subset this
tony: will that restrict the
RPs
... it is RPs at end that....
eludberg: think this is set of things recommended as minimum
gmandyam: if you start to bound this, have to be careful you don't exclude potential use cases in the future.
akshay: I say close this down
gmandyam: we support closing
jeffH: should there be catalog of algorithms if there is that much variance. not that strong an idea
tony: I am going to close if no one minds
https://github.com/w3c/webauthn/issues/1004
tony: jeffH had this one, quite a bit of discussion
agl: my postion, credman should fix the spec and we should not do anything.
tony: boris said he would come back and agree with that
jeffH: keep it open until we fix credman
JeefH: I am still working on credman. I can work on this.
tony: after we can lcose 1004
jeffH: sure.
https://github.com/w3c/webauthn/issues/1014
tony: PR open on this on.
one
elundberg: #936 we are going to close
tony: sign-up for TPAC
@weiler: do we have an interop report from the informal interop?
scribe: will there be a written report
tony: we will do one for the W3C
but there won't be one coming out of interop itself - just the
results. we won't write up our interpretation. We will do that
for W3c
... for W3C staff for the process, but no public report
@weiler why
tony: those that put on the
interop are not interested in doing that.
... looks like selfissue is fine with #1032
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) FAILED: i/San Diego/https://www.w3.org/Privacy/permissions-ws-2018/cfp.html Succeeded: s/finishing the spec/an issue in the spec (and it's likely that implementations actually do what the spec meant to express)/ Succeeded: s/close it/this is a nice to have, I'm fine if we decide to close it/ Present: elundberg weiler wseltzer agl christiaan nadalin akshay jeffh gmandyam jfontana John_Bradley Ketan No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Found Date: 15 Aug 2018 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]