Tony: TPAC overview.met on
Monday, some of tuesday. some other sessions in breakouts
... went over PR states, letter was sent from FIDO to W3C about
extensions
... wendy acknowledged and will get back if needed.
... tony talked with PHL and put him in touch with Yuriy at
FIDO to run the interop tests.
correction PLH
scribe: waiting for anything else
to come up on PR, issues, etc.
... we went over L2 discussions . we were deciding what was on
board for L2
... went over repostoriy L2 , device loss recovery, emil and
dirk both gave presentations. went over authenticator
enhancements
... we talked a bit about blockchain and DID Auth
... can web authn solve many of the DID solutions out there
today.
Ken: sovergn, this is of great interst to us. we want to take what has been done in WEb authm and apply it to what we want to do
tony: it was good input we got from Sovergn and DIDs folks
selfissued: question. web authn is about pont to point with authentications. blockchain is distrubuted.
tony: related in a way of
authentication...how public keys are used for authentication
purposes.
... not 100% that web authn is point to point. it is domain
based. we will look at if we have to change our scope and
domain checking.
Ken: we think there is lot of synergy.
selffissue: in blockchain what authenticates to what
tony: DID auth is asking... who
owns the private key, who created this DID doc
... there are some current issues with how DIDs are represented
and does it have relationship to private key.
jc_jones: no synergy between
distributed ledger and DID auth
... you would use it as an additional field, attestation
... it has been my problem how this is relevant for DID auth.
from perspective of using an authenticator as CA, seems to be
what they are looking for
jbradley: in the conversation we
need to separate some of this DID auth gets thrown
around.
... knowing what DID auth is, is a bit slippery
... can the authenticator sign the DID that goes in the
blockchain?
... using web authn ot authorize/authenticate on the DID itself
is likely step on
one
scribe: two is makign the same
key that is used to do the DID transaction is having a
third-party key for the DID. enabled some sort of selection of
violation of our origin principle.
... web authn says you can't correlate sites.
... we have to figure out how to do something useful with DID
before cross transactions
selfissues: we need clear use
cases on what we can achieve in that space
... DID and DID auth are more concepts.
tony: part of the process these guys want to go through is look at those issues. what is possible.
Ken: that is our objective
tony: anymore on this topic DID auth, blockchain
jeffH: I second on Mike's (third?) on use cases. they should be sent to the mailing list
tony: this is all work that could
be done in this group
... we talked about silent authenticators, privacy issues that
have come up in FIDO land as far as the FIDO2 authenticators
are concerned. intertwined. we will look at use cases
... we talked about UAF signature formats. can we can
encapsulate in Web Authn. is it possible?
jeffH: it is possible. spec updates have been sitting in PF
tony: we wen tover this
jeffH: is it political
tony: there are some technical issues.
jeffH: I disagree
tony: talked about attestation.
EATS
... interest in looking at this in IETF
... did some policy work on domain issues. doesn't look like
there will be additional work in Cred Man
... we talked with Mike West about Feature Policy, using this
to go outside our top-level domain issues.
jc_jones: I am going to write the PR
tony: talked about syncing
platform atuhenticators
... talked same origin and trust anchors.
... discussed transport information during registration. google
pushing for
... extended charter to sept. 2019
... we will work with sam to accomplish that.
... we did have 3 issues that came up from Apple. #1095 #1096
#1097 , editorial issues and decided they were OK, assigned to
Mike
self-issue: #1095 is not in this group.
tony: yes, it was #1096 #1097
#1098 issues.
... #1098 is taken care of.
... that was the bulk of our discussions.
... had some demos. Yubico and Google
jbradley: one other thing. presentation on device loss.
tony: yes, we did mention it
before you came on the call.
... it was backup, primary, etc. slides are available. Links
are in the TPAC agenda to the presentations.
JeffH: meeting was the 22nd. I am going to put a link to the minutes in IRC
tony: add agenda.
<jeffh> minutes of TPAC webauthn session: https://www.w3.org/2018/10/22-webauthn-minutes.html
<wseltzer> TPAC WebAuthn Agenda
<jeffh> -> TPAC WebAuthn Agenda: https://docs.google.com/document/d/1snGmQJ_EO3LR3EKAY19w1V08OEPemD_po0R5kU2PXak/edit#
tony: tuesday we met with web
payments people. looking at their authentication issues. it
looks like good fit in Web Payments. need to work on the top
level domain issue
... if we can fix it with Feature Policy we will be good to
go
... card companies were interested in Web Authn
... need some linkage web payments processes
... they had an unconference day on Wednesday. some discussion
on blockchain.
<wseltzer> TPAC breakout day grid
Ken: the purpose of one of those sessions was about establishing a WG around DIDs
<wseltzer> Workshop on Strong Authentication & Identity
Ken: the consensus there was interest in spinning up a working group
selfissue: when and where
Ken: I don't have details.
wseltzer: I shared in IRC a link
to the workshop in dec. in Seattle.
... there is more discussion to come before a charter comes
forward
... we hope to share a draft after the workshop (dec. 10-11)
and if there is a draft to take it up to W3C for review
<wseltzer> https://www.w3.org/Security/strong-authentication-and-identity-workshop/cfp.html
tony: it is an invite.
wseltzer: there are forms to send a message of interest, or suggest a talk.
selfissue: deadline for papers?
tony: soon,
... still working on format for meeting and agenda.
... discussions on going with committee
... some discussion on balancing the meeting between
un-conference and paper presentation.
... position papers
... that's all I had on the agenda for today.
Sweiler: I think the FIDO document might be grossly inefficient, we should have a backup
tony: I think we will push for
normative
... on the extensions.
... group feels extensions should be optional, normative
... anything else.
... no meeting next week. It is IETF week.
sorry, I am working over you. you can take it from here.
<weiler> eh, the bot doesn't mind. :-)
Add title, Web Authentication WG
trackbot, end meeting
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Default Present: weiler, ken, jeffh, selfissued, nadalin, jfontana, wseltzer, jcj_moz, JohnBradley, ketan, Akshay Present: weiler ken jeffh selfissued nadalin jfontana wseltzer jcj_moz JohnBradley ketan Akshay No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Found Date: 31 Oct 2018 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]