test
sam: talked to Yuiry
... we found testing does not necessarily prove interop
... what FIDO has cannot be shared.
... it might be conformance testing is sufficient, but not
obvious at first glance.
elundberg: there is a bunch of
pull requests not assigned to any milestone. there is #1085
think ready to merge.
... also #1092 arguably editorial but changes the
algorithms
<weiler> Yuriy said he'd generate a mapping between WebAUthn extensions and parts of the conformance test plan, where they exist. I also pointed out that the conformance test plan they sent, v1.1, is new, hence not an artifact contemporaneous with actual conformance testing.
elundberg: if we do it I think we need to get confirmation or approval fro the browsers.
agl: you want approval, looks like you have JC, I can go off and check chrome and aksay can look at edge.
<weiler> [also: Yuriy was missing much backstory, like that we were looking for interop evidence for ALL of our extensions, not just txAuthSimple and Generic)
elundberg: also #1094 that I thin we can merge right now.
Tony: you want this .... talking about #1094, it is sort of a normative change.
elundberg: it does add normative language , but doesn't change anything normative.
agl: if it is IDL this does not appear to change anything, i think we can merge.
tony: I don't have a problem
merging #1094 now, if people feel it is oK. I looked at
IDL.
... I am good if others are OK
elundberg: then we are merging #1094 then
selfissue: I want to return to #1092
<jeffh> i think merging 1092 is fine
selfissue: it is correct, we have google, mozilla and msft to say it should be merger.
tony: still missing some actions.
selfissue: it is wrong the way it is.
agl: I am looking at it now. and....
selfissue: it was a cut and paste
error on my part
... lets hold on #1092
... it say authenticator parameters instead of client
parameters.
tony: I will send akshay a note
this week
... so can I get someone to review #1085
... going to merger #1085
elundberg: merging
tony: where do we stand with #1093
https://github.com/w3c/webauthn/pull/1093
christiaan: Looking at
#1093
... I will look at this.
tony: #1113
https://github.com/w3c/webauthn/pull/1113
agl: I thnk this is OK
tony: wold like agl and mike to look at it
selfissue: i just approved it
tony: if adam apprvoes I assume we can...
agl approved, jeffH approved.
tony: go ahead and merge this
one.
... takes us down to what we can close today.
... as far as #1095 is concerned.
jeffH: i had been involved in editing and I went looking for notes.... I need to re-do the editing.
elundberg: mike has also noted more experts need to review in detail
tony: agreed
jeffH: agreed
agl: I will look at this one.
tony: I will add akshay
... and #1082
https://github.com/w3c/webauthn/pull/1082
tony: jeefH is this something you need to work on
jeffH: yes
tony: just have #1092 to
finish
... i'll send akshay a note on that one
... those are the outstanding PRs
... any issues, we have some...#1078
elundberg: think handled by PR #1082
tony: looking at #1088
jeffH: #1088 is behind PR
#1095
... do we need to attach milestones to any of these
tony: yes.
... we also have #1107
elundberg: talks about completely new feature
jeffH does this go to Level 2
tony: yes.
... want to make sure Christiian is looking at #1093
... once we loo at #095, we will look at where this onther one
fits.
... does anyone want to look at any other issues?
... or PR for PropRec
elundberg: I also assigned #1082 to PropRec
tony: any issues anyone wants to look at on Level 2
agl: we are still keyed on the
transport thing. #1050
... lets you know which trasports are supported when you
register a key
https://github.com/w3c/webauthn/pull/1050
agl: i don't knwo what we will do with Level 2 and work there. or keep these things around and land them.
christiaan: there are quite a few things we have agreed upon, but if we leave them for too long..
tony: if we want to create a
branch, i am ok on that.
... the extension issue may drag out..
JeffH: you are talking about PR on level 2 and apply them into one branch
tony: yes
jeffH: but you might want to have continuous integration going on
tony: it is a lot to have going on .
agl: if it is a pain, we can
wait
... is PR weeks or months.
... if we wanted to we could say it is done and say the
extensions are not normative.
christiaan I would vote for extensions non-normative.
scribe: and be done with it.
agl: I am unclear what the reality of that would be.
tony: if we mark non -normative
we get worse interop , if people see non-normative they may not
follow it.
... do we want people to follow or just look at this as
guidance.
christiian: few browsers implement these properly and...
tony: I wold dispute, there are many smaller browsers out there.
christiian: not many people
building browsers from scratch.
... this is really between the browser and the RP. I don't see
the downside.
agl: I tend to agree.
... if we have chromium and mozilla we get all the other
browsers.
jbradley: what would be
non-normative, some of optional extensions, but the framework
would be normative.
... it would be location. etc.
selfisue: transaction confirmation would fall in that bucket. non-normative.
jbradley: we have not tested in web authN because nobody has wanted them
selfissue: how far are we from resolving the current situation
tony: we probalby solved it but having trouble convincing W3C of it.
sam: I think you have been providing the wrong thing
call is breaking up - hard to understand
sam: the FIDO person who has been
passing us the information, they do not understand the
problem
... i have ben asking for months about non-normative and now we
are talking about it.
... i don't see the harm
Christiaan: I don't see the harn
.
... RPs are not going through the testing? just the
browsers
elundberg: also the authenticatiors
christiaan: that is FIDO2, this is about browsers in my mind
jbradley: issue is non of the browsers support those extensions.
christiaan: how do you get browsers to write good code. I thnk we are only talking about browsers.
jbradley question is, if you do implement, is is normative or non-normative.
christiaan: even if it is
normative and the browser guys want to do something different
they will
... if this was for authenticators i would agree
elundberg: i don't see how this is not about authentiators. 6 or 9 extensions are authenticator
christiaan: is that being done in
CTAP
... that is nothing to do with W3C
agl: in practice nobody has built what we thought was the way people would do this.
chritiaan: if we want to make
authenticators do something, that is over in FIDO tha tis not
here
... I don't se the down side of non-normative.
agL: as browser vendors we don't look at normative and non-normative.
elundberg: we talked about dropping extensions and picking them up somehwere else.
selfissue: I don't think that is a good idea
jeffH: i am with christiaan and agl as non-normative.
elundberg: i could agree to that.
selfissue: but only the ones we
have not done interop on .
... we have done AppID
tony: we talked about HMAC
jbradley: but that is separate.
tony: soright now , it's just
appID
... what do we want to do.
jbradley: normative is better,
but not gettin this done would be worse.
... delaying for normative might not be worth struggle.
christiaan: it does not matter to browser vendors.
sam: couple of suggestions. could ask the list. take a poll. another thing, it is to punt consensus to co-chair.
tony: we have to put it to list. it would be a week before we get a decision.
elundberg: so do we announce it now
tony: i will put it out to the list and see if anyone objects.
rssagent: draft minutes
... add title
rssagent, draft minutes
rssagent, stop
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: gmandyam weiler Ken_Ebert elundberg Christiaan nadalin John_bradley Pasan Ketan SarahSquire jfontana NickSteele selfissued jeffh agl No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Found Date: 28 Nov 2018 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]