tony: can PLH catch us up
PLH: we are not done yet, buy we
are so close.
... still need directors approval. we are only missing with
saying we are OK with red man
tony: I have asked JeffH to ping
Mike WEst
... he will poke him for a repsonse.
PLH: if he can say cred man spec
is OK, then I can probalby get an approval tomorrow. if not
then, Tuesday.
... there were a couple of changes by director, wanted to use a
??? for extensions.
... the other thing is , and not something to decide today, it
is versioning of specification
... we have two chice, we can go recommendation. if you publish
draft to Level 2, you have to point it to Level 2
tony my preference would be to point to recommendation.
scribe: want people to find that first.
JCj_moz: ... I can see it equally
as it should pont to most recent working draft. both ways are
valid.
... maybe this is thing where we say chairs should decide.
PLH: if we point to 2 we can have link to Level 1
tony: my concern, is people see we have Recommendation.
phl: I will make sure a few moths form now if yo want to change mind we can do that.
tony: OK.
... as we discussed there will be no press until
Recommendation.
PLH: yes
tony: so this will probably be of
interest to FIDO and various companies
... Mike Jones may do a blog post
PLH: rignt looking at finishing on Feb. 26th
AGL: what do we need Mike West to say so we don't have to roundtrip.
<plh> https://lists.w3.org/Archives/Public/public-webauthn/2019Jan/0049.html
PLH: I sent that to Mike in
email.
... pointer above.
selfissue: Assuming with get M. West we get Proposed REcommendation tomorrow.
tony: yes. or today.
... I would like to move on to some PRs that are
un-triaged.
... my view at this point is that PR is locked and I would like
to take #1130 and #1131 and move them to Level 2
https://github.com/w3c/webauthn/pull/1130
https://github.com/w3c/webauthn/pull/1131
tony: OK. now lets look at
issues....no open issues for PropRec.
... a few un-triaged issues.
PLH: I do have a question
... you mentioned communication on recommendation. The question
I got was is WEb AuthN on used on the Web today.
AGL: yes, dropbox
tnoy: in Edge and our RPs use
it.
... so it is in production.
PLH: thank you
AGL: we don't use it on our services today
tony: this is U2F keys
AGL: no web Authn
correction: no, it is web authn
JCJ_moz: 80 or 120 in release that is unique calls to create a credential creation.
PLH: I asked out system folks if
we can deploy it.
... we cannot deploy right now.
tony: what is target date
PLH: they are using a third-party server...
<plh> privacyIDEA
yuriy: I can talk to the privacyIDEA
tony: it would nice to add that W3C has implemented it.
phl: it will not happen next
month.
... we won't get it rolled out that fast. we have long list of
things to do.
... we have U2F at the moment.
tony: we have a couple of
non-triaged issues to look at - they won't make it to
PropRec
... #1127 rolf looked at , Elundberg
https://github.com/w3c/webauthn/issues/1127
tony: it has to do with
attestation keys
... also issue #1128
https://github.com/w3c/webauthn/issues/1128
tony: you can sitll have a web authN authenticator and not have it use FIDO2
yuriy: we should drop this. elundberg had modified the term. we should close. it is not an issue
jcj_MOZ: the macro in one of those issues. I will submit in irc
tony: #1132
https://github.com/w3c/webauthn/issues/1132
AGL: it is focused on SafetyNet. It is an Android thing. I will cc; in Anar.
yuriy: this is something in workign with SafetyNet attestation, I brought up as well
agl: text seems to suggest
....
... I can CC Anar, what info. do we need. ....OK I need to talk
to Anar. I don't have the answer
tony: look at outstanding
PRs
... next question. since we have pretty much closed out Level
1. How do we want to handle the repository. Clone a new
one
... continue on with this repository.
akshay: do an archive
tony: PLH are there any
requirements. my recommendation is to keep writing in this
repository.
... so we are set. feel free to rename Level 1 to Level 2
self issue: my request we don't tag version until we publish the proposed recommnedation.
scribe: I'd rather not branch until we actually finished.
PLH: I will make changes after the call.
tony: we have some open PRs on
Level 2
... we have 16 open ones on Level 2
... we have #101
https://github.com/w3c/webauthn/pull/1010
tony: two people want to keep as defined attestation form and not put it into an extension.
akshay: it should remain in the spec as it is today.
jbradley: leave it as it is. down the road we might add something.
selfissued: it look like there is consensus to close this with no ation.
selfissue: four people have , actually 5 people who are opposed to it.
tony: so akshay, can you close it.
akshay: yes.
tony: #1050
https://github.com/w3c/webauthn/pull/1050
yuriy: in FIDO we discussed keeping SafetyNet in spec
tony: back to #1050. rolf had expressed some changes.
agl: it has been a long time since I looked at this.
tony: looks like ready to go
jeffH: I have not had a chance to
review in detail
... I don't think there is any rus
tony: I am trying to move things
along, not looking to merge
... another one we need eyeballs on is #909
... this would be some of the CAble stuff, which we will go
into detail in FIDO Plenary at end of month
... this is another one people should be aware of.
... JeffH will also look. I would like JC to look and
Akshay
https://github.com/w3c/webauthn/pull/909
JeffH: I added them as reviewers.
tony: open issues. quite a few of
these authenticator selection criteria issues that Giri opened
#445 446 447
... #446, #447
agl: no objection, but we will probably not implement
tony: is the selection too granular
agl: yes.
... I more worried in the consumer case.
jcj_moz: in our structures it
could be part of metadata service, in extended extended
attestation
... instead of RP attesting what it wants
tony: mixed on this one.
jcj_MOZ: worried about fragmentation.
akshay: instead of blanket statement, I would go look at each one.
tony: there are 4 -5 of these.
jcj_moz: it is not specified how we use these eitther. we may need to solicit input from the community on how they want this to work
tony: so keep this open
jbradley: most authenticators go through this evaluation . I agree we can leave it open, but I am not in favor of going too far down this road
yuriy: this is up to browser not the RP.
tony: how about we leave them open, but create a generis one that links those 4 together so we don't lose anything.
jcj_moz: i am fine with that
tony: look at system policy one. #911
https://github.com/w3c/webauthn/issues/911
tony: this is feature policy.
people want to get this one done.
... where does features policy stand in web app sec
jeffH: I think it is going to be in soon.
jccj_moz: we are concerned with overlap of feature and policy
jcj_moz: we have implemented part
of feature policy
... we want it to merge into one thing.
JeffH: I raised this concern earlier this year....and we may review the answers. might weigh in on that thread on ...JeffH will post URL
tony: no meeting in two weeks. Jan. 30, but we will have one next week
<plh> https://github.com/w3c/webauthn/pull/1134
<jeffh> https://discourse.wicg.io/t/relationship-of-permissions-feature-policy-origin-policy/2772
<jeffh> the above link is in issue https://github.com/w3c/webauthn/issues/911
selfissue: I reviewed it. it is a one-word change.
tony: mike will merge.
elundberg: was there conclusion
on #1132?
... looks like it should not be one cert.
tony: adam will go back and
ping
...
... team.
... Android team
add title: Web Authentication WG
rrsagent: add title, Web Authentication WG
<plh> Meeting: Web Authentication WG
trackbot, end meeting
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/PHL/PLH/g Default Present: jfontana, jcj_moz, selfissued, jeffh, ken, elundberg, plh Present: jfontana jcj_moz selfissued jeffh ken elundberg plh No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Found Date: 16 Jan 2019 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]