test
tony: from posting last week, we
did get PR out the door
... the draft is out for review.
... JeffH has watermarked the repository
... so let's look what is in Level 2
... looking at end of feb. for recommendation as long as no
issues pop up
... thanks everyone. it is a good milestone. I thank W3C
helping out and getting us through the extensions.
... would like to move to some of issues we have.
... lets go and look at PRs. that need attention,
un-triaged
#1140
https://github.com/w3c/webauthn/pull/1140
elundberg: there was a weird
workaround for UV, we fixed that
... I think it came from a mis-undestading around CTAP
toney: I have added some reviewers.
selfissue: is it our intent to merge this to Rec. or is it level 2 c hange?
tony: no.
... no. no. no.
... it is re-classified as level 2
https://github.com/w3c/webauthn/pull/1141
elundberg: this aligns with #1127, it looks like we have large batches for attestation
yuriy: previous wording had a
MAY,
... the wording is correct now.
... better
akshay: we should not over specify here.
yuriy: this doesn't suggest a bad behaviour
akshay: looks good
https://github.com/w3c/webauthn/pull/1142
elundberg: fix for Android
SafetyNet
... also has to do with attestation
https://github.com/w3c/webauthn/pull/1143
coupled with issue #1034
elundberg: this is a corner case, but it does result in incorrect value. so this PR fixes that
tony: https://github.com/w3c/webauthn/pull/1144
elundberg: this one builds on top
of last one. could be controversial
... proposed to always let it return true
... I have written why this might be a good thing. #1143 is
straight up fix. #1144 is companion
... this doesn't change much. The RPs need to do this
already.
tony: but that makes it a normative change.
akshay: what is issue..when you have not used appid
elundberg: the issue is false positives
akshay: why do we return true if it is not used.
elundberg: that is how it is
specified.
... I don't expct a conclusion on tis one right now. look at it
and see if you agree or not
self issue: is this a breaking change.
elundberg: arguably yes.
selfissue: should we close
it
... it is breaking change
... I will put comment that this looks like a breaking
change
elundberg: I would argue in practice, this is already what RPs kind of have to do
agl: all RPS know if a credential
is registered with u2f, webauthn
... they will be fine with this
tony: https://github.com/w3c/webauthn/pull/1145
elundberg: it geos with issues
#1136
... we have in step 16, there are cases for different
attestation type, but missing non-attestation
... this is attestation typles not formats
tony: that takes us through
un-triaged PRs
... issues #1135
elundberg: open question. should we dplicate saftey net verification, but refer to S.Net documentation
agl: I would agree, the web authn stuff has not been kept up to date in s.Net documentation
elundberg: OK
jbreadley: better to point to source material, as long as it is correct.
elundberg: argument against, will it be hard to find or understand
yuriy: I was trying to say...I would keep current state of s.net documentation, but we should not refer to it
tony: #1136
https://github.com/w3c/webauthn/issues/1136
elundberg: move to level 2, connected to PR#1145
tony: want to ask the group what they think about some issues #1125
https://github.com/w3c/webauthn/issues/1125
elundberg: this looks out of scope
agl: there are a few proposals around this
akshay: think it still trying to discover what is acceptable to the user
elundberg: looks like they are trying to bolt Oauth on to Web Authn
tony: https://github.com/w3c/webauthn/issues/1124
agL: this is moot. implementation can support curves this person likes.
tony: selfissue are you registering these curves
selfissue: yes, for COSE and JOSE
and calling out the curves
... this is ongoing. some are not registered.
tony: those are the ones I had
for this week.
... are there other things to discuss?
jeffH: we are going to talk next week. I am fine to bail out
tony: do we need face to face at
RSA time.
... there will F2F at FIDO plenary
... F2F at RSA.
?
jbradley: it is not a bad idea to do that at RSA
tony: OK, anyone opposed to me
working on it.
... who will attends jeffH? agl? jc?
... I will work on it. and get a room and a date.
<jeffh> yes JeffH, perhaps AGL
tony: and let W3C know about
it.
... thanks
call ends
trackbot, end meeting
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Default Present: elundberg, jcj_moz, ken, nsteele, selfissued, jeffh Present: elundberg jcj_moz ken nsteele selfissued jeffh jfontana No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Found Date: 23 Jan 2019 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]