13 Feb 2019



jcj_moz, plh, jeffh, jfontana, ken_, elundberg, akshay, JohnB


<jcj_moz> trackbot, start meeting

<trackbot> Sorry, but no Tracker is associated with this channel.

trackbot date: 13 February 2019

<trackbot> Sorry, jfontana, I don't understand 'trackbot date: 13 February 2019'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.

trackbot, status

<trackbot> Sorry, but no Tracker is associated with this channel.

tony: face to face on 7 March in San Francisco.
... google hosting. register

<plh> https://docs.google.com/forms/d/1xMnAKbKKNPv0ZDurR4PqEaRTzkKq3LCwnvadsgdTAkA/viewform?edit_requested=true

tony: registration link is in today's agenda
... begins at 10am and ends at 5
... anyting else before we get into issues.

plh: do you have Wendy Seltzer on the list

<plh> Wendy will attend the f2f

tony: start with pull requests.

plh: are we getting together press on Recommendation

tony: W3C and FIDO have been collaborating

agl: I have not gotten anything so far from our rep

plh: Mozilla did send in a nice comment. thank you
... I will get director decision on recommendation. Not sure of specific date of the release.
... ;atest will be the 28th

tony: no open pull requests. we closed last week. No open issues, either

elundberg: should we close downthe GitHub milestones for PropRec and Last Working Draft. I will do that


tony: #1145 is something we can merge

#1143, look for JC and Akshay to look at.



akshay: I will look at this

tony: can you merge when approved.?

akshay: yes.


akshay: silent auth is a separate topic
... as of today we do not allow silent ones on the web. if we want to do that in future that is separate. This one is fine.

tony: objection is that Mike might not understadn
... go with what Akshay said. silent authenticators is a different issue
... jeffH and JC can you take a look when you get a chance
... emil if you get ack from both can you merge these
... put comment about silent authenticators, if someone wants to they can open one.

elundberg: OK


jeffH: trying to work through PRs today that have my name of them

elundberg: on #1140 should I add a comment?

tony: yes with proper premission


tony: its a merger

elundberg: there are problems in the merge. merge 1131 before 1130

tony: JeffH will check.

jeffH: indeed


tony: this is BLE stuff.
... go to Issues and look at un-triaged.
... we have three


tony: seems out of scope. close with no action

agl: closing seems right

tony: objections?

jeffH: no


tony: don't think anyone has looked at this one.

elundberg: overview. this is just editorial

tnoy: can you create a PR for this.

elundberg: yes.

jeffH: sounds good


agl: this seems somethign with chrome and not web authn. As web authn bug, close. we are talking about chrome

tony: can you close

agl: yes.

elundberg: there has been interest in soft authenticators

agl: not about soft authenticators

elundberg: Ok. I see, no origin

jeffH: rather than just close. put in explanation

agl: working on it

tony: that is last of un-triaged issues.
... we have gone through PRs to close, no un-triaged
... any particular PRs to discuss in detail?
... not hearing anything. are there any issues.?

jeffH: any high priority issues, would be good to express that to mailing list. anything burning. raise it.
... I don't have anything like that today

JCJ_moz: ... only thing burning. about working group do we need flag to say a platform supports FIDO2
... on FFox we only suport Fido 2 on a specific combination, it is difficult for designers to work with . I don't have a solution
... I want to help people adopt. I would like to say we support FIDO2 , but we do not

agl: can you express in more detail. Why does the RP need to know what is going to work

jcj_moz: not sure

akshay: the issue is, FFox does not support as of now all the FIDO 2 devices that are out there.
... they have other supports when calling latest win APIs
... but as RP, to show like like provisioning a security key. i cannot show the security key on a platform that does not support a security key
... the lastest Windows works, so basically , we can't say do you support security keys or not. how do we enable?

jcj_moz: I have to go.

bradley: as near as I can tell , yo want to provision a resident cred with UV slash pin. that is the question

akshay: want to support security key. When every browser is done, this will not be an issue.

bradley: just knowing if the browser supports CTAP 2, you also need PIN and resident credentials

akshay: it means PINS or UV based authenticators
... maybe we can do something like capability discovery

bradley, adds some fingerprinting information on down side, up side is better user experience

scribe: we could tell the RP everything but reason to do that is it is too much fingerprinting information for RPs


bradley: I am working on this but it is getting complicated.

tony: any other issues.

elundberg: #1149, I have questions
... why would RP refuse a resident cred

jeffH: it is for backward compatibility.

bradley: don't think it is backward compatibility. Some RPs only make resident credentials
... if we start making clients to return error on resident credentials... will mean resident credentials will always be preferred

elundberg: today, it is required or not required, so it can be a non-resident credential

jeffH: I have to explain the use case better.

elundberg: we could have client preferred or in-different

jeffH: we don't have preferred

shane: use case is somewhat captured in #991
... it was opened last year. we spoke last week about one part. it would be nice for RP to use resident keys and fall back if necessary
... was resident key deployed or not, if not allows you passwordless option

elundberg: I don't think we should have forbidden

bradley: we cant take , we will take whatever is best option.

jeffH: we want to retain indifferent point and add forbidden.

bradley; you are saying indifferent is resident

jeffH: I see what you are saying. I will add that

bradley: up to authenticator. forcing it to be non-resident will cause problems. it will not be popular with RPs

jeffH: i noted it is the issue and we will work from there.

bradley: Shane's points are valie

JeffH: we can move forward from there.

tony: anything else?

jeffH: we might need to add notion to our labeling on agreed on priority for issues and PRs

tony: how do you see that..
... we have a priority label.

jeffH: we are not using it.
... maybe we do it with milestones. what must go in to working draft 1 and what into level 2. and what into a later revision. maybe we triage along those lines
... we need a workign draft for level 2 and see what we need
... sonner rather than later we need the content.
... so maybe we don't do everything tagged as Level 2, until we get owrking draft 00 out the door

otny: so make a 0.1 and move things to it we want to wait on.

JeffH: this might be the way to go.

tony: lets go through the milestones. we have a Level 2 milestong.
... go through PR can clean up that list.
... look at PRs at 0.0 now

jeffH: we can punt #407 #408 #476
... #966
... I'd say level WD 1 on #966

tony: also includes 477, 479 are moved to WD 01 to discuss as a whole

jeffH: #500 punt to level 1

tony: akshay: anyone you want to pick up? assign it to me.

jeffH: #1091 i see this as un-triaged. I need to look at this. leave at 0.0
... #1095. leve 0.0

elundberg: this one is editorial. WD 0.0 will do

tony: #1118 . editorial.

elundberg: can go after review

tony: #1121. not at state to reach 0.0

jeffH: punt to o.1

ton: #1130

elundberg: can stay at 0.0

tony: think we have discussed all the rest. and leave at 0.0
... adjorn. take care, talk next week

<trackbot> RRSAgent, make logs public

have made the request to generate https://www.w3.org/2019/02/13-webauthn-minutes.html 

<scribe> chair: nadalin, fontana

add title

command: add title

Add title, Web Authentication WG

trackbot, end meeting

<trackbot> Sorry, but no Tracker is associated with this channel.

scribe, jfontana

trackbot, end meeting

<trackbot> Sorry, but no Tracker is associated with this channel.

trackbot, associate this channel with #webauthn

<plh> trackbot, bye

<plh> trackbot, associate this channel with #webauthn

<trackbot> Sorry, but #webauthn has no configuration.

<plh> action-01?

<trackbot> Sorry, but no Tracker is associated with this channel.

<plh> trackbot, bye

<plh> Meeting: Web Authentication WG

<plh> Chair: Nadalin, Fontana

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/02/13 19:56:53 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/??/the GitHub milestones for PropRec and Last Working Draft/
Default Present: jcj_moz, plh, jeffh, jfontana, ken_, elundberg, akshay, JohnB
Present: jcj_moz plh jeffh jfontana ken_ elundberg akshay JohnB
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Feb/0122.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]