<jcj_moz> trackbot, start meeting
<trackbot> Sorry, but no Tracker is associated with this channel.
trackbot date: 13 February 2019
<trackbot> Sorry, jfontana, I don't understand 'trackbot date: 13 February 2019'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.
trackbot, status
<trackbot> Sorry, but no Tracker is associated with this channel.
tony: face to face on 7 March in
San Francisco.
... google hosting. register
tony: registration link is in
today's agenda
... begins at 10am and ends at 5
... anyting else before we get into issues.
plh: do you have Wendy Seltzer on the list
<plh> Wendy will attend the f2f
tony: start with pull requests.
plh: are we getting together press on Recommendation
tony: W3C and FIDO have been collaborating
agl: I have not gotten anything so far from our rep
plh: Mozilla did send in a nice
comment. thank you
... I will get director decision on recommendation. Not sure of
specific date of the release.
... ;atest will be the 28th
tony: no open pull requests. we closed last week. No open issues, either
elundberg: should we close downthe GitHub milestones for PropRec and Last Working Draft. I will do that
thanks
tony: #1145 is something we can merge
#1143, look for JC and Akshay to look at.
https://github.com/w3c/webauthn/pull/1143
https://github.com/w3c/webauthn/pull/1142
akshay: I will look at this
tony: can you merge when approved.?
akshay: yes.
https://github.com/w3c/webauthn/pull/1140
akshay: silent auth is a separate
topic
... as of today we do not allow silent ones on the web. if we
want to do that in future that is separate. This one is
fine.
tony: objection is that Mike
might not understadn
... go with what Akshay said. silent authenticators is a
different issue
... jeffH and JC can you take a look when you get a
chance
... emil if you get ack from both can you merge these
... put comment about silent authenticators, if someone wants
to they can open one.
elundberg: OK
https://github.com/w3c/webauthn/pull/1131
jeffH: trying to work through PRs today that have my name of them
elundberg: on #1140 should I add a comment?
tony: yes with proper premission
https://github.com/w3c/webauthn/pull/1130
tony: its a merger
elundberg: there are problems in the merge. merge 1131 before 1130
tony: JeffH will check.
jeffH: indeed
https://github.com/w3c/webauthn/pull/909
tony: this is BLE stuff.
... go to Issues and look at un-triaged.
... we have three
https://github.com/w3c/webauthn/issues/1150
tony: seems out of scope. close with no action
agl: closing seems right
tony: objections?
jeffH: no
https://github.com/w3c/webauthn/issues/1153
tony: don't think anyone has looked at this one.
elundberg: overview. this is just editorial
tnoy: can you create a PR for this.
elundberg: yes.
jeffH: sounds good
https://github.com/w3c/webauthn/issues/1158
agl: this seems somethign with chrome and not web authn. As web authn bug, close. we are talking about chrome
tony: can you close
agl: yes.
elundberg: there has been interest in soft authenticators
agl: not about soft authenticators
elundberg: Ok. I see, no origin
jeffH: rather than just close. put in explanation
agl: working on it
tony: that is last of un-triaged
issues.
... we have gone through PRs to close, no un-triaged
... any particular PRs to discuss in detail?
... not hearing anything. are there any issues.?
jeffH: any high priority issues,
would be good to express that to mailing list. anything
burning. raise it.
... I don't have anything like that today
JCJ_moz: ... only thing burning.
about working group do we need flag to say a platform supports
FIDO2
... on FFox we only suport Fido 2 on a specific combination, it
is difficult for designers to work with . I don't have a
solution
... I want to help people adopt. I would like to say we support
FIDO2 , but we do not
agl: can you express in more detail. Why does the RP need to know what is going to work
jcj_moz: not sure
akshay: the issue is, FFox does
not support as of now all the FIDO 2 devices that are out
there.
... they have other supports when calling latest win APIs
... but as RP, to show like like provisioning a security key. i
cannot show the security key on a platform that does not
support a security key
... the lastest Windows works, so basically , we can't say do
you support security keys or not. how do we enable?
jcj_moz: I have to go.
bradley: as near as I can tell , yo want to provision a resident cred with UV slash pin. that is the question
akshay: want to support security key. When every browser is done, this will not be an issue.
bradley: just knowing if the browser supports CTAP 2, you also need PIN and resident credentials
akshay: it means PINS or UV based
authenticators
... maybe we can do something like capability discovery
bradley, adds some fingerprinting information on down side, up side is better user experience
scribe: we could tell the RP everything but reason to do that is it is too much fingerprinting information for RPs
shane:
bradley: I am working on this but it is getting complicated.
tony: any other issues.
elundberg: #1149, I have
questions
... why would RP refuse a resident cred
jeffH: it is for backward compatibility.
bradley: don't think it is
backward compatibility. Some RPs only make resident
credentials
... if we start making clients to return error on resident
credentials... will mean resident credentials will always be
preferred
elundberg: today, it is required or not required, so it can be a non-resident credential
jeffH: I have to explain the use case better.
elundberg: we could have client preferred or in-different
jeffH: we don't have preferred
shane: use case is somewhat
captured in #991
... it was opened last year. we spoke last week about one part.
it would be nice for RP to use resident keys and fall back if
necessary
... was resident key deployed or not, if not allows you
passwordless option
elundberg: I don't think we should have forbidden
bradley: we cant take , we will take whatever is best option.
jeffH: we want to retain indifferent point and add forbidden.
bradley; you are saying indifferent is resident
jeffH: I see what you are saying. I will add that
bradley: up to authenticator. forcing it to be non-resident will cause problems. it will not be popular with RPs
jeffH: i noted it is the issue and we will work from there.
bradley: Shane's points are valie
JeffH: we can move forward from there.
tony: anything else?
jeffH: we might need to add notion to our labeling on agreed on priority for issues and PRs
tony: how do you see that..
... we have a priority label.
jeffH: we are not using it.
... maybe we do it with milestones. what must go in to working
draft 1 and what into level 2. and what into a later revision.
maybe we triage along those lines
... we need a workign draft for level 2 and see what we
need
... sonner rather than later we need the content.
... so maybe we don't do everything tagged as Level 2, until we
get owrking draft 00 out the door
otny: so make a 0.1 and move things to it we want to wait on.
JeffH: this might be the way to go.
tony: lets go through the
milestones. we have a Level 2 milestong.
... go through PR can clean up that list.
... look at PRs at 0.0 now
jeffH: we can punt #407 #408
#476
... #966
... I'd say level WD 1 on #966
tony: also includes 477, 479 are moved to WD 01 to discuss as a whole
jeffH: #500 punt to level 1
tony: akshay: anyone you want to pick up? assign it to me.
jeffH: #1091 i see this as
un-triaged. I need to look at this. leave at 0.0
... #1095. leve 0.0
elundberg: this one is editorial. WD 0.0 will do
tony: #1118 . editorial.
elundberg: can go after review
tony: #1121. not at state to reach 0.0
jeffH: punt to o.1
ton: #1130
elundberg: can stay at 0.0
tony: think we have discussed all
the rest. and leave at 0.0
... adjorn. take care, talk next week
<trackbot> RRSAgent, make logs public
have made the request to generate https://www.w3.org/2019/02/13-webauthn-minutes.html
<scribe> chair: nadalin, fontana
add title
command: add title
Add title, Web Authentication WG
trackbot, end meeting
<trackbot> Sorry, but no Tracker is associated with this channel.
scribe, jfontana
trackbot, end meeting
<trackbot> Sorry, but no Tracker is associated with this channel.
trackbot, associate this channel with #webauthn
<plh> trackbot, bye
<plh> trackbot, associate this channel with #webauthn
<trackbot> Sorry, but #webauthn has no configuration.
<plh> action-01?
<trackbot> Sorry, but no Tracker is associated with this channel.
<plh> trackbot, bye
<plh> Meeting: Web Authentication WG
<plh> Chair: Nadalin, Fontana
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/??/the GitHub milestones for PropRec and Last Working Draft/ Default Present: jcj_moz, plh, jeffh, jfontana, ken_, elundberg, akshay, JohnB Present: jcj_moz plh jeffh jfontana ken_ elundberg akshay JohnB No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Feb/0122.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]