Web Authentication WG

20 Mar 2019



jfontana, nsteele, jbarclay, pranjal, elundberg, ken, jeffh, christiaan, agl, sweeden, akshay, sbweeden, jcj_moz, Callum_May, nadalin, wseltzer
nadalin, jfontana


tony: Next week. No meeting.
... the time change poll closed on Monday.
... looks like there was some objection to move it to noon, but it was only two people.
... only person we might lose in a tim echange would be Rolf.
... we don't want to lose Rolf. but we will move the call to noon PDT in two weeks.

elundberg: can I reserve the right to change?

tony: yes.

<wseltzer> [+2 hours from current time]

wendy: if needed we will send new webex

tony: who is in prague next week?

jeffH: I will be

prague is IETF meeting


Tony: assume we are on hold here. some CTAP work to do here, it's on hold.


jeffH: I need to do some work here.

tony: should reviewers look at this or are you re-doing

jeffH: mumble

tony: should we spend time on this
... JC, Akshay can you look at this?

jeffH: it is nominally the same, but I have not looked at it in a while.
... if there is huge rush, AGL has signed off on this and we can merge.

Akshay: I will look at it


tony: needs review

aksay: will look this week.


alexie: looking at this

tony: adam and akshay have looked at this.

audio issues

agl: #1161. JC comments on are valid, the link does not exist yet. so this is not ready yet.

tony: trying to dial back in

jcj_moz: this is not chicken and egg thing, this link. just need web master to file link to webauth-2

<jcj_moz> we're looking for https://www.w3.org/TR/webauthn-2/ to become real

wendy: I will poke at W3C to get the link

jeffH: we need the first level 2 working draft

wendy: without the draft, we can't have a link to it.

jcj_moz: OK, I will not fight about it.
... does not look like it will be a stale patch. the rest of the links are all good


agl: jc ha sapproved this. akshay do you want to loook

akshay: yes.

alexei: I want to merge #1170
... I just fnisihed it it is basically de-dupe instruction to verify safety net. says go to official safety net page. It is Adam's suggestion

HeffH: this is un-triaged.

tony: let's put it into this working draft.

jeffH: alexei is assigned to this.

alexei: I am merging.

tony: what was the other one #1185?

agl: yes it should be in the list. it was tagged incorrectly.

jcj_moz: it is approved by 4 people and should be merged.


tony: emil do you have something on this one.

elundberg: the steps for verifying android keys is missing
... it clarifies where things come from
... looking at the Diff. yes, just clarification

jeffH: looks good to me.

tony: move it into first draft

jeffH: yes.

tony: need some more reviewers. AGL look at it.

agl: I approved it given its small size.

jeffH: I looked at it


akshay: ready to merge?
... still on 1168

elundberg: I will merger #1168

back to #1184

jeffH: I would like to review
... can't do it on the call.

agl: tagging this QD-01



tony: this takes us through the PRs we had.
... issues.


agl: kim is working on it

tony: can you see when ETA is?

agl: yes



tony: akshay have you looked at h=this.

akshay: will look.


elundberg: PR is open

jeffH: did we already talk about the PR. then we dont need to talk about the issue


shane: there is question on the proposal. my comment, we can encapsulate the requirement from Christiaan, ....JeffH might weigh in on this.

elundberg: probably fine to do this with this one options

shane: I can take a crack at it. I need permission

tony: you should have it.

jeffh: I can help Shane to put together a PR

shane: I need some advice on the processing algorithm for clients

jeffH: create a new branch in github and I will take a look


JeffH: this is just editorial


jeffH: this stays open. need to work with CredMan


elundberg: think this is dupe of #991

tony: what do you want to do with this.

jeffH: in reviewing #911, review this along with it.

tony: leave this open

jeffH: yes
... the issues are crosslinked, so we are not losing track


tony: goes back to attestation

elundberg: also has a PR open

jeffH: skip


jeffH: it is a minor to do editorial item


jeffH: I have to see if this is addressed. need to verify


jeffH: it is open and being discussed

agl: I thought this was in CTAP and not Web Authn land.
... feedback I got was individual attestation is preferred
... so pre reg. is aweb authn concept. need to decide it is a security key. need to track back to the chip.
... web authn change not required, need FIDO to figure out its stance on CTAP2

tony: leave it open and go from there.


jeffH: related to #991

shane: if we put some data in resident key requirements....could satify Christiaan requirement.

jeffH: i linked back to #911


elundberg: has a PR we discussed.


jeffH: this is an editorial cleanup. we at least shold have note to describe this issue or fix Web IDL, but that would be breaking change
... this note that these are web authn extensitons, that encompass authenticator extensions. .
... put a note it if we do not want to break IDL.


jeffH: I will fix the labels on this. and some implementation considerations.
... maybe some privacy...


jeffH: editorial clean-up


jeffH: just another editorial clean-up.

tony: that is last we had. any other questions.

jeffH: do we have some tri-age to do.

heffH: there are four to deal with


elundberg: looks like bug report for Fido 2 server

tony: don't think we have a label for this

jeffH: we need to copy this
... need an action item to copy over to FIDO land

elunberg: I can do that


jeffH: standardizing support for authenticators

elundberg: this is discussion in #1027


adding link to previous https://github.com/w3c/webauthn/issues/1169

back to #1175

elundberg: so do we need any technical changes to the spec?

nick: I can respond to this person
... we have done some work here.

jeffH: so you will reply in the issue.
... that would be great.


elundberg: has self assigned it and opened a PR.


jeffH: it is labeled with process
... i have not looked at it.

jcj_moz: this is about tidiness
... important thing is the tools.

elundberg: if there has been a discussion, then OK.

RRAAgent, bye

<wseltzer> rrwsagent, draft minutes

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/03/20 18:17:13 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Default Present: jfontana, nsteele, jbarclay, pranjal, elundberg, ken, jeffh, christiaan, agl, sweeden, akshay, sbweeden, jcj_moz, Callum_May
Present: jfontana nsteele jbarclay pranjal elundberg ken jeffh christiaan agl sweeden akshay sbweeden jcj_moz Callum_May nadalin wseltzer
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Mar/0215.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]