test
RRSagent
tony: feedback from TPAC we
wanted FRiday, but we got Thursday. trying to change it
Friday
... start with PRs
https://github.com/w3c/webauthn/pull/909
still on hold.
https://github.com/w3c/webauthn/pull/966
tony: never mind on 966
https://github.com/w3c/webauthn/pull/1095
elundberg: waiting for one response from M. Jones.
tony: jeffH has submitted a review
jeffH: yes.
emillundberg: I have responded to jeff's suggestions.
tony: Mike did sign off on this.
elundberg: he suggested some editorial changes.
tony: I will have him look at it again today.
https://github.com/w3c/webauthn/pull/1191
jeffH: my review is almost done
tony: what is the prediction of response, does it need more work
jeffH: yes. but it is very good. nice work by Shane
shane: I am glad you looked at it. there is quite a bit done in the past 24 hours.
jeffH: that was the bulk of my review.
tony: this will be closed.
jeffH: I thnk so.
https://github.com/w3c/webauthn/pull/1195
tony: is Nick on? .....no
... I don't see any agreements.
... so jeffH and adam still hav ethings outstanding here.
agl: I thought the previous was better but not opposed to the change.
tony: jeffH is requesting a few minor changes.
agl: I don't object to this
... no
tony: that takes us through the
PRs
... no un-triaged PRs
... looks like we can ....any obejtion to move #909 to WD 2
agl: it seems we are on hold
jeffH: Arnar is out this week
tony: i will move #909 to WD
2
... the rest can stag at WD 01
jeffH: I agree
tony: we have four to clsoe to
get to a draft.
... and then look at this issues.
... go to issues.
https://github.com/w3c/webauthn/issues/1202
tnoy: thisis one un-triaged issue
elundberg: we will not have thi sdone in WD-01. it is quite substantial.
tony: trying to get this done in the next 2-3 weeks
aksahy: fine to put it at WD02
tony: lets get out a WD01
https://github.com/w3c/webauthn/issues/911
tony: on hold here
jeffH: I have done some research, but nothing to report
agl: this will come up with 3D Secure folks
tony: yes.
jeffH: there is stuff to circle
back around here.
... but that is all I have to say right now
tony: they are going down the feature policy route.
jeffH: feature policy is about the container, permissions is about certain features in certain contexts.
agl: do we ask the user about
this?
... the language might not mean anything to anybody
jeffH: mike west thinks best way to address, is to figures out some way to pose that question
agl: is there a privacy issue
here?
... I don't understand why this is so complicated.
... can we say the feature string
jeffH: in our spec it is not ocmplicated. complexity is in the feature policy context
akshay: we are talking about some
RP trying to authenticate for another RP.
... hwo will user recognize this as legit use case
jeffH: that is one aspect
... the fix is more than one sentence it is maybe five
sentences.
akshay: how does browser know this is legit use case.
jeffH: currently the browser does
not have that functionality
... I need to talk to the Feature Policy author
... it is a unilateral decision
rolf: my understanding is the
responsibility has shifted to the RP
... we are shifting responsibility to RP
akshay: can one RP get another's frame
agl: the outer origin might not see the inner iFrame
Bradley: maybe trouble is in
protocol wrapping
... who do you trust. It is really other protocols that will
have the security problems.
... that is where security considerations are
... as far as WEb authn, the origin is the origin of the web
site.
akshay: what I am looking for. I control x.com and say my iFrames can be included. I only want there frames included.
agl: that is X-Frame-Options?
jeffH: potentially is the
answer.
... we could do the quick and dirty..
tony: so we just need a PR and do it
jeffH: yes.
agl: jeff and I will try to get around to that next week and get a response
tony: we should have the web payments look at this
https://github.com/w3c/webauthn/issues/973
tony: hthis has been going on for a while'
agl: authenticators have shiped a
nd trucate that 64-byte
... I think we are gong to close this. handling on the platform
side is fine.
... akshay are you fine with that
jeffH: do we need implemenation guidance.
agl: I will write that up then close PR
https://github.com/w3c/webauthn/issues/996
jeffH: editorial, do at some opont
tony: move to ws02?
jeffH: yes
https://github.com/w3c/webauthn/issues/1004
tony: thisis cred man
jeffH: could be done by wd01
tony: leave it here.
jeffH: ok
https://github.com/w3c/webauthn/issues/1060
elundberg: fixed by pull request
https://github.com/w3c/webauthn/issues/1099
jeffh: we can punt this to wd02 if you wiah
tony: done.
https://github.com/w3c/webauthn/issues/1122
jeffH: punt
https://github.com/w3c/webauthn/issues/1147\
tonh: this is enterprise attestation
jeffH: we are waiting for the CTAP world
tony: won't be done for ws01
jeffH; punt
https://github.com/w3c/webauthn/issues/1149
https://github.com/w3c/webauthn/issues/1194
elundberg: I will close when shane's pull request is done.
https://github.com/w3c/webauthn/issues/1198
elundberg: close
tony: closed.
... we have #1191 , it will get closed. so will #1088 #1149
#1060
... leaves us with PR for #911
... I thnk we can make wd01 in three weeks.
... I will set that date. And have a potential WD01
... shane anything to discuss
tony adjourn.
tony: adjourn
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/x-frames/X-Frame-Options/ Default Present: elundberg, jfontana, jbarclay Present: elundberg jfontana jbarclay No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. WARNING: No meeting title found! You should specify the meeting title like this: <dbooth> Meeting: Weekly Baking Club Meeting Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Apr/0153.html WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]