W3C

- DRAFT -

SV_MEETING_TITLE

24 Apr 2019

Agenda

Attendees

Present
elundberg, jfontana, jbarclay
Regrets
Chair
SV_MEETING_CHAIR
Scribe
jfontana

Contents

test

RRSagent

tony: feedback from TPAC we wanted FRiday, but we got Thursday. trying to change it Friday
... start with PRs

https://github.com/w3c/webauthn/pull/909

still on hold.

https://github.com/w3c/webauthn/pull/966

tony: never mind on 966

https://github.com/w3c/webauthn/pull/1095

elundberg: waiting for one response from M. Jones.

tony: jeffH has submitted a review

jeffH: yes.

emillundberg: I have responded to jeff's suggestions.

tony: Mike did sign off on this.

elundberg: he suggested some editorial changes.

tony: I will have him look at it again today.

https://github.com/w3c/webauthn/pull/1191

jeffH: my review is almost done

tony: what is the prediction of response, does it need more work

jeffH: yes. but it is very good. nice work by Shane

shane: I am glad you looked at it. there is quite a bit done in the past 24 hours.

jeffH: that was the bulk of my review.

tony: this will be closed.

jeffH: I thnk so.

https://github.com/w3c/webauthn/pull/1195

tony: is Nick on? .....no
... I don't see any agreements.
... so jeffH and adam still hav ethings outstanding here.

agl: I thought the previous was better but not opposed to the change.

tony: jeffH is requesting a few minor changes.

agl: I don't object to this
... no

tony: that takes us through the PRs
... no un-triaged PRs
... looks like we can ....any obejtion to move #909 to WD 2

agl: it seems we are on hold

jeffH: Arnar is out this week

tony: i will move #909 to WD 2
... the rest can stag at WD 01

jeffH: I agree

tony: we have four to clsoe to get to a draft.
... and then look at this issues.
... go to issues.

https://github.com/w3c/webauthn/issues/1202

tnoy: thisis one un-triaged issue

elundberg: we will not have thi sdone in WD-01. it is quite substantial.

tony: trying to get this done in the next 2-3 weeks

aksahy: fine to put it at WD02

tony: lets get out a WD01

https://github.com/w3c/webauthn/issues/911

tony: on hold here

jeffH: I have done some research, but nothing to report

agl: this will come up with 3D Secure folks

tony: yes.

jeffH: there is stuff to circle back around here.
... but that is all I have to say right now

tony: they are going down the feature policy route.

jeffH: feature policy is about the container, permissions is about certain features in certain contexts.

agl: do we ask the user about this?
... the language might not mean anything to anybody

jeffH: mike west thinks best way to address, is to figures out some way to pose that question

agl: is there a privacy issue here?
... I don't understand why this is so complicated.
... can we say the feature string

jeffH: in our spec it is not ocmplicated. complexity is in the feature policy context

akshay: we are talking about some RP trying to authenticate for another RP.
... hwo will user recognize this as legit use case

jeffH: that is one aspect
... the fix is more than one sentence it is maybe five sentences.

akshay: how does browser know this is legit use case.

jeffH: currently the browser does not have that functionality
... I need to talk to the Feature Policy author
... it is a unilateral decision

rolf: my understanding is the responsibility has shifted to the RP
... we are shifting responsibility to RP

akshay: can one RP get another's frame

agl: the outer origin might not see the inner iFrame

Bradley: maybe trouble is in protocol wrapping
... who do you trust. It is really other protocols that will have the security problems.
... that is where security considerations are
... as far as WEb authn, the origin is the origin of the web site.

akshay: what I am looking for. I control x.com and say my iFrames can be included. I only want there frames included.

agl: that is X-Frame-Options?

jeffH: potentially is the answer.
... we could do the quick and dirty..

tony: so we just need a PR and do it

jeffH: yes.

agl: jeff and I will try to get around to that next week and get a response

tony: we should have the web payments look at this

https://github.com/w3c/webauthn/issues/973

tony: hthis has been going on for a while'

agl: authenticators have shiped a nd trucate that 64-byte
... I think we are gong to close this. handling on the platform side is fine.
... akshay are you fine with that

jeffH: do we need implemenation guidance.

agl: I will write that up then close PR

https://github.com/w3c/webauthn/issues/996

jeffH: editorial, do at some opont

tony: move to ws02?

jeffH: yes

https://github.com/w3c/webauthn/issues/1004

tony: thisis cred man

jeffH: could be done by wd01

tony: leave it here.

jeffH: ok

https://github.com/w3c/webauthn/issues/1060

elundberg: fixed by pull request

https://github.com/w3c/webauthn/issues/1099

jeffh: we can punt this to wd02 if you wiah

tony: done.

https://github.com/w3c/webauthn/issues/1122

jeffH: punt

https://github.com/w3c/webauthn/issues/1147\

tonh: this is enterprise attestation

jeffH: we are waiting for the CTAP world

tony: won't be done for ws01

jeffH; punt

https://github.com/w3c/webauthn/issues/1149

https://github.com/w3c/webauthn/issues/1194

elundberg: I will close when shane's pull request is done.

https://github.com/w3c/webauthn/issues/1198

elundberg: close

tony: closed.
... we have #1191 , it will get closed. so will #1088 #1149 #1060
... leaves us with PR for #911
... I thnk we can make wd01 in three weeks.
... I will set that date. And have a potential WD01
... shane anything to discuss

tony adjourn.

tony: adjourn

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/04/24 19:43:20 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/x-frames/X-Frame-Options/
Default Present: elundberg, jfontana, jbarclay
Present: elundberg jfontana jbarclay
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.


WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Apr/0153.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]