01 May 2019



jcj_moz, wseltzer, nadalin, sbweeden, Akshay, elundberg, johnbradley, jfontana, jeffh, christiaan, agl, jfotnana, ketan, ken_ebert


<wseltzer> present=

tny: we did get moved to Friday for TPAC

tony: we will work on agenda. There is a whole week if you want to go the sessions and meetings.

<wseltzer> https://www.w3.org/2019/09/TPAC/


tony: we will start here,

jeffH: it is triaged now

tony: can it go in WD 01

elundberg: I can merge this into #1095

tony: akshay can you look at this

akshay: yes.


jeffH: needs editorial change

tony: akshay you need to look at this.


jeffH: this is a long one.

akshay: coded in the platform.
... we have a proposed extension

shane: authenticators do not need to change
... the way it is written an authenticator may return that value, but if not , the client can figure it out

skashay: do we need to define right now?

shanbe: I don't mind.

akshay: anything that changes external authenticator firmware I am cautious

shanve: the point is they don't have to change

akshay: I am saying they have to do change your way

shane: I can simplify this a lot
... we can use flags, I suggested that before
... lets move it to FIDO2 and open an issue there.

shanve: any objections

braldy: I am fine to move the authenticator change

jeffH: are you saying here we should drop the authenticator extension....or remove cred ???

bradley: having two different ways to do this will create confusion down the road. I want to capture all the properties now
... people looking to see if they can do this without an allow list

agl: needs an extension for this.

akshay: we can put an output as 'same'

agl: I am on board

bradley: we need to clarify in CTAP 2

agl: RPs want to be assured this will work

bradley: RP wants to be able to use without an allow list


bradley: without a change to CTAP, we can't do this

akshay: flag can be used to figure it out.
... from practical matter, setting to discouraged translates to some parameter in CTAP
... we can formalize it in the CTAP spec.

bradley: the question is do we force allow a credential and allow it to be resident, ...I think we need to separate where key is stored and whther or not you need a ?? to retrieve it
... the initiation is the important part of allow list or not

agl: should we sort that at CTAP2 level

tony: on CTAP side we should separate them out.

shane: I am hearing remove the authenticator of CRED prop extension and we should be close at that point.

akshay: yes

shane: i will do that

tony: akshay will you update?

akshay: I will remove the authenticator portion.

tony: I think this is coming to a close here, then some work in FIDO2


tony: still some issues for JeffH

jeffH: let me take a look at it.


tony: JeffH what do you have going here.

jeffH: minor grammatical

tony: when #1095 goes this one goes also

akshay: updating #1095,

tony: can you approve akshay and merge #1095
... that takes us through the pull requests.


bradley: was this left in for native apps on the device...to call web authn in the browser

jcj_moz: issue is around local host

bradley: platofmrs should have direct apis

jeffH: agreed
... so leave the spec as it.

tony: should we close with no action

jeffH: someone can write a reply

tony: do that with intention of closing

#862 #872 are on-going

scribe: were going to get PR on #911, but not there yet.

jeffH: I am working on it.


tony: this needs PR label.

#991 we dislcussed

#1004 montiored

#1060 PR open

scribe: leaves us with #1166

jeffH: just editorial



elundberg: I will work on this.

tony: I want to get level 1 done before the Plenary. May 21

<wseltzer> [level 2 draft 1]

tony: is this doable
... we are on the verge of getting things closed for draft of level 1
... I have updated the milestone.
... anything else to discuss?
... please do your assignments. adjourn.

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/05/01 19:43:08 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Default Present: jcj_moz, wseltzer, nadalin, sbweeden, Akshay, elundberg, johnbradley, jfontana, jeffh, christiaan, agl, jfotnana, ketan, ken_ebert
Present: jcj_moz wseltzer nadalin sbweeden Akshay elundberg johnbradley jfontana jeffh christiaan agl jfotnana ketan ken_ebert
No ScribeNick specified.  Guessing ScribeNick: jfotnana
Inferring Scribes: jfotnana

WARNING: No "Topic:" lines found.

WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019May/0002.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]