Web Authentication WG

29 May 2019



wseltzer, jfontana, nadalin, rolf, jcj_moz, akshay, nsteele, pamela, elundberg, agl, jeffh, David_Waite, JohnBradley, Luke


<nsteele> thanks

akshay: I don't know what is wrong, getting error in trying to publish WS-01

correction. WD-01

Levek 2

Level 2

tony: let's go to pull requests for Level 2 WD-02


tony: no update to this one.
... for quite a while

elundberg: The associated issue is closed

tony: this can be closed.


tony: not sure this is valid

jcj_moz: we will have to dog food,
... would be right thing to update. I don't have all the web platform tests for Firefox.

agl: it is hard to test all of the web platform stuff

jcj_jones: I don't want to have to decide what is ready to test and what is not.

tony: is this something we want to do in this draft

jcj_moz: when we can do this, we should

akshay: move to next version, I will do that.


tony: still some issues on caBLE
... leave it hanging until we get CTAP stuff situated.
... any issues with that.

jeffH: agreed

elundberg: cable can be confusing. should we add a hypen. people might read it as cable.

tony: > i'll leave that to the group

alexei: I don't think we care about the name. but you have to find and replace.

jeffH: if we used cloud-assisted BLE.... :-)


akshay: I will look into this. assign to me.

agl: if someone cares about this and sending comments they should take up the work

nsteele: I can ping Yuriey on this.


akshay: Jason is out this week, I will let him deal with this.

agl: any information derived from header agent is probably fine.

tony: that is all the pull requests. so lets look at issues'



jcj_moz: punt


tony: has not been touched for years

jeffh: a year and a half ago we punted to L2. I would be fine on closing this.

tony: can you close

jeffH: yes.


akshay: I want to look at this.

tony: you are assigned.


tony: this is ongoing. whatever happens happens

jeffH: yes.


tony: i assume this is still valid.

jeffH: yes
... figure out if we want to explicitly address this or not.
... we discussed this recently

review this an convince ourselves we are covering the bases.


tony: leave it


agl: it is about UAF

rolf: I think it is still good to have this. signature assertions.
... should work. we don't expect the browser to do the de-coding.

tony: you want a pass-through

rolf: yes.

agl: ... it needs to be specified

alexei: we had close these PRs #407 #408

rolf: I am hearing now lets reference at least.
... the ability to pass other assertions through, it would be great to have given FIDO specs.
... I will turn into a PR.

tony: rolf will create a PR for this


agl: Google would not implement

akshay: MSFT will not

rolf: let's close. no action


jeffh: I have to re-review

elundberg: a week ago you said we could probably close.
... is others agree, let's close.

tony: so review

jeffh: it's closed


editorial cleanuyp


jeffH: this is just to clean up CredMan

tony: leave it as CredMan


tony: tag it with open.


jeffH: editorial cleanup.


jeffH: monitoring cred man again.


elundberg: I'll look at it

<wseltzer> https://github.com/w3c/webauthn/issues/1044



tony: seems to be out of our reach

agl: we should address

tony: not sure it is in our scope, it is in the RPs scope

elundberg: I can do this


elundberg: close this

tony: yes.


jeffh: this is editorial clean-up


tony: more editorial


tony: editorial


jeffH: this is something we should do


jeffH: this is editorial. may be addressed, not convinced.


jeffH: we should add a note to clear up the steps

https://github.com/w3c/webauthn/issues/1147/ (most recent one)

alexei: waiting for work from FIDO


agl: do we want to do this. apparently we can't do it. I think we can do it in FIDO land
... but not here.

jeffH: at some point we were thinking yes.

agl: worry. if we implement no one will use.

aksay: I say we don't need it

agl: " no shortage of issues. close it.

jeffH: maya be we should double check with those pushing for it.

tony: let's check.


elundberg: I will look at it.


agl: complicagted.

akshay: we should look at his.


alexei: let's see what we want to do for each platform. We can get a better picture. Every implementor should write what they care about.

agl: we keep making changes, but they seem to be converging. I will write down our goal.


jeffH: we should do this.


agl: nobody implements.

nsteele: worth noting there are a couple of issues around this.

alg: it is just attestation.

nsteele: there have been multiple issues here with E#CDAA

jcj_moz: maybe just some guidance.

agl: is that like a black diamond on a ski slope.

rolf: not sure we have the right guidance here.
... maybe this is just non-issues in the end.

jcj_moz: maybe a warning is best. and say it is not widely implemented.

aksahy: I would prefer not having a warning here.

pdingle: if we say not widely adopted, then people adopt....

jcj_moz: I would hope for resolution before we publish.

tony: let's try to get through the last 8 issues.
... adjourn

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/05/29 20:02:51 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/1133/1147/ (most recent one)/
Present: wseltzer jfontana nadalin rolf jcj_moz akshay nsteele pamela elundberg agl jeffh David_Waite JohnBradley Luke
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019May/0207.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]