tony: Next week, no meeting. Any objection?
none
tony: we will skip next week's meeting.
https://github.com/w3c/webauthn/pull/966
tony: akshay, you were looking at the TPM
akshay: this is low priority. we can make it Level 3
tony: we will keep it low priority
https://github.com/w3c/webauthn/pull/1219
tony: we put this off last week
akshay: we don't know the right
solution. question where is chrome in this whole thing
... MSFT will have what they need for windows next month.
question now is what about older platforms.
... what id browser does not support API
... I want to hear other people's review
agl: the point of API is to improve future. eventually they get out in the world
shane: I made my point in the comments in GitHub. not against it. Challenge is what is lowest common denominator
tony: transition will be bumpy
jason: I think there are some who will not implement the API.
tonhy: that is fine.
akshay: we don't seem to have a
clear consensus when all this is done.
... next big thing in my mind is Safari.
tony: if we do something now, it will probably be better than delaying
akshay: give me another
week
... I will go and look at the other browsers.
tony: OK
https://github.com/w3c/webauthn/pull/1244
agl: wonderful idea
tony: looking for JCs
opinion.
... we still need JC and Mike to look at it.
https://github.com/w3c/webauthn/pull/1248
tony: should be ready
eluncberg: anyone against merging.
<scribe> ...done
https://github.com/w3c/webauthn/pull/1249
elundberg: looks ready. merge?
tony: yes.
no objections
https://github.com/w3c/webauthn/pull/1250
akshay: I have not looked at this one.
elundberg: some comments from JeffH, be a few weeks til I get this.
https://github.com/w3c/webauthn/pull/1256
akshay: this is maybe beyond my expertise, need others to look
jeffH: need to respond to Emil, no ready to land.
https://github.com/w3c/webauthn/pull/1259
akshay: I am not in favor
... this is breaking change for me.
afl: in chrome if you don't set a value...
akshay: it is sisue between preferred and required.
christaan: want ot move to required.
akshay: want to move to default
christiaan: I could live with this.
akshay: I would go with clarification here.
bradley: my perspective, but long
time for browsers to catch up if we change default.
... need RPs to ask what they want.
agl: does not sound like
consensus
... RPs are not reading the WebAuthn spec. need to show why
this is positive change.
tony: leave this open?
agl: if we leave it hanging
around , it looks like we expect consensus in future.
... should cleanse this.
tony: any objections to losing this
jeffh: no
tony: thanks.
jeffH: close
agl: I will write stuff into issue and close issues.
tony: get to issues. 1258
https://github.com/w3c/webauthn/issues/1258
jeffH: it's not clear in spec. the spec could be more clear.
elundberg: this is also about the outputs.
agl: if you are setting an
extension I assume you know what you are setting
... we need to triage this a put a tag on it.
... who wants to do the PR?
... if no takers tag in Level 3
akshay: I wouild not try to do this and put in next draft.
<sbweeden> https://github.com/w3c/webauthn/issues/1261
<sbweeden> ve7jtb: FIDO adding new transports for iOS in the FIDO TWG. WebAuthn should include these transports.
<sbweeden> agl: Suggested something other than "tunnel"
<sbweeden> ve7jtb: Will work on PR.
<sbweeden> https://github.com/w3c/webauthn/issues/334
<sbweeden> jeffH: on todo list
<sbweeden> https://github.com/w3c/webauthn/issues/1039
<sbweeden> agl: editorial, low priority
<sbweeden> https://github.com/w3c/webauthn/issues/1004
<sbweeden> jeffH: ongoing, skip
<sbweeden> https://github.com/w3c/webauthn/issues/1099
<sbweeden> jeffH: on todo list, low priority, editorial
<sbweeden> same with https://github.com/w3c/webauthn/issues/1100
<sbweeden> same with https://github.com/w3c/webauthn/issues/1105
<sbweeden> same with https://github.com/w3c/webauthn/issues/1133
<sbweeden> https://github.com/w3c/webauthn/issues/1147 - blocked on CTAP2 changes
<sbweeden> https://github.com/w3c/webauthn/issues/1149
<sbweeden> sbweeden: Hoping browser vendors would chime in as to why things don't already work this way.
<sbweeden> akshay: rules on CTAP require PIN for uv-protected authenticators, not entirely up to WebAuthn / browser.
jeffH: thi sissiue needs to wait until we nail down CTAP
agl: even if we do that, still not sure of the utility of it
akshay: this is more about the
devices out there
... it is best to say discourage, but looking at finer
details.
... why would an RP say I do no twant to create a
credential
... I don't see why RPs would do this.
<sbweeden> akshay: suggests forbidden would not actually be used by RPs because they have to deal with older devices anyway.
<sbweeden> agl: agreed
<sbweeden> akshay: suggest close with no action. We have "discouraged" - should use that, and FIDO 2.1 devices will give the desired behaviour when they are prevalent.
akshay: this is more relevant a few years when there are more FIDO2 devices
jeffH: I can see closing with an explanation.
agl: I can write that and we can come back and review.
<sbweeden> agl: Discussed usage around "preferred" - will write an issue about soft use of preferred (e.g. don't create a PIN if not already on authenticator)
https://github.com/w3c/webauthn/issues/1174
<sbweeden> jeffH: This issue is calling out that there is different behaviour on different browsers
<sbweeden> akshay: want to make sure that RP's are not able to discover that the browser is in incognito mode
<sbweeden> akshay: will add questions to issue
<sbweeden> mtg concluded
Chairs: nadalin, fontana
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/Level 2/Level 3/ Present: jfontana jcj_moz elundberg Regrets: wseltzer No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Jul/0090.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]