tony: register for TPAC. Sept. 16-20
<wseltzer> https://www.w3.org/2019/09/TPAC/
https://github.com/w3c/webauthn/pull/653
tony: still on hold. on-going
https://github.com/w3c/webauthn/pull/909
jeffH: waiting on CTAP
https://github.com/w3c/webauthn/pull/966
akshay: can we move to next draft.
tony: OK. WD-03
... we will create new milestone.
https://github.com/w3c/webauthn/pull/1219
akshay: the proposals are not clear. I would say close it down.
agl: we may do this at some point. we could bring it back.
akshay: let's punt.
jcj_moz: thanks for all the hard work. it is a good idea.
akshay: I will close for now.
<jcj_moz> jcj_moz: "I could go on record as, three years ago 'you told me so' we'd want this, but I stood in the way"
https://github.com/w3c/webauthn/pull/1244
jeffH: we think it is ready to go.
akshay: looks fine to me.
jcj_moz: I have looked at
it.
... I can bless it. I have not nit-piked it.
... I will merge.
https://github.com/w3c/webauthn/pull/1250
elundberg: I will look at it next week.
https://github.com/w3c/webauthn/pull/1256
hjeffH: still needs some
polishing.
... I need to re-review.
https://github.com/w3c/webauthn/pull/1259
agl: this should be closed two weeks ago.
https://github.com/w3c/webauthn/pull/1264
agl: perhaps others should weigh
bradley: I have reviewed. I asked Mike to review.
selfissue: I am looking at it.
jcj_moz: since we don't define enumeration, do we have to add on to the end.
jeffH: we are adding another value
bradley: I changed the order, but tried to logically group
selfissue: I reviewed and approved.
agl: I still think this is a good change to land now and we can go back if need be.
jcj_moz: by definition Web IDL needs to throw an error
tony: who will submit that
issue.
... so merge and open up a different issue
jeffH: yes, one way to do it.
https://github.com/w3c/webauthn/pull/1266
elundberg: I will look at it next week.
tony: i will leave it open until
then
... with issues Aksay was going to look at #334
https://github.com/w3c/webauthn/issues/334
akshay: will look into it
https://github.com/w3c/webauthn/issues/1039
elundberg: I will work on this
tony: still shooting for next version?
elundberg: yes
https://github.com/w3c/webauthn/issues/1044
jcj_moz: close no issue
tony: close
https://github.com/w3c/webauthn/issues/1099
tony: close
https://github.com/w3c/webauthn/issues/1105
tony: same thing
... ?
JeffH: mention it at this point, later we can get fancy if need be.
jcj_moz: I will make a comment
https://github.com/w3c/webauthn/issues/1133
jeffh: will work on it.
https://github.com/w3c/webauthn/issues/1149
agl: we are leaning to closing this issue, no action
jefH: are we waiting for Christiann
agl: I am fine with closing .
jeffH: OK
tony: he coul dre-open or submit something.
https://github.com/w3c/webauthn/issues/1174
tony: what happens with edge
akshay: we should have a single
??? with cross platform browser
... couple of things. need consistent behavior on every
platform
agl: we don't want to expose any
incognito fucntion.
... we have not worried about this.
... we want consistency. but we are still having issues on
chrome
akshay: if decide the other way totally. will we have random noise.
agl: any immediate error wil likkely disclose icognitio with low noise.
akshay: I would like the consistent behavior across platform, browser.
agl: I would be fine with Jeff's language.
wendy: private browsing could give requirements if people wanted.
agl: I claim it is non-normative . I am uncomfortable with normative
akshay: I agree
wendy: that make sense to me
tony: we need to update this issue and then open a PR
agl: I can summarize in the
issue
... I cna't do PR now
tony: lets keep it open. and put a note in it.
https://github.com/w3c/webauthn/issues/1201
jeffH: on the to do list
https://github.com/w3c/webauthn/issues/1204
jeffH: on the list
https://github.com/w3c/webauthn/issues/1206
jeffH: same
https://github.com/w3c/webauthn/issues/1207
tony: same editorial issue.
https://github.com/w3c/webauthn/issues/1208
tony: editorial
https://github.com/w3c/webauthn/issues/1231
tony: editorial
https://github.com/w3c/webauthn/issues/1236
tony: PR open
https://github.com/w3c/webauthn/issues/1257
tony: editorial
https://github.com/w3c/webauthn/issues/1261
agl: should be resolved.
https://github.com/w3c/webauthn/issues/1218
akshay: not sure we want to do this
agl: not sure either
akshay: close it
tony: close
jeffH: with a brief explanation, sure
tony: we are through the list. anything else that was not on the list
agl: I want totalk
i-frames.
... do we want to allow create or just stay with get
... what ideas are out there.
... other question. this will allow webauthn call to appear in
an i-frame.
tony: we shall consult with EMVco stuff
jcj_moz: I had not considered a
flag to make embedding OK. but makes sense
... I like this. I don't have opinion on create
James: this is how we dealt with
this
... we have to use a pop-up for registration and
assertion
... it is one reason we still support U2F
agl: what use would you have for an i-frame
james: if user was on DUO prompt and wanted to add a new credential, we use a pop-up. the only way it will work
agl: wha tis example of top level origin with i-frame
nick: DUO explaining how its platform works.
agl: shoiuld create not be allowed in i-frame
bradley: it should be controlable.
jcjc_moz: is feature policy the
right place?
... let the vendor make the decision
agl: we are saying both parties have to. top level origin and embedded i-frame
jcj_moz: I was thinking a specific flag for create.
agl: the flag would be on the get and create calls separately, but the embed-er may have an opinion on creating credentials
bradley: sounds like compromised may be embed-er can do web authn, and the embed-ee can do create
tony: why not just make it usable
no matter what, and pin down the create.
... is there reason for separate agreement on get
breadley: yes, I can see service providers having issues, may open up attacks.
tony: maybe we take this to the Web Payments people.
agl: I will make a PR for next week
tony: that's good.
... adjourn
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/jfontana_/jfontana/G Present: wseltzer agl jeffh david_waite david_turner elundberg jcj_moz jfontana nadalin sbweeden nmooney jbarclay nsteele Akshay john_bradley selfissued No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Jul/0153.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]