W3C

- DRAFT -

Web Authentication WG

14 Aug 2019

Agenda

Attendees

Present
jbarclay, jcj_moz, elundberg, jeffh
Regrets
Chair
Nadalin, Fontana
Scribe
jfontana_

Contents

<jcj_moz> relevant mozilla position re: feature-policy (jeffh) https://github.com/mozilla/standards-positions/issues/24

sorry, technical difficulties for first 15 minutes.

i'm back

Discussion for apst 15 minutes has been on features policy

jcj_MOZ: lsorry for missteps here. it was a good learning opp.

tony: looks like we don't have a path forward with Feature Path

jcj_moz: not really, we have two paths, we have to look at them and we need wider comments.

tony: maybe getting use cases out of web payments group will help
... we should find things out at TPAC
... we will discuss with EMVco and web payments group before our Friday meeeting
... any other general discussions

<jcj_moz> also per earlier, my reply to Adam / Blink-Dev about Feature Policy state is here: https://groups.google.com/a/chromium.org/d/msg/blink-dev/NB6BMfcyKok/L-rOFJjvAQAJ

https://github.com/w3c/webauthn/pull/966

akshay: did we move to different draft

toy: yes.

https://github.com/w3c/webauthn/pull/966

agl: I need to do a review

jeffH: i need re-review

tony: so does akshay

https://github.com/w3c/webauthn/pull/1256

akshay: I asked edge team. they will review probably this week.

jcj_moz: we had our tester go through this. he said this is super cool
... he also said it would not be a security hole
... makes me happyt
... he needs to go back through Nina's slides.

nina: thanks for the feedback

tony: does this use permissions.

nina: no. web driver

jcj_moz: web dirver is pretty cool.

tonuy: i will take another look

https://github.com/w3c/webauthn/pull/1264

agl: I have a PR open to address feedback

jcj_moz: should merge after #1268 PR 1275

tony: it has not been triaged.

jcj_moz: they both need to be in the same revision.

tony: can add lightning support, DOM string

jcj_moz yes.

https://github.com/w3c/webauthn/pull/1270

tony: sitll in review

https://github.com/w3c/webauthn/pull/1272

agl: i need to tweek some things
... I will do that and come back

https://github.com/w3c/webauthn/pull/1276

jeffH: has to do with feature policy
... it also depends on changes in CredMan
... that is the spec that one needs to tweek for Feature Policy enablement

jcj_moz: we don't need to hold this up. concern is taking this to final spec before we resolve Feature Policy issues

jeffH: this should wait until we have a clean PR on CredMan

elundberg: needs a block label

jeffH: there it is

tony: JC would your opinion apply to earlier issue.
... you don't want it to go further than CR until Feature Policy is OK

jcj_moz: yes.
... our issues with Feature Policy is not that big.
... concerned about good practice. not sure where people want to use it in HTTP header
... http layer

agl: i am not going to sign on to this until it is ready

jcj_moz: i think the right things are happening.

https://github.com/w3c/webauthn/pull/1275

jcj_moz: this will let us avoid future breakage
... agl what you wrote looks good, but I need to go through the document.

agl: this is only dealing with the transport strings.

tony: akshay have you looked.

akshay: not yet.

tony: that takes us through all the open PRs.
... jump to untriaged issues.

https://github.com/w3c/webauthn/issues/1273

tony: what do we do here? I think the spec is incorrect, but we are not addressing because it has not been implemented

agl: we could eliminate thought there is passthrough

tony: should we remove
... this was an early thing Giri wanted.

selfissue: I think first version of text was written by Rolf

tony: yes

jeffH: notion was extensions implemented by authenticators.

agl: not gung-ho to take out.

selfissue: not clear we need a fix.

tony: do we get rid of this extension

jcj_moz: we would have to clarity what to do with specific types

tony: what do we do?
... WD-03

jcj_moz: I think we need to fix in 02

tony: by clarifying the documentation?

jcj_moz: either pass through values or not pass through

tonuy: we assign it to wd-02 and Mike write what you said and mark it editorial

https://github.com/w3c/webauthn/issues/1274

tony: this is brave browser
... code rules not the documentation
... jeffH can you fix

jeffH: i think I can

tony: that takes us over the un-triaged issues
... anything to discuss before me move to issues?

https://github.com/w3c/webauthn/issues/1277

agl: I am in favor of changing this string now

jeffH: i can start to get it changed.

tony: you are OK with publickeyCred

jcj_moz: yes.

<jcj_moz> I am OK with publickeycred

tonuy: jeffH, you will take it over to credman

jeffH: yes.

tony: any issues we need to still discuss.

https://github.com/w3c/webauthn/issues/1268

jcj_moz: Goolge blog seems to say they are using an Enum not is spec.

agl: it's in the spec
... i agree. the enum is in there for a while and we did not see it

jcj_moz: you are using user agent checking

agl: yes.

jcj_moz: this is why we need to merge the fix

agl: I am pretty sure we will not break anything

akshay: do RPs have to change?

agl: not if it doesn't break

jcj_moz: If RPs may have to make changes.

elundberg: I think our java library will have to make changes.

jcj_moz: there are a bunch of enums that may be problematic

akshay: do we change this one now and look at the others.

agl: we could go through and DOM string all of them

jcj_moz: I want to entertain the idea, but have to think through it.

agl: it seems reasonable to ponder it and come back next week.

akshay: will have to make sure all combinations work after we make changes.

tony: anything else

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/08/14 20:01:24 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: jbarclay jcj_moz elundberg jeffh
No ScribeNick specified.  Guessing ScribeNick: jfontana_
Inferring Scribes: jfontana_

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Aug/0081.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]