Web Authentication WG

28 Aug 2019



nsteele, Nadalin, nmooney, Akshay, jcj_moz, John_Bradley, sbweeden, jbarclay, agl, wseltzer
Nadalin, Fontana


<wseltzer> Nadalin: no meetings Sept 18 and 25

no mtgs 18th and 25th september due to TPAC and FIDO mtgs

Wendy: new charter underway, should be open for review soon. Existing charter extended to carry through review period.

<wseltzer> Draft charter to be sent for AC review, https://www.w3.org/2019/08/web-authentication-charter.html

PR review...

909 - on hold for FIDO

966 - to be moved to WD03

1250 - editorial, ongoing

1256 - edge team still invetigating, on hold

<Jfontana_> I present+

1264 - waiting for 1275 to land

1270 - ongoing

<Jfontana_> No audio

1275 - landing, so 1264 also

hey @Jfontana, do you want to take over? I am stand-in irc scribe

<Jfontana_> I can't hear the call

1284 - AGL - says JeffH reports in progress

1288 - JeffH ok, Akshay and JohnB to review

Untriaged Issues....

1283 - close no action, advice provided

1285 - AGL and Akshay suggested that these icons are not currently used by the user-agents and that it is unlikely the browsers would ever retrieve href icons and would only display if data URLs. Common suggestion is to recommend that if these are to be used, they be data urls.

1285 - nadalin assigned JC

1286 - akshay explained issue of default timeout of 15 seconds during enrollment for bio authenticators that take some time to enroll. Requesting increased default.

agl - ok with larger floor timeout

james, nsteele - Duo currently use 60 second timeout

akshay - issue driven by in-line bio enrollment on first use of token

agl - suggests short timeout for get assertion, and longer for get credential.

<nsteele> specific to UV, rather than just UP

akshay to continue looking into it

1287 - agl, chrome sets credProtect to 2 by default, and don't plan to change this.

johnb - RP's could explicitly set credProtect, but easier said than done

sweeden - suggested that RP's should be given the right to accept attestations containing unsolicited extensions subject to "their policy"

johnb - the MUST existed in the spec so that if future extensions which changed what should happen at the RP were not understood by the RP, then the message should not be processed at all

all: general agreement that the MUST should be relaxed

further discussion on idea that clientDataJSON could be annotated by browser to indicate extensions that the browser has added itself

sweeden - to do PR for relaxing MUST requirement

akshay - separate discussion on credProtect defaults

nadalin - asked JC for update on FeaturePolicy. JC - working with webappsec, continuing conversation.

call closed

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/08/28 20:19:35 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/rragent, draft minutes//G
Present: nsteele Nadalin nmooney Akshay jcj_moz John_Bradley sbweeden jbarclay agl wseltzer
No ScribeNick specified.  Guessing ScribeNick: sweeden
Inferring Scribes: sweeden

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Aug/0163.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]