04 09 2019
tony: One more meeting, then two
skips. 18th, 25th
... status of charter changes.
... it is out for review by AC reps. we are extended to 30th of
Oct.
... this allows charter process to run its course.
... vote to approve the charter if yo are AC rep
... any questions on TPAC agenda, please post to list
... if you are in Japan, you can join.
... if you have any adds to agenda send to Tony. demos, etc,
Sign up for meeting.
... couple of invited guests have been approved.
https://github.com/w3c/webauthn/pull/653
tony: won't go over.
https://github.com/w3c/webauthn/pull/909
skip
https://github.com/w3c/webauthn/pull/1250
tony: need akshay to review
akshay: yes
https://github.com/w3c/webauthn/pull/1256
tony: nina you won't be in
Japan
... this will come up at face to face
nina: I won't be there.
tony: jeffH can you represent
jeffH: yes.
tony: akshay, need to push to close by before or during face to face
akshay: I will do it
tony: agl have you signed
off.
... please look at it before face to face
... jeffH has approved.
agl: if nina thinks this is good, I think it is good.
tony: put that on reviewer list
https://github.com/w3c/webauthn/pull/1270
tony: ready to go?
elundberg: not ready. JeffH has some comments
jeffH: it will be fine. work in
my comments
... I am putting it on elundberg
tony: elundberg, please look at this one.
elundberg: OK
... only thing is term bootstrap. we could merge and continue
that discussion later
jeffH; some editorial. but thanks for the other clean-up
scribe: it improves issues #344
elundberg: we could merge this now.
jeffH: later clean-up is fine
elundberg: I will merge
https://github.com/w3c/webauthn/pull/1276
tony: this needs additional reveiw
akshay: I need more detail
jeffH: further changes needed in
Cred Man
... I will shoot to finish before TPAC
... this helps cross origin I-frames via feature policyt
... real meat will be in cred man spec
tony: how will the RPs know what to do
jeffH: way feature policy works,
there is default allow list. this is same origin as ancestors
by default
... does not changing exisiting default behavior
... but somebody could explicitly engage cross origin
I-frame
... boolean will be true
tony: how will RPs know what to look for
jeffH: it will be in the
spec
... it covers RPs
... we are making changes from level 1. we should explian how
it works.
... as opposed to level 1
jbradley: this should only effect people who have turned it on.
https://github.com/w3c/webauthn/pull/1284
tony: still in progress. no review
jeffh: real simple. a small
change
... i landed the change in feature policy world, in terms of
list of defined feature policies.
agl: this should be able to land
now
... please review
akshay: looks good to me. I signed off on itt.
https://github.com/w3c/webauthn/pull/1288
elundberg: any objections to merging?
tony: jeff H and akshay have approved.
https://github.com/w3c/webauthn/pull/1289
agl: part of the steps need to
remain.
... you should stop and think about extensions
... this change seems fine.
shane: do you have proposal for more words
agl: perhaps a note, add info. about extension actions.
shane: I can add something like that
tony: but this will be change in behavoir. willit break
elundberg: will they have to
accept extensions they don't know about.
... but extension note is given, should they accept it?
shane: the whole point. could the
RP open or fail closed.
... practical use that it should not always do that.
elundberg: these are probably well known extensions
shane: no one knows cred protect.
it is not public yet.
... what is right answer here. maybe it should not be
injected.
DWaite: our RP had issue with
this.
... we were saying it was not compatible with new YubiKeys, but
it was browser issue with compliance
... it is an extension, that RP don't understand this
now.
... RPs don't seem to have the knowledge.
agl: this is why we are doing this chamnge
tony: shane, do you have what you need.
shane: need approvers
tony: agl, jeffH, elundberg on the list
alexei: If I may...
... related questions. arbitrary extensions from
authenticators, is this still a thing. I thought we didn't want
this.
jbradley: chrome added it
agl: this was about what was rejected. if it is problem we could change our stance.
jbradley: i suspect that we want to allow the user to have control via browser or authenticator
akshay: can we reject these things. I would say let it play out and see what happens.
jbradley: I don't know of any
scenarioes now, but maybe down the road.
... the concern for RP, if extension that meanings are
different and it changes security context
... I think this is pretty low risk.
akshay: ultimately it is for the
RP to decide.
... should be case by case basis
shane: another example may be
cred ??? extension
... cred prop
... cred props. new to level 2. deals with resident keys
akshay: looks like we have different points of view for different scenarioes.
shane: all add note and see if reviewers can approve or not.
tony: akshay, take a second look.
akshay: yes.
moving to issues
#1282 lcosed
#1283 closed
https://github.com/w3c/webauthn/issues/1285
agl: still some conversation
tony: this is not ready yet.
akshay: does not seem anyone is using icons at this time
agl: we do not store icons on
authenticator
... expectation some authenticators will be larger, maybe then
can store data URLs, not yet.
jeffH: like built-in platform authenticators
thttps: //github.com/w3c/webauthn/issues/1286
akshay: look at it before TPAC
tony: any open issues for
discussion.
... any questions, concerns, updates.
... at TPAC, we will look at issues for WD-02. we may have to
react before all the editorial ones land
jeffH: the list is going to change between now and TPAC
tony: that is todayt's
agenda.
... OK, meeting next week, then off for two weeks on call (TPAC
starts on Sept. 16)
Date 04 09 2019
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) WARNING: No "Present: ... " found! You can indicate people for the Present list like this: <dbooth> Present: dbooth jonathan mary <dbooth> Present+ amy <amy> Present+ Regrets: wseltzer No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]