W3C

- DRAFT -

SV_MEETING_TITLE

11 Sep 2019

Agenda

Attendees

Present
wseltzer, jfontana, nsteele, nmooney, Akshay, David_Turner, David_Waite, elundberg, jcj_moz, nadalin, agl, sbweeden, pasan, selfissued, jbarclay, jeffh
Regrets
Chair
nadalin, fontana
Scribe
fontana

Contents

<scribe> scribe: fontana

<wseltzer> -> TPAC Fukuoka, next week https://www.w3.org/2019/09/TPAC/schedule.html

<wseltzer> -> WebAuthn schedule for TPAC https://lists.w3.org/Archives/Public/public-webauthn/2019Sep/0072.html

tony: also joint meetings with Web Payments and Web Payments Security Interest Group.

Duo will present on Wednesday un-conference

tony: anything else on TPAC
... if you have updates, send
... added time to discuss account recovery
... set on TPAC agenda
... #909 on hold
... moving #909 to WD-03

https://github.com/w3c/webauthn/pull/1250

akshay: getting more questions than answers
... need to look closer at this.
... will finish by TPAC.

https://github.com/w3c/webauthn/pull/1276

tony: still blocked

https://github.com/w3c/webauthn/pull/1298

elundb erg: need more reviewers

selfissue: can you help
... sure

tony: it is an editorial

https://github.com/w3c/webauthn/pull/1299

tony: akshay will help review
... should be just editorial change
... at face to face, #1250 #1256 #1298 and #1299 closed
... any questions on PR?

no

moving to issues

tony: jeff do you want to skip all editorials

jeffH: yes I have 10 and we can skip

tony: will these make wd-02

jeffH: more important wok is in cred man

shane: will these amke wd-02

tony: want to get to point at TPAC we close open PR and triage what we want in wd-02
... close out publice review

shane: so no target date

tony: there is, on WD-02. wrap up by end of year. to get to CR, by end of year.
... we will need at least 3 drafts, WD's, to feel comfortable with a CR

akshay: so two more working drafts

tony: I want a wd-02 after TPAC, then one before holidays, then work toward CR at beginning of year.
... there are some un-triaged issues to handle

https://github.com/w3c/webauthn/issues/1291

tony: is ithe wd-2 or 3

elundberg: yes, i think 3. so of these are vague

https://github.com/w3c/webauthn/issues/1292

agl: we are a bit worried about this. if this doesn't align, don't know what that means
... i want a PR by TPAC to look at this. want to look at Apple's issues. we can discuss at TPAC
... in some form, I will have something by the friday

T

tpac meeting

https://github.com/w3c/webauthn/issues/1293

agl: unsure of motive on this. think it breaks things

akshay: what is this?

agl: there is user gesture. Apple is worried about the outcome of this issue.
... android has not said they are worried about this.
... they are uncomfortable about this.

correction: apple is uncomfortable with the issue

agl: there are cases that will break for us if we did this

JDJ_Moz: i want to talk to other RPs

nick: this would break for DUO

the issue is Requiring user gesture to call WebAuthn API

tony: this is key to discuss at TPAC

https://github.com/w3c/webauthn/issues/1294

tony: some discussion also in FIDO

akshay: I want to understand the use case.

agl: I have to leave. read my comments on the bug on Apple issue.
... I would not fight them over Lightning.

jbradley: I am pushing for it, because google wants it in.

agl: I have not been able to talk to Christiaan

jeffh: the other thing to note. comment in issue, is hinting that apple differentiation between lightning and other things may go away.
... but I am not sure.

akshay: I will re-read this item.

<wseltzer> [agl departs]

akshay: have to think about all the OS versions.

jbradley: we think apple will support w

web authn on iOS, just when

jbradley: HID over iOS does not work right now

tony: no issues other than that.

jbradley: there are some things we can do to signal to RP

https://github.com/w3c/webauthn/issues/1296

tonhy: we will do this face to face.
... will this break anybody?

akshay: we have a mix of authenticators, I would preferto do this in the browser.
... we need to clarify.

tony: we want to make this consistent
... this is normative change

jeffH: try to fix the inconsistencies here.

tony: akshay you want it handled in thet browsers?

akshay: that is initial reaction

jeffH: consider if it is browser job to do truncation

https://github.com/w3c/webauthn/issues/1297

shane: think google has more of a vested interest than I do.
... I think this can close with no action, but maybe keep it open until Google can comment

jeffH: yes, google will think about this.

tony: where do we stand on #1199

https://github.com/w3c/webauthn/issues/1199

akshay: it is not clear. not as simple as we thought

jeffH: move to wd-03 l2

akshay: yes, this is very tricky

jeffH: agreed

tony: what about https://github.com/w3c/webauthn/issues/1285
... does anyone do this today

akshay: no

shane: this is one thing I put in my user profiles, but when I thought no browser supported, I thought why do we have it.

jeffH: i am trying to find my notes. we have discussed.

nick: could be used by RP on the page

akshay: is antoher use case with mobile, and if they can show it.
... removing is too extreme right tnow

jeffH: we talked about this yesterday. various ways to approach for fixing
... could be draconian, and restrict to data URLs
... there are subtle but important consideration.

elundberg: restricting it to data URLs would make it practically unusable with limited-hardware authenticators.

jeffH: lot going on to get this right. it is under specified or mis-specified

tony: this takes us through all the technical issues we haven

jeffH: waiting for PR on #1286

akshay will make a comment in #1286

wseltzer: we will have dial-in for TPAC

shane: can you add instructions for that.

tony: adjourn

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/09/11 19:53:32 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/restrict to roaming authenticators/make it practically unusable with limited-hardware authenticators/
Default Present: wseltzer, jfontana, nsteele, nmooney, Akshay, David_Turner, David_Waite, elundberg, jcj_moz, nadalin, agl, sbweeden, pasan, selfissued, jbarclay, jeffh
Present: wseltzer jfontana nsteele nmooney Akshay David_Turner David_Waite elundberg jcj_moz nadalin agl sbweeden pasan selfissued jbarclay jeffh
No ScribeNick specified.  Guessing ScribeNick: jfontana
Found Scribe: fontana

WARNING: No "Topic:" lines found.


WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Sep/0100.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]