<jfontana> https://lists.w3.org/Archives/Public/public-webauthn/2019Oct/0081.html
<jfontana> tony: the new charter has been approved to Oct. 2021
<jfontana> https://lists.w3.org/Archives/Public/public-webauthn/2019Oct/0081.html
<jfontana> https://github.com/w3c/webauthn/pull/1313
<jfontana> JeffH: review submitted
<jfontana> jcj_moz: I will go back through it.
<jfontana> scribe: jfontana
tony: emil can you look at this one
elundberg: merge when I am done. JC has to agree
jcj_moz: I will go through it.
https://github.com/w3c/webauthn/pull/1316
agl: this should land immediatly....
... people should take a look at this.
akshay: I will take a look
https://github.com/w3c/webauthn/pull/1317
akshay: opened up an issue on user verification.
... RP can override time here. what timeout makes sense.
tony: did FIDO have issues wth this.
akshay: that was not here, it was at FIDO
agl: are rps now setting a timeout?
akshay: multiple RPs are not setting time outs. Lets pick something for it.
jcj_moz: need to add a web platform test.
agl: ninie is not on the call.
... we need to have her do thisl
jcj_moz: you can use a forced clock function.
... it will label as ??? platform test
... are we doing interop test with level 2
tony: yes, we have to.
jcj_moz: then this is something we have to test.
tony: that is the open PRs. we have no un-triaged PR, so lets look at issues.
... besides editorials, the blocked one, a few technical one.
https://github.com/w3c/webauthn/issues/1285
agl: jc claims he would do this
tony: this is the icon one
jcj_moz: I will do this.
https://github.com/w3c/webauthn/issues/1286
jeffh: should there be a PR label on this. I will do it.
https://github.com/w3c/webauthn/issues/1294
tonhy: this is blocked.
... I think this is one we are holding open and waiting for changes.
akshay: draft 3?
tony: move to draft 3 and look at it thre.
https://github.com/w3c/webauthn/issues/1297
tony: this is shane. He is not here.
... PR has not been created.
https://github.com/w3c/webauthn/issues/1302
jcj_moz: this is assigned to me. thing to do is platform test.
... web platform test
tony: this can go out to CR
jcj_moz: yes.
jeffH: also. maybe we should consider taking technical label off and just make it web platform test. it seems to imply something technical with the spec
jcj_moz: I don't what to change here. I have to write a test.
https://github.com/w3c/webauthn/issues/1303
jcj_moz: still working on this.
... waiting for some resolution on the PR
tony: is apple OK wtih this
jcj_moz: I thn we all want to reduce abuse of cross orign iFrames. maybe default off is enough
... I will try to update this week
tonhy: no untriaged issues.
... jeff try to put stake in ground. I want to get out a wd-02 in about two weeks.
... so I need to understand which editorial ones you can get done by end of Oct.
jeffH: right now say none. what we do get done will be icing on the cake.
... credential managment is higher priority.
tony: I am trying to keep up a cadence. let people know what we have done so far.
... does anybody have anything else.
jeffH: yes. web authentication registry draft
... got area director feedback. I will incorporate.
... I also poked IANA for review of this spec because it has language on how IANA will do its job
... want this backed before next IETF
selflissue: I can do a review on text if you like.
jeffh: OK. thanks mike
nickM: we have put out issue around network transport in FIDO2 WG, next would be W3C working group
tony: bring up antoher issue. In feb. we have RSA
... should we be meeting in San Francisco for face to face
... web authentication.
... it is end of february.
... any interest.
... hearing some interest
... google?
agl: it is possible I could go.
jcj_moz: maybe rsa 20/20 in Philadelphis
jcj_moz: it is swords and shields...
... I am not serious.
<jcj_moz> https://www.rsa.org/page/2020Philadelphia
ricky: does anyone have anything to ask
tony: we talked about issues 1303
... JC is still trying to figure it out.
jcj_moz: still talking inside Mozilla
ricky: sounds good.
tony: look for 02 draft end of Oct.
... then people can go through it.
ricky: OK
jeffh: we still have a number of technical issues in wd02
... yes, nine open. 5 have PRs.
... I'd be focusing on those, not editorial
tony: #1147 is blocked, #1285 that is jc,1297, 1303, all of those are assigned.
jeffH: OK.
tony: I would like to get those closed, #1297may be an issue.
correction: #1147
tony: anything else. let's adjorn.
Agenda
https://lists.w3.org/Archives/Public/public-webauthn/2019Oct/0041.html
<jcj_moz> scribenick: jcj_moz
jfontana: Charter is still out for review. Hopefully we'll know more in the coming days/weeks.
... Tony's not here today, he's tied up in Minnesota
... so let's run through the pull requests and issues
... We're hoping we can get WD-02 in the next three weeks. So let's see what we think we can get done, and if something looks like it needs to get punted, we can move it to -03
... so let's start with the PRs - 653
· https://github.com/w3c/webauthn/pull/653
jeffh: This is ongoing and we don't need to spend time on it today. Donno if it should go to -03
jcj_moz: I think it's ok to go to -03 because until we actually can do new web platform tests, we can't enforce it
jfontana: 1250. Akshay's on this, looks ready to merge
Akshay: This looks fine, but we'll open a new issue related
jfontana: 1276...
· https://github.com/w3c/webauthn/pull/1276
jeffh: I'm working on the credential management spec first, and then we can deal with this. Trying to handle in the -02 timeframe
jfontana: https://github.com/w3c/webauthn/pull/1299
jeffh: We can merge this
jfontana: 1307
... Emil, you have approval on this, are there roadblocks?
jeffh: Mike's working on this, and I had 1 suggestion for rewriting a sentence and moving it ...
... other than that I guess it's okay
... comment indicates there's a change to CBOR
... don't know if that affects anything we're doing at this time
... as far as I know this text is correct but I'm not 100% positive
jfontana: Emil, did you review it?
Emil: I don't know. I looked at the editorial
Akshay: Let's wait for Mike to come back
jfontana: Sounds logical. He's assigned to it.
... 1310 - was merged and closed?
jeffh: yes
jfontana: 1312 https://github.com/w3c/webauthn/pull/1312
agl: I just ticked approve, looks good to me
emil: We might be good to merge?
jcj_moz: looks good
jeffh: looks good
Emil: we merge it?
jfontana: yeah
... https://github.com/w3c/webauthn/pull/1313
Emil: This probably needs a bunch of reviews from a bunch of different perspectives. It doesn't really change anything, but maybe? It covers what happens if you make a credential with UV and use it without UV, and get basic assumptions into writing
agl: I think this reflects reality
jeffh: I will review it
jcj_moz: I will also
jfontana: that's all the PRs, so onto the issues
... a lot of these are editorial, Jeff I guess that means you.
jeffh: I'd suggest we look at technical labeled ones for WD-02
... and don't worry about the editorial ones
jeffh: it looks like there are 11 technical issues, 2 have aPR open
... so I'd start with 1285 and work up from there
jfontana: 1285 then
jcj_moz: will get to this PR next week
jfontana: 1260
... wait 1286
https://github.com/w3c/webauthn/issues/1286
Akshay: I'll have a PR by next week
agl: https://github.com/w3c/webauthn/issues/1294
jeffh: The Apple folks have written in here their perspective of what we agreed on at TPAC
... so we're holding this open
... and we'll wait to see what develops
jfontana: https://github.com/w3c/webauthn/issues/1296
agl: PR next week
jfontana: You think it can still come down to WD-02?
agl: It's plausible, and if it doesn't, it doesn't matter
Shane: ditto 1297
https://github.com/w3c/webauthn/issues/1302
jeffh: Boris
jcj_moz: This is 3rd in line for me prioritize
jeffh: there may be no spec changes
jcj_moz: we probably just need a test, and then we all fix it
... maybe we need a label and a PR for updating web platform tests
Nina: Working to improve that situation
jeffh: cool
jcj_moz: I don't think this matters what draft it goes into, but it does need to happen
... Do we want to make a label for Web Platform Tests?
jeffh: sure
... You're doing that?
jcj_moz: no I am scribing
jfontana: https://github.com/w3c/webauthn/issues/1303
<wseltzer> jcj_moz: Mozilla and I worry about invisible iframes confusing the user
jcj_moz: I have this in draft form locally
agl: I'm not sure what utility making them visible yields
... they can make htem white on a white background and what is the point
jeffh: another ask
agl: make the argument that this is disabled-by-default
jbradley: This may come from payment issues, and could prompt something worse for privacy like the facet list again
... The main place where this might be used is payments in Europe where a merchant needs to collect an authentication from the bank, and they don't want to display the bank's page or can't because of EU banking regulations
... but they still need to do strong customer auth as the law requires
... otherwise they want to destroy the non-correlatability and instead embed webauthn directly in the merchant's site so it's correlatable
jfontana: Let's go back to the editorials
agl: We had one un-triaged
... 1314
https://github.com/w3c/webauthn/issues/1303
Emil: This is something that confused me among all the extensions
... I think if you look closely it's unambiguous so it's not high priority
... so if someone could confirm my understanding, then we can
... confirm or punt
jeffh: will review
agl: Who authored the extension?
<wseltzer> https://github.com/w3c/webauthn/issues/1314
agl: I think it is unambiguous, but ...
jeffh: it's (passed as) essentially a blob
agl: if you imagine the CBOR type that is represented by this WebIDL type then it's essentially correct but ...
... it seems okay to me --ish, aside from that annoyance about the types
... Emil, do you want to close this, make the changes?
Emil: I can make the changes if someone can confirm that I have the correct understanding
... I can try to check with whoever authored the extension to make sure I have the correct understanding
jfontana: I'd say punt to -03
agl: alright
jfontana: Did we tackle 1260?
... This is the editorial, https://github.com/w3c/webauthn/issues/1260?
jeffh: This is just among the low-priority editorial items
jfontana: That's kind of what we have left
jeffh: I don't think we need to walk through them
... nobody seems to be screaming about any of them
... I submitted most of them, and in a perfect world we'd fix them, but nobody's screaming about them so we don't need to talk about them
jfontana: I think then we're pretty much done
... Thanks everybody
[[ closing out ]]
<Jiewen> Thank you.
jfontana: What about https://github.com/w3c/webauthn/issues/1292
jcj_moz: That's the one Ricky and I were planning to address with a simplified interface
Ricky: Yeah
jeffh: moved to WD-03
jfontana: thanks
nina: PR on the wpt repo to add the webdriver API to the tests
[[ feedback loop ]]
Nina: They should at least run in Chrome for now
<Jiewen> Sorry, not sure what was going on...
<wseltzer> Meeting: Web Authentication WG
<jfontana> Meeting: Web Authentication WG
<jfontana> https://lists.w3.org/Archives/Public/public-webauthn/2019Oct/0081.html
<jfontana> tony: the new charter has been approved to Oct. 2021
<jfontana> https://lists.w3.org/Archives/Public/public-webauthn/2019Oct/0081.html
<jfontana> https://github.com/w3c/webauthn/pull/1313
<jfontana> JeffH: review submitted
<jfontana> jcj_moz: I will go back through it.
<jfontana> scribe: jfontana
tony: emil can you look at this one
elundberg: merge when I am done. JC has to agree
jcj_moz: I will go through it.
https://github.com/w3c/webauthn/pull/1316
agl: this should land immediatly....
... people should take a look at this.
akshay: I will take a look
https://github.com/w3c/webauthn/pull/1317
akshay: opened up an issue on user verification.
... RP can override time here. what timeout makes sense.
tony: did FIDO have issues wth this.
akshay: that was not here, it was at FIDO
agl: are rps now setting a timeout?
akshay: multiple RPs are not setting time outs. Lets pick something for it.
jcj_moz: need to add a web platform test.
agl: ninie is not on the call.
... we need to have her do thisl
jcj_moz: you can use a forced clock function.
... it will label as ??? platform test
... are we doing interop test with level 2
tony: yes, we have to.
jcj_moz: then this is something we have to test.
tony: that is the open PRs. we have no un-triaged PR, so lets look at issues.
... besides editorials, the blocked one, a few technical one.
https://github.com/w3c/webauthn/issues/1285
agl: jc claims he would do this
tony: this is the icon one
jcj_moz: I will do this.
https://github.com/w3c/webauthn/issues/1286
jeffh: should there be a PR label on this. I will do it.
https://github.com/w3c/webauthn/issues/1294
tonhy: this is blocked.
... I think this is one we are holding open and waiting for changes.
akshay: draft 3?
tony: move to draft 3 and look at it thre.
https://github.com/w3c/webauthn/issues/1297
tony: this is shane. He is not here.
... PR has not been created.
https://github.com/w3c/webauthn/issues/1302
jcj_moz: this is assigned to me. thing to do is platform test.
... web platform test
tony: this can go out to CR
jcj_moz: yes.
jeffH: also. maybe we should consider taking technical label off and just make it web platform test. it seems to imply something technical with the spec
jcj_moz: I don't what to change here. I have to write a test.
https://github.com/w3c/webauthn/issues/1303
jcj_moz: still working on this.
... waiting for some resolution on the PR
tony: is apple OK wtih this
jcj_moz: I thn we all want to reduce abuse of cross orign iFrames. maybe default off is enough
... I will try to update this week
tonhy: no untriaged issues.
... jeff try to put stake in ground. I want to get out a wd-02 in about two weeks.
... so I need to understand which editorial ones you can get done by end of Oct.
jeffH: right now say none. what we do get done will be icing on the cake.
... credential managment is higher priority.
tony: I am trying to keep up a cadence. let people know what we have done so far.
... does anybody have anything else.
jeffH: yes. web authentication registry draft
... got area director feedback. I will incorporate.
... I also poked IANA for review of this spec because it has language on how IANA will do its job
... want this backed before next IETF
selflissue: I can do a review on text if you like.
jeffh: OK. thanks mike
nickM: we have put out issue around network transport in FIDO2 WG, next would be W3C working group
tony: bring up antoher issue. In feb. we have RSA
... should we be meeting in San Francisco for face to face
... web authentication.
... it is end of february.
... any interest.
... hearing some interest
... google?
agl: it is possible I could go.
jcj_moz: maybe rsa 20/20 in Philadelphis
jcj_moz: it is swords and shields...
... I am not serious.
<jcj_moz> https://www.rsa.org/page/2020Philadelphia
ricky: does anyone have anything to ask
tony: we talked about issues 1303
... JC is still trying to figure it out.
jcj_moz: still talking inside Mozilla
ricky: sounds good.
tony: look for 02 draft end of Oct.
... then people can go through it.
ricky: OK
jeffh: we still have a number of technical issues in wd02
... yes, nine open. 5 have PRs.
... I'd be focusing on those, not editorial
tony: #1147 is blocked, #1285 that is jc,1297, 1303, all of those are assigned.
jeffH: OK.
tony: I would like to get those closed, #1297may be an issue.
correction: #1147
tony: anything else. let's adjorn.