<wseltzer> present=
thank you, Wendy!
tony: reminder, web payments
working group task force. we are setting up calls
... pull requests and issues, then talk about going to
WD-02
https://github.com/w3c/webauthn/pull/1276
jeffH: ready to land.
tony: need Akshay to respond
jeffH: I linked to cred man, my comment there. this is ready to go. I want this in next working draft in web authn.
jcj_moz: I approve, I went through it.
jeffH: thanks.
akshay: there is a PR open, do we need to finish that.
JeffH: I am now the cred man editor. If you want to review in cred man, do it.
tony: can you merge today . when akshay approves
https://github.com/w3c/webauthn/pull/1330
jeffH: is elndberg on the call, he can expllain
tony: #1330 has been delayed to
03
... #13000 has already gone to wd03
akshay: so move this to wd03
elundbergL I don't think this is realted to 1300
tomy: this one needs to move to 023
elundberg: yup.
https://github.com/w3c/webauthn/pull/1332
shane: I just want the platforms to do something with web auth without violating the specs
tony: can yo merge shae.
https://github.com/w3c/webauthn/pull/1333
jeffH: I think it is basically
OK, from my perspective.
... I was thinking it might be good idea to have AGL look at
it
akshay: I also want to look
tony: so what are we doing with this one. let's decide later.
https://github.com/w3c/webauthn/pull/1334
self-issue: it is terminology
one? yes.
... I will review.
tony: can you pull the trigger if you agree
https://github.com/w3c/webauthn/pull/1335
elundburg: ready to go
jeffH: I should merge it.
tony: leaves us with, with 1334,
i think mike will approve.
... leaves us with 2 issues.
jcj_moz: I have a pull request
that has not been triaged.
... I proposed removing image fields, I have not finished my
look at web IDL
tony: is it OK to merge
jcj_moz: potential someone could
come back on us, but I feel safe merging
... i will fix and merge.
https://github.com/w3c/webauthn/issues/334
tony: punt
https://github.com/w3c/webauthn/issues/1105
jcj_moz: i am tempted to close
this with no action.
... concept was different but the rational was the same.
... are we saying iFrame be visible. this doesn't seem to have
a practical effect.
akshay: so lets close this one and discuss #1303
https://github.com/w3c/webauthn/issues/1147
akshay: move to level 3
https://github.com/w3c/webauthn/issues/1174
tony: punt
https://github.com/w3c/webauthn/issues/1207
tony: jeffH, what do you say.
jeffH: we can punt
https://github.com/w3c/webauthn/issues/1208
jeffH: punt
https://github.com/w3c/webauthn/issues/1303
jcj_moz: trying to get
consensus
... I feel like we need a different approach beyond just iFrame
being visible.
... may we should re-raise interaction despite opposition
jeffH: there are flow that get messed up.
jcj_moz: plenty will get messed
up if we go to Web push. want to avoid the dark patterns
... trying to learn from web push WG
jeffH: I need to look that up
jcj_moz: web push is moving
browser to have some interaction before things fire.
... helpful in some scenarios but encourages more pop ups.
tony: what I'm hearing is , carry this on?
jcj_moz: I'm close to agreeing we
can't change visability, we can't test it.
... but still core problem, super cookie case. discuss in
#1336
akshay: I will look at this.
tony: do we believe this needs to be made clear in 02 - 1
#1302
jcj_moz; #1303, needs to be handled before 03
Jeffh: should we hold off on merging the feature policy.
jcj_moz: don't see reason for this working draft. I won't break feature policy
tony: call issues closed for wd02
.pull requests in wd02 have been met.
... if we get #1333 and #1334 and #1337 mergered that leaves us
with ... and #1226. these are the ones we need to get
closed.
... before the next meeting.
... that would close all open PS and issues for wd02
... are we comfortable in producing an WD-02 draft?
jeffH: sure.
tony: any objection once PRs are
closed
... not hearing any objections.
<Rolf> do you mean 1226 or 1336?
tony: hope to do by next week
call. should have wd-02.
... and working toward wd-03.
jcj_moz: additional topics. #1336
https://github.com/w3c/webauthn/issues/1336
jcj_moz: I have a different
scenario. in simple way we can figure out how to describe
... use Web Authn to show this is same person just in new
browser profile.
... provide a cross account identified. which is a little
scary.
... up side. can avoid by prohibiting cross origin
iFrames.
... if we don't have feature policy now, we are not breaking
anything.
... just a restriction on the new feature coming through
wd-02
... look at simplified threat model and see if we are
crazy.
... and second. see if you agree this is dangerous and could
resolved with restriction on create credential
jeffH: thanks for writing this up.
akshay: this is not supported
right now. no cross origin iFrames.
... we said you need a user gesture, i hope this is two
things.
... I don't see a scenario where we would allow this.
jcj_moz: you dont see a create
credential scenario
... yes.
... I see some possibility for abuse
akshay: there are benefits to dis-allowing it.
jcj_moz: take a look at
this.
... I don't think this is breaking, we should remove the
label.
akshay: I don't think it is breaking
tony: I do, if it goes through, it is breaking
<Rolf> Couldn't the RP already disallow create via feature policy?
jeffH: there is intent to
implement for cross -origin iFrames and chrome has it
implemented.
... the code is written.
jcj_moz: we say breaking after
the document is released.
... could be working draft.
jeffH: think we can leave the label.
akshay: jeffH have you implemented?
jeffH: I think so. we have
feature policy implemented. have to wire up web authn.
... it might be change but not sure
akshay: you may have implemented something, so I see where you are coming from. discuss next week
elundberg: reasoning here seems to be sound.
jcj_moz: thanks emil
tony: anything else?
... adjourn.
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: jfontana selfissued jeffh Akshay David_Turner elundberg Eric john_bradley jcj_moz nadalin rolf sbweeden nsteele nmooney No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Oct/0307.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]