Web Authentication WG

04 Dec 2019


jfontana, selfissued, elundberg, jeffh
Nadalin, Fontana



tony: there are meeting cancellation noted in minutes, mailing list
... this is holiday schedule
... go to open pull requests
... #909 is still blocked

<elundberg> !present

<elundberg> +present

tony: #1330 blocked


tony: need adam to look

agl: have not looked at it.

akshay: it is on my list.

tony: looked at #1344. not triaged
... need adam and mike to look at these

agl: if jeffHis happy, i am happy

selfissue: why is this not in official W3C space

jeffH: that is the editor's draft.

selfissue: is this change in release draft?

j...I will in comment to reference W3C release not Github

scribe: can you paste the link to that in the notes

tony: would this be better off when that becomes standard rather than doing it now

jeffH: this may just be some confusion.
... looks like this is an editor's draft, update has pointer to right place
... can we get Giri involved, he is not on the roster anymore

selfissue: I will add comment for authoritative link. I don't want to block

tony: no published draft of this?

selfissue: I just approved it.

tony: there has not been any public working draft. it is better than what we have.

agl: I would suggest merging

tony: mike can you do that.


agl: think this is OK. it is descriptive, not implementation

jeffH: and no one is using it.
... tony, you are Ok with the IPR thing

tony: yes.

jeffH: merge

selfissue: i approved.

tony: agl can you approve? Merge

agl: think so

tony: that takes us through pull requests.
... any particular you want to discuss.

<jcj_moz> https://github.com/w3c/webauthn/issues/1351

nina: #1351
... will use wed driver api, supported or not
... discovery is easier
... web driver...

agl: can we copy from other specs

nina: not that I can find.
... this is why it is coming at more now

agl: are web driver folks comfortable adding to this spec
... should we define web driver extensions

nina: I will work with them and ask.

jeffH: sounds reasonable.

tony: this one is un-triaged.
... falls into WD-03 or later.

agl: seems small, can resolve in 03

tony: other non-triaged issues.
... any other issues

agl: I would talk about #1348

tony: go ahead

agl: exclude credentail , say only works over USB, if does not support usb it can ignore
... I don't want to ban that

akshay: you are saying there is exclude list, say has usb...saying when looking for credential marked as USB, send it to all devices

elundberg: when using exclude creds, not looking for credentials
... OK, now I see what adam was saying. right. Ok. never mind

tony: what do you want to do here. any changes?

elundberg: not sure yet. I want it to remian.
... agree with adam, it is not good to exclude credentials.
... thi s is not likely to happen in the real world.

agl: I can believe in real world. I don't see motivation for prohibiting. In some cases we can do it.
... we have had to change ctap2 to accomodate similiar

akshay: so don' t prohibit, let it play out.

elundberg: add note to spec.

agl: don't mandate platforms can't do this, but not a deal breaker.

jeffh: sounds fine.

tony: any new issues. this seems to be only new issue

jbradley: one thing on ctap public key RP entity
... do we want to make changes on this side.
... make it optional for authenticator to store. I don't think we need to do anything on this side.
... right now, we require that authenticator store it and leave space for it.

agl: i think we can say in FIDO land you don't have to store

akshay: does it say we have to?

jbradly: yes. save space.

akshay: where does it say this.

<jeffh> the "rp.name" being referred to, in the webauthn spec, is: https://www.w3.org/TR/webauthn/#dom-publickeycredentialentity-name

akshayL this is in 5.4.1

akshay: we can make that not required. there is no change in web authn

jbradley: authenticator can choose not to store it.

akshay: it has to be web authn change.
... that is where it is.

jbradley: weird there is mandatory storage thing in Web Authn.

agl: web authn has a number of mandatory requirements
... and this one is in there also

akshay: open a PR and we can remove it.

jbradley: we may want to say something about value that is sent. truncate to 64 bytes

jeffH: removing must is perfectly fine.

jbradley: the whole paragraph

akshay: just the first line.

agl: we want to keep "truncate"

jbradley: I will make issue and PR to pull the first sentence.

tony: anything else?

nina: I have another small issue
... #20162

agl: what repo is that in.

nina: I will link on IRC

<nina> https://github.com/web-platform-tests/wpt/pull/20162

tony: this is out of our control.

jcj_moz: nina do you want access

nina: yes.

jcj_moz: it is merged and I will see how to add you as admin.

tony: OK that is it. adjourn

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/12/04 20:45:21 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: jfontana selfissued elundberg jeffh
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]