<scribe> Meeting: Web Authentication WG
<jcj_moz> I'm having network problems today
PR #909 on hold
pr #966 akshay will look at it.
#1300. hold
#1333 looking for reviews
agl: I think I have comments outstanding
elundberg: will look at comments
https://github.com/w3c/webauthn/pull/1353
jcj_moz: I am having tech issues.
https://github.com/w3c/webauthn/pull/1354
tony: this is john
... bradley
jbradly: issue is he does not
afgree with this for CTAP.
... cold add it to CTAP, but that just points to list in Web
Authn
agl: I think this is good to go, small chagnes
jeffH: agreed
... there is suggestion in PR
... comments
tony: JeffH comments
JeffH: yes
tony: john bradley can you look at the comments and PR?
bradley: yes.
https://github.com/w3c/webauthn/pull/1359
agl: good to go
elundberg: merged.
https://github.com/w3c/webauthn/pull/1361
elundberg: questions here. authenticator and client extensions. Should it be both
tony: what do we do here?
elundberg: I don't know
jeffH: perhaps other folks should weigh in on issue #1314/
akshay: I am reading it. you saying we can combine both authenticator and platform?
jeffH: yes.
akshay: how does RP benefit
jeffH: that is question on whether we should have this extension at all
elundberg: it includes user action
agl; can get this info. at registration time and get it later.
akshay: we are saying the platform can be different on different machines.
agl: it is purely about authenticator extensions.
akshay: if you want to put it on
the server, don't do the platform extension
... OK
elundberg: sounds like consensu
agl: this is a minor
clarification
... we might ask what this does and why anyone cares.
tony: what are implementation
chances
... is this a feel good extension
jeffH: it seems we should land emil's PR and worry about things later.
akshay: it is there, it needs
clarification.
... i am fine with this
nsteele: if it is editorial change, we can deal with that later.
jeffH: we can later address if extensions are being used or not.
tony: jeffH can you merge
... resolve questions..
... some un-tiraged issues to look at
https://github.com/w3c/webauthn/issues/1355
agl: this is not interesting.
tony: should we close.
agl: I don't think we need to spend time here, put in on tracker
akshay: should we close?
agl: idle for months, we probably should
\tony: akshay close
akshay: yes
https://github.com/w3c/webauthn/issues/1356
dwaite: I don't quite understand the UI flow, it probably won't work
tony: in think he is saying he
has a requirement,
... and he can't get around this from a banking perspective.
not sure that is true
akshay: he does want to do username and numeration
he DOES NOT want to do
akshay: we can't give you this
information silently
... i don't think we can do anything here for this case.
agl: this looks like second factor not resident creds
dwaite: that was my impression\
tony: he says banks are using it now, but there are issues.
bradley: he maye is trying to use non -residental cred for first factor log-in
agl: I am guessing that is correct and is where something is going wrong.
https://github.com/w3c/webauthn/issues/1358
agl: this chap wants to use
something that is not allowed on Chrome.
... firefox supports
jeffH: i worked on this a bit, if
we work on this in the spec, we should align things.
... if we alter I have proposed spec text
agl: we said no without a spec chanegh
jeffh: this only matters if the RPO is using there IP addresses. it does not happen by accident
akshay: is this just for dev
dwaite: my sesnse is they issue internally
jeffh: how has this been working out for firefox and edge.
akshay: I will check what is happening there. I have never tried it
agl: he could be wrong that it is working
jeffH: good point
agl: not a rousing chorus on this.
akshay: if you are a local host, ...I don't know, it doesn't look good to me
elundberg: I am inclined to say they should be running a DNS, but I am not implementing
akshay: i will check and report back. right now, inclined not to do this
jeffH: can JC check from F
... firefox perspective.
tony: any issue we want to talk
about.
... one new on current ctap spec.
... john has #1352 with a PR open
... we have driver extension
... still have trust bridge, iframe...
... we still need use case clarification from Apple
https://github.com/w3c/webauthn/issues/1336
tony: believe JC would check into
this one.
... any update?
JCJ_Moz: no update
tony: just a comment here, that
this may prevent just in time registration flows
... think this is. coming from the payments
... WG also
jcj_moz: so, still no update
tony: any particular issues to
talk about
... we can get 25 minutes back
... see you next week
adjourn
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: jfontana nsteele Akshay David_Turner David_Waite elundberg jbradley nadalin Rae wseltzer agl nina jeffh jcj_moz nmooney jbarclay No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Jan/0058.html WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]