W3C

- DRAFT -

Web Authentication WG

29 Jan 2020

Attendees

Present
nmooney, jeffh, wseltzer, nadalin, agl, davidturner, davidwaite, elundberg, jiewen, johnbradley, ketan, nsteele, shane, fontana
Regrets
Chair
Nadalin, Fontana
Scribe
jfontana

Contents

tony: no meeting next week.
... also have face to face on Feb. 26th. at RSA

nsteele: I will have remote call-in for that meeting

tony: #909 help up on BLE stuff.
... #1300 and #1330 in progress

https://github.com/w3c/webauthn/pull/1333

elundberg: waiting for reviews

tony: will get Akshay to review

https://github.com/w3c/webauthn/pull/1354

tony: we need input from bradley here

https://github.com/w3c/webauthn/pull/1364

tony: agl this is yours

agl: I approve in sense it does what it says it does, issue is landing it.
... no objection to merge

jeffH: I thought we agreed to do it.

tony: I don't see apple on.

Ketan: I am good with this.

tony: think we decided that we would create this and get it done.
... merge to remove lightning

https://github.com/w3c/webauthn/pull/1365

https://github.com/w3c/webauthn/pull/1366

agl: PR

tony: some un-triaged issues.

issue #1363

https://github.com/w3c/webauthn/issues/1363

agl: lot of conversation and we have not read through

elundberg: trying to get conversations started.

https://github.com/w3c/webauthn/issues/1358

agl: should we allow IP adddresses

tony: we had this lengthy discussion last week.

jeffh: i have not seen this in a long time, no real sample size

tony: leave this alone for now
... is this off apples radar

Ketan: I want to go back for our final thoughts.

tony: https://github.com/w3c/webauthn/issues/1293
... still some research to do here

agl: whose research

tony: JC

agl: that is fine with me

tony: we also have some things to talk to about payments working group with cross origin iframes

jeffH: ketan is going to go back?

tony: yes.

https://github.com/w3c/webauthn/issues/1304

tony: if rolf on the call
... i don't see him
... is this one we care about.
... maybe we can take this one up later

shane: suspect issues like this will come up in UX

any other issues to talk about.

elundberg: I have one issues. #931
... devcice loss

https://github.com/w3c/webauthn/issues/931

scribe: we have found that the device loss scheme is secure, looking at signature scheme. then publish after that.
... hopefully we can get this ball rolling.
... can we get an update.

bradley: I can do it.

tony: 10-15 minutes.
... this is currently an L3 item, leave it there.

elundberg: yes, probably not L2

tony: any other updates.

bradley: lightning. so everybody understands there are keys out there that will use it.
... using it in new transprot get info. that string will contain it.
... keys will continue to advertise those keys.
... it was origianlly Christiaan who wanted it there, he has chanbged his mind.
... Brave is the only other one looking at it.
... unless somebody has reason not to we will take it out of the lightning keys going forward.
... platform does nothing to it. it is not optimized.

agl: sending string and Get info is not a problem for us.

bradley: may optimize it in the future.
... when apple exposes some more work
... we may wnat to clean up and have have a better understanding on transports
... RPs should never do anything with transports. advice for web authn L2 , take the transport string out of web authn command..

agl: there is correct RP processing, it should be in the spec

jbradley: don't look in transport string or filter it. let the platform do something with it

jeffh: we should at least have an issue with what jbradley just said.

tony: I missed the spwg call this morning. any movement

jeffH: some refinements needed on PR for security requirements specs.

agl: UP stuff is OK, bar is low

jbradley: need to be more specific in the CTAP spec on UP

tony: anything else to discuss?
... adjourn.

rrsaagent, draft minutes

*Web Authn web page updated with minutes

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2020/01/29 20:37:10 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/tonuy/tony/
Succeeded: s/asgl/agl/
Default Present: nmooney, jeffh
Present: nmooney jeffh wseltzer nadalin agl davidturner davidwaite elundberg jiewen johnbradley ketan nsteele shane fontana
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]