Web Authentication WG

11 Mar 2020



jfontana, wseltzer, nmooney, jeffh, agl, selfissued, davidturner, elundberg, johnbradley, nsteele, nina, sbweeden
Nadalin, Fontana


<jeffh> someone start zakim? I dunno the cmds....

tony: open pull requests.


tony: enterprise attestation. no update?

jeffH: i think we should stay with enterprise attestation

agl: it is whatever the enterprise negotiates.
... hav ewe used individual

jeffH; call it enterprise attestation, then clarify

jbradley: I will add some notees


elundberg: still waiting on a review.

tony: waiting on adam

agl: I am good

jeffH: merge it.


agl: the context is I would talk to some SSH people. I have not received a report back.

tony: lets look at issues.


tony: we were going to close.
... anyone from Apple


jeffH: no one has replied to JC_moz comment to close
... I will close it.


agL: we concluded we should close this

tony: close this

alg: I closed it.


tony: editorial

jeffH: something to get around to when we have time.


tony: we agreed that we would prohibit this.

agl: jc said he would follow up


agl: another cleanup when someone gets around to it.


agl: we agree e-num types were inappropriate for inputs


jeffH: this is just need to do it.


agl: this needs to line up with fido #667
... we talked about this tuesday. need to line up web authn

JeffH: makes a note on this


tony: anything to add to this one nick mooney

nickM: we submitted a PR to add transport on top of caBLE. and an issue in FIDO2 repo
... people can look at this now

elundberg: agl was talking about this, issue was proximity. why has this changed

nickM: we wanted to avoid a phishing scenario
... once there is some crypto, proximity issue is diminished.

elundberg: wording now may seem that we care about proximity at the beginning , but later does not mean much anymore
... I get the point.


nina: this is a corner case.
... we should change this, and say you can't send this empty

agl: we can fix chrome here. there is a mismatch with ctap2 and web authn

tony: we should handle this one.

jbradley: we should sort it out

nina: is it chrome or is it the spc


agl: issue in ctap, and issue in chrome and we address those. but this question is what does the empty list mean
... should block in web authn

jbradley: ctap authenticator can't deal with any empty list

nina: adding a default could be reasonable?

agl: yes, we could pick one

jbradley: how do we want RP to react. should be easy
... we should allow it to be empty but make it a simple element of 256


tony: needs some clarification.

elundberg: i can look at this. may close after a while.


jbradley: I need confirmation on what extensions are not implemented

agl: we implement UVM on Android
... other than that I don't recognize the others.
... right now we have not gotten rid of it.

jbradley: we need two implementations to pass interop test.

agl: can do edge and chrome

jbradley: I will put together a pull request to get rid of extensions outside of UVM

tony: that is all PRs and issues I have today.
... other issues.

elundberg: WEbNFC

agl: it exists. NDEF is the tag

jbradley: it is fall back oldest standard for NFC

jeffH: did we skip #1372

tony: that was discussed at the F2F.

jeffH: since we last updated this. there has been two comments. so just waving a flag

shane: I read them, I wrote one of them

jeffH: no milestone?

tony: still trying to figure out what to do with this.

shane: some desire to have this in. I have a feeling of resistance to building it.

jeffH: created a milestone called futures and gave it label "discuss"

shane: I will read a bit more on that.
... the two drivers for it, one of them is a red herring
... leaving it in discuss is a good idea.

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2020/03/11 19:45:08 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: jfontana wseltzer nmooney jeffh agl selfissued davidturner elundberg johnbradley nsteele nina sbweeden
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Mar/0034.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]