W3C

- DRAFT -

Web Authentication WG

01 Apr 2020

Agenda

Attendees

Present
jfontana, wseltzer, agl, akshay, davidturner, jeffh, elundberg, nsteele, nina, rae, sbweeden, martin, nmooney, selfissued, jbarclay, bradley, bleddyv
Regrets
Chair
Nadalin, Fontana
Scribe
jfontana

Contents

https://github.com/w3c/webauthn/pull/966

tony: still low priority.

https://github.com/w3c/webauthn/pull/1366

agl: no updagtes

jeffH: OK

elundberg: I need some more time to look at this.

tony: it won't get closed today

https://github.com/w3c/webauthn/pull/1375

agl: SSH people are still working on this. wait for their confirmation

https://github.com/w3c/webauthn/pull/1390

agl: we approved merge last week, so just need some more review

https://github.com/w3c/webauthn/pull/1392

tony: think this is JC

agl: I may need to re-review this.

tony: jeff and akshay look at this one.

https://github.com/w3c/webauthn/pull/1394

jeffH: I haven't looked at this yet. we need to update feature policy with the new name

tony: that is a separate eissue.

jeffH: yes

tony: you and akshay need to look at this one

https://github.com/w3c/webauthn/pull/1395

agl: still have work here

https://github.com/w3c/webauthn/pull/1398

tony: this is decision on discoverable and resident
... akshay can you also look at this?
... this will impact windows

jeffH: more documentation

akshay: yes, I will take a look

jeffh: it does remove terminology , resident key terms, they are still around
... tries to use discoverable in the text.

https://github.com/w3c/webauthn/pull/1399

untriaged.

alg: removes cred props. do we want to do taht

shane: no

bradley: should not have removed that

agl: maybe some extra lines were deleted.

jeffH: that is just registration section.

bradley: i opened a ticket to add IANA registration
... I opened a few new issues.

tony: gatting to that
... open up separate PR for IANA so we can track

bradley: that is plan
... one registered like AppID don't need to be re-registered

tony: mike jones, can you look at this.

selfissue: I approved it

tony: jeffH needs to work on it.

bradley: I will double check on cred props.

tony: some untriaged issues.

https://github.com/w3c/webauthn/issues/1396

tony: one for dynamic linking.
... came up on todays payments call.
... do we want to continue work on dynamic linking.

agl: dirk's presentation?

tony: yes
... it will affect what the browser displays, most work will be done at ctap layer

agl: dirk's plan is mobile focused, not clear it is web authn at all

tony: the display is where this crosses web authn

akshay: rp not comfortable saying legal things in these places
... RP provides the parameters and browsers sets the strings
... I don't know if we can ID all kinds of patterns. that is my take on transactions and PSD2

agl: not sure this is legit problem to deal with .

tony: not one person, this is payments in web authn

leddy: i put transaction confirmation in 10 years ago and would still like to see it in.

tony: bill what do you need to also display

leffy: originally it was simple. but now it fits into more digital identities and agreeing to transactions

akshay: having patterns are you looking for

leffy: was text strings and images.
... text stirngs would be good start

agl: it is not the browser saying it , it is some untrustworthy person saying something
... shown in the browser means a user touched a ??? and displayed this string.

leddy: just is browser is better than nothing

agl: it is not that strong a property, not sure it is useful

leddy: more indicative where we are going

akshay: I don't MSFT to be part of that contractional acty

act

scribe: put legal strings around it MSFT will not implement it. I need a better grasp of the situation

agl: run it by counsel

bradley: some of this discussion is happening in web payments
... some are pruttng transaction stuff in the challenge
... nice to have transaction stuff somewhere else

agl: people are probably doing bad things
... my summary, seems potentially plausible.
... question is will platforms adopt this

leddy: the psd2 stuff says authentication at the transaction
... it is tied to the transaction
... eventually this would be a superior model

agl: would visa use it if we built it?

tonhy: does anyone want to champion this.
... be responsible for the issue.

leddy: put me down and I will do what I can.

dturner: agl, are you getting these questions from your partners

agl: no coherent messaging

leddy: we are working on a FIDO transaction confirmation white paper

tony: leave 1396 untriaged and look at it latert

https://github.com/w3c/webauthn/issues/1400

tony: this is the IANA one.
... planning for WD-0

bradley: yes

planning for WD-03

selfissue: i agree this is the right thing.

https://github.com/w3c/webauthn/issues/1401

tony: tx Auth

bradley: if we leave it this way it may be confusing
... AppID is an example.

shane: why not use credProps

bradley: credProps is fine

nsteele: I think appID is more helpful

bradley: I can put both extensions in the. same example

tony: that's end of untriaged issues

https://github.com/w3c/webauthn/issues/1386

tony: extension issue

bradley: I have to add back three lines

tony: this is issue, not PR.
... I would like to get a WD-03 at the end of April.

jeffH: getting CTAP done is more important right now than web authn, so my time will be split.

bradley: some of is feel more rushed on CTAP.

Chairs: Nadalin, Fontana

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2020/04/01 19:51:09 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Default Present: jfontana, wseltzer, agl, akshay, davidturner, jeffh, elundberg, nsteele, nina, rae, sbweeden, martin, nmooney, selfissued, jbarclay
Present: jfontana wseltzer agl akshay davidturner jeffh elundberg nsteele nina rae sbweeden martin nmooney selfissued jbarclay bradley bleddyv
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Apr/0006.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]