Web Authentication WG

01 Apr 2020



jfontana, wseltzer, agl, akshay, davidturner, jeffh, elundberg, nsteele, nina, rae, sbweeden, martin, nmooney, selfissued, jbarclay, bradley, bleddyv
Nadalin, Fontana



tony: still low priority.


agl: no updagtes

jeffH: OK

elundberg: I need some more time to look at this.

tony: it won't get closed today


agl: SSH people are still working on this. wait for their confirmation


agl: we approved merge last week, so just need some more review


tony: think this is JC

agl: I may need to re-review this.

tony: jeff and akshay look at this one.


jeffH: I haven't looked at this yet. we need to update feature policy with the new name

tony: that is a separate eissue.

jeffH: yes

tony: you and akshay need to look at this one


agl: still have work here


tony: this is decision on discoverable and resident
... akshay can you also look at this?
... this will impact windows

jeffH: more documentation

akshay: yes, I will take a look

jeffh: it does remove terminology , resident key terms, they are still around
... tries to use discoverable in the text.



alg: removes cred props. do we want to do taht

shane: no

bradley: should not have removed that

agl: maybe some extra lines were deleted.

jeffH: that is just registration section.

bradley: i opened a ticket to add IANA registration
... I opened a few new issues.

tony: gatting to that
... open up separate PR for IANA so we can track

bradley: that is plan
... one registered like AppID don't need to be re-registered

tony: mike jones, can you look at this.

selfissue: I approved it

tony: jeffH needs to work on it.

bradley: I will double check on cred props.

tony: some untriaged issues.


tony: one for dynamic linking.
... came up on todays payments call.
... do we want to continue work on dynamic linking.

agl: dirk's presentation?

tony: yes
... it will affect what the browser displays, most work will be done at ctap layer

agl: dirk's plan is mobile focused, not clear it is web authn at all

tony: the display is where this crosses web authn

akshay: rp not comfortable saying legal things in these places
... RP provides the parameters and browsers sets the strings
... I don't know if we can ID all kinds of patterns. that is my take on transactions and PSD2

agl: not sure this is legit problem to deal with .

tony: not one person, this is payments in web authn

leddy: i put transaction confirmation in 10 years ago and would still like to see it in.

tony: bill what do you need to also display

leffy: originally it was simple. but now it fits into more digital identities and agreeing to transactions

akshay: having patterns are you looking for

leffy: was text strings and images.
... text stirngs would be good start

agl: it is not the browser saying it , it is some untrustworthy person saying something
... shown in the browser means a user touched a ??? and displayed this string.

leddy: just is browser is better than nothing

agl: it is not that strong a property, not sure it is useful

leddy: more indicative where we are going

akshay: I don't MSFT to be part of that contractional acty


scribe: put legal strings around it MSFT will not implement it. I need a better grasp of the situation

agl: run it by counsel

bradley: some of this discussion is happening in web payments
... some are pruttng transaction stuff in the challenge
... nice to have transaction stuff somewhere else

agl: people are probably doing bad things
... my summary, seems potentially plausible.
... question is will platforms adopt this

leddy: the psd2 stuff says authentication at the transaction
... it is tied to the transaction
... eventually this would be a superior model

agl: would visa use it if we built it?

tonhy: does anyone want to champion this.
... be responsible for the issue.

leddy: put me down and I will do what I can.

dturner: agl, are you getting these questions from your partners

agl: no coherent messaging

leddy: we are working on a FIDO transaction confirmation white paper

tony: leave 1396 untriaged and look at it latert


tony: this is the IANA one.
... planning for WD-0

bradley: yes

planning for WD-03

selfissue: i agree this is the right thing.


tony: tx Auth

bradley: if we leave it this way it may be confusing
... AppID is an example.

shane: why not use credProps

bradley: credProps is fine

nsteele: I think appID is more helpful

bradley: I can put both extensions in the. same example

tony: that's end of untriaged issues


tony: extension issue

bradley: I have to add back three lines

tony: this is issue, not PR.
... I would like to get a WD-03 at the end of April.

jeffH: getting CTAP done is more important right now than web authn, so my time will be split.

bradley: some of is feel more rushed on CTAP.

Chairs: Nadalin, Fontana

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2020/04/01 19:51:09 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Default Present: jfontana, wseltzer, agl, akshay, davidturner, jeffh, elundberg, nsteele, nina, rae, sbweeden, martin, nmooney, selfissued, jbarclay
Present: jfontana wseltzer agl akshay davidturner jeffh elundberg nsteele nina rae sbweeden martin nmooney selfissued jbarclay bradley bleddyv
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Apr/0006.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]