W3C

- DRAFT -

Web Authentication WG

15 Apr 2020

Attendees

Present
agl, akshay, bill, david_turner, david_waite, elundberg, eric, jbarclay, jeffh, jfontana, martin, nadalin, nina, nmooney, rae, sbweeden, selfissued, wseltzer
Regrets
Chair
Nadalin, Fontana
Scribe
jfontana

Contents

tony: any spwg updates

jeffH: all quiet so far.

tony: PRs first

https://github.com/w3c/webauthn/pull/1300

nothing yet

https://github.com/w3c/webauthn/pull/1366

jeffh: akshay has made comments.
... if i understand akshay's comment, prompting the user

akshay: my comment is last line... must treat as direct
... I don't understand if you can change direct valul

agl: you make good point, maybe fallback should not be direct

jeffH: two things here in comment.
... one is we don't specify prompting user about enterprise attestation
... do you ask user before or after.

adl: before or after... the constraint can't change to direct after the fact.
... maybe we should fail the request if the user says no.

akshay: I don't know the right call here. may or must?
... maybe just remove this line.
... remove this last linee.

elundberg: does this open up confusion. should we replace it with something.
... what to expect if nothing is explicit
... I hav seen that RPs are struggling with different behaviors among the browsers

agl: thing here, no requirement to prompt. that is complicated. Also involves UI, which W3C does not get into
... seems weird to say if prompt ignored.
... I will update

https://github.com/w3c/webauthn/pull/1375

tony: did google get data back?

agl: I think this is good. to go

tony: ignore this? the last comment

agl: this commenter is overstating this case. but. right about some security questions

tony: can we send a response

jeffH: as noted in PR #1375. it is optional to use this constraint.

agl: we are not imposing on those with concerns

tony: can akshay and emil look at this one.

https://github.com/w3c/webauthn/pull/1392

tony: no update

https://github.com/w3c/webauthn/pull/1395

jeffH: we want to do a trial implementation before it goes in to specc

agl: some want base 64 encoding
... I don't think we should do this here.

emil: other, don't do any base 64 encoding

agl: we don't use base64 in this spec.

emiL: in some of the attestation stuff

agl: i will switch it to base64 URL
... I wil come back with something

https://github.com/w3c/webauthn/pull/1398

jeffH: I need to get to this.
... I need to wait on an update

https://github.com/w3c/webauthn/pull/1399

bradley: done, I can submit it
... done

tony: will leave dynamic linking un-triaged

selfissue: last issue, thought we have PR to fix IANA issue

bradley: I will add the missing IANA issues
... need to fix my branches.

nickM: https://github.com/w3c/webauthn/pull/1381
... take a look at this. the current implementation of network transport.
... I want to make sure we are designing for folks that are interested.
... need feedback.

transport is https://github.com/w3c/webauthn/issues/1381

https://github.com/w3c/webauthn/issues/876

jeffH: looking at this.

tony: closing in on WS-03, but some issues to resolve. Need to get some things over in FIDO resolved.
... question at TPAC, if there is one, our meeting at TPAC will depend on where the spec is.
... tentatively say that we will meet in Vancouver.

dwait: if we limit JSON do we need to consider CBOR?

agl: it is mostly a question of code is considered sensitive or outside
... that is where they are hyper sensitive

tony: adjourn

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2020/04/15 19:40:49 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: agl akshay bill david_turner david_waite elundberg eric jbarclay jeffh jfontana martin nadalin nina nmooney rae sbweeden selfissued wseltzer
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]