https://github.com/w3c/webauthn/pull/1424
agl: potentially ready. some comments to address
elundberg: I will resolve the conversation and mark as approve
agl: with empty extensions, should that extension be echoed back, current spec says no
https://github.com/w3c/webauthn/pull/1440
seelfissue: I will fix the names and merge
https://github.com/w3c/webauthn/pull/1443
tony: nick is not here
... table
elundberg: re-read and then I can approvee
https://github.com/w3c/webauthn/pull/1443
nickS. some clarification in there
scribe: I did address elundberg questions
tony: he need to verify
https://github.com/w3c/webauthn/issues/1444
<nsteele> thanks for rewinding jfontana!
agl: not exciting. we can close next week if no aciton
https://github.com/w3c/webauthn/issues/1445
elundberg: suggestion we change
dfinition in the extension section to mirror the App
Exclude
... AppID Exclude
agl: broad rules, but I don't think it is true
selfissue: I disagree, you get output if extension is processed
adl: for AppID Exclude, it is useless
tony: it is a rule that should be obeyed
agl: I think the rule should change rather than bending
jbradley: may be true nothing useful. knowing that AppID Exclusion did not work does tell you something
agl: if you want a true in there, go ahead. I might not implement
elundberg: saying the value of the output would be true.
agl: so it is useless and
confusing
... we could parse to Windows, but if not enforced, do we treat
as use agent string
bradley: larger discussion
here
... extend the API and pass it down and get something
back...
... do something with the extension?
agl: would could plumb it back,
but this is what led me to my thinking
... it is a great deal of plumbing, which is behind the idea it
should not have an output
selfissue: consistency is more important. we have "true if no output"
jbradley: chrome may not know it was acted on, that is where it gets compicated
akshay: looks to me it is more confusing
agl: not always true; it is misleading
akshay: if i had time I would plumb it through
agl: lot of work to throw it away in the end
selfissue: the rule lets you know it was processed.
agl: could leave as none, always
true or true/false
... I have no opinion
jbradley: don't you need to
change API to pass down the AppID
... don't know if there is that much more work
agl: doing the plumbing does not seem worthwhile
selfissue: problem is you will have to handle this special
agl: delete the paragraph that says everything has an output.
selfissue: I will work on this
tony: tag it on the #1445
selfissue: OK
elundberg: can we go back to
PRF?
... that has the same issue
agl: does mike has an
opinion
... I will go back and adjust
jbradley: where are we at with Dirk's payments proposal
jeffh: we have to work on this
tony: this is new feature. we are feature frozen
agl: dirk not sure that this works at all
jbradley: it may be FIDO European group
agl: I don't think we should make an exception on this
jbradley: we likely need to at least keep people in the loop
jeffH: this WG should work on this general topic, don't think it gets into Level 2
<jeffh> jeffh: tho dirk now has web use case input
tony: best thing to do is get an issue opened and then we can look at it and make decisions
jeffh: sure
selfissue: I want to talk about
1441
... some missing normative guidance, i propose to add normative
guidance. add those we are adding from FIDO2
Signature Formats section https://w3c.github.io/webauthn/#sctn-signature-attestation-types
<jeffh> https://github.com/w3c/webauthn/issues/1441
jbradley: since we specify the
algorithm and not the curve, it does not prevent things from
being added.
... I will look at the issue.
tony: anymore?
jeffH: we still have 22 issues
for Wd-03. And several are old. We won't deal with them
... we need to side what we are going to punt on
... a bunch of the editorial stuff is not going to get
done.
... I don't think we have time now, i can make suggestions
elundberg: maybe talk about eliminating duplicate terminology
jeffH: should we just close?
https://github.com/w3c/webauthn/issues/358
jeffH: we can eliminate. adding
comment
... OK, one less issue
agl: update for akshay. there is nothing about number of attempts.
tony: adjorn
This is scribe.perl Revision of Date Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: wseltzer jfontana Nadalin elundberg jeffh jeremy selfissued gavin bill akshay agl Jiewen Eric nsteele Regrets: jcj_moz No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Jun/0209.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]