W3C

- DRAFT -

Web Authentication WG

15 Jul 2020

Agenda

Attendees

Present
wseltzer, selfissued, jfontana, DavidTurner, agl, nadalin, sbweeden, JeremyErickson, jeffh, Eric, GavinShenker, DavidWaiter, nsteele, RaeRivera, nina, elundberg
Regrets
Chair
Nadalin, Fontana
Scribe
jfontana

Contents

tony: On e PR outstanding #1452

https://github.com/w3c/webauthn/pull/1452

elundberg: if it's on must thread, then that is not important.
... I will take another look.

Tony: this is last one pending, waiting for #1453, attestation by Apple.
... are we OK adding in Level 2

agl: I would like it to be ready.

https://github.com/w3c/webauthn/issues/1453

agl: do we wait or not.

nsteele: I can follow up

tony: we had one PR closed, would like to get agreements to see if we can publish a wd-03
... then there is a wd04 in plan. that is where apple attestation would come in
... up to group what to do

agl: we should publish wd03 and wait for apple
... we would be looking at Aug. 15 or end of Aug. to publish.

tony: any concerns on this?
... not hearing objections
... lets wait on PR. wait for #1452 to merge, than go to WD03
... no objections

selfissue: are we communicating with Apple

tony: yes.
... not sure it is official channel

nsteele: not offcial

tony: not sure if it will be one or two attestation types.
... trying to be open minded.
... one #1452 is merged we will produce wd03
... no objection

elundberg: I will merge #1452 after merging.

tnoy: generate the spec after that.

tony: people agree to adding feature after freeze

jeffH: lets look first.

agl: I would say yes and we haven't seen it yet.

nsteele: collecting resources and setting up some tests. see if RP code works or not
... want to get implementaton questions sent to us.
... currently 9% of issues seen in Web Authn list are implementation issues

Tony: this give some structure and should we close #1454

nsteele: working with FIDO, to see how we align web auth CG and what FIDO is doing
... we are working on dev. tester suites. tool set.
... we could give to devs. so code is right.

tony: FIDO would publish there plan and go from there

nsteele: good. this is speeding along.

tony: earliest publish would be next Tues.

shane: question for adoption. question is related to what can this group or CG do to address some issues.
... there are many choices for platform vendors. what is the right way to do that.
... uniformity in behavior or focus on something else.

agl: with How to Fido, trying to deal with complexity, people don't complain

shane: I am complaining

agl: most people have cleared hurdles.

shane: I can share with you the issues. Andriod does not suport resident keys.; MSFT always considers a res. credential
... these are some examples of implementation, some with bad outcomes.

agl: we are aware of Android issues.

shane: my concern, incompatibility, even though everything is spec compliant.

agL: explaining there are some changes but can't explain in-depth

shane: I will share with you the challenges .
... I will share with MSFT also

<jeffh> see: https://github.com/fido-alliance/how-to-fido/issues/8

agl: the larger point, we need to talk to the platform vendors, and we need to respond better.

shane: how to you action these challenges.

nsteele: we would go to the technical groups when working with Android
... we can help get the issues in the right places for evaluation
... bridge devs and WG

shane: look at issue 8
... keep dialogue open
... we need to keep the eplatfomrs aligned.
... there is one profile and that is consumer

nsteele: hope resources we develop, we are getting some help on libraries. we will aim and having suite of conformance tests.
... goal is to have all this become necessary

tony: bunch of issues marked puntable, except #1452
... so should we move the others to wd04
... any update on registries- how close for final call.

selfissue: registries exist, the other things in draft.

jeffH: review mailing list created.

tony: I had a question for wendy
... will get back to her. it was procedural
... that is all for today.

jbradley: update from Apple is ..by the end of this week for attestation.
... if we can review by next meeting , we can discuss here.

agl: wd04 is last working draft. end of september. aim for CR is set at end of Oct. Recomendation, set at end of Nov.

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/07/15 19:36:00 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision of Date 
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: wseltzer selfissued jfontana DavidTurner agl nadalin sbweeden JeremyErickson jeffh Eric GavinShenker DavidWaiter nsteele RaeRivera nina elundberg
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Jul/0088.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]