W3C

- DRAFT -

Web Authentication WG

22 Jul 2020

Agenda

Attendees

Present
jfontana, wseltzer, elundberg, nsteele, jeffh, Akshay, Eric, Gavin, Jiewen, Nina, Rae, sbweeden, selfissued, jbarclay, jcj_moz
Regrets
Chair
Nadalin, Fontana
Scribe
jfontana

Contents


<wseltzer> present=

tony: We are generating a WD-03 doc. Hopefully done soon
... wasa SPWG meeting.
... today

selfissue: do we need to lock repository until we do draft

tony: we will make up draft.

https://github.com/w3c/webauthn/pull/1455

elundberg: just an editorial fix
... this might impact the new draft.
... data may not go to the right spot. it may happen, or may not

tony: should we put it back into WS-03

elundberg: hassle, but we can fix before CR

tony: reviews, jeff

jeffH: yes, looking

tony: we don't have any outstanding un-triaged PRs
... issues

https://github.com/w3c/webauthn/issues/1453

JTan: not ready yet
... I will update PR before our attestation in ready

tony: goal is a Level 2 doc. so trying to close out working drafts by end of september

JTan: our target is still aug 14, general release is this fall

tony: you want this in level 2

JTan: hope so.

https://github.com/w3c/webauthn/issues/1454

nickS: I will close it this week.

tony: who do we want to assign #1453

jeffH: taking over means waiting on Apple?

tony: yes.

nickS: I can take that.

https://github.com/w3c/webauthn/issues/1422

jeffH: there are all these puntable editorial issues

tony: just looking for some to be responsible

JTan: I am willing to help

jbradley: be clear ECDAA is being removed from Level 2 web authn

JTan: we are not going to use that.

jeffh: Privacy CA term was invented by TPM folks and is specific to them

JBradley: we need a different attestation coming from authenticator. talked about it, but work not doine
... on CTAP side a attestation format that would work with that kind of CA
... attestation is different for each RP

tony: JeffH is willing to help. Bradley and JTan

https://github.com/w3c/webauthn/issues/1456

Nina: there are some changes we can do here, to improve

tony: seems like new feature

nina: some new features, yes.

tony: we had feature freeze, is this necessary or can it punt to Level 3

jbradley: thinking Level 3 and CTAP 2.2

tony: nina can you do another. move this one to level 3
... then put some wording in level 2

nina" no reason to bump to level 3 for credentials.

scribe: one idea is to move this to level 3

tony: open up a new issue. I moved the other to level 3
... move the new issue into level 2

elundberg: it needs to be immutable

nina: if we just say cred ID had to be immutable, does not really solve the problem
... we should clarify

jeffH: yes

jbradley: overlaps with discoverable credential

elundberg: these are instructions for authenticator developers.

nina: yes, authenticators
... for Level 3, give RPs a better way to handle this

https://github.com/w3c/webauthn/issues/1457

jbradely: in level 2 changed behavior of credentials when it is not discoverable.
... have to ask explicitly
... we should think about direction and make sure it is correct
... coordinate with new kids on the block, where Level 2 is going
... it is a discussion point.
... to JTan, is your intent to make all resident credentials discoverable.

JTan: we decided to make all credentials for platform authenticators. what is discoverable.

jbradley: get cred without an allow list

JTan: yes.

<jeffh> see also: https://w3c.github.io/webauthn/#discoverable-credential

jbradley: apple is going to change, msft and android likely to match

akshay: if people want two patterns I am OK with that.

jbradley: I don't want to have any surprises.

tony: let's come back to this one and discusson
... any other issues we need to discuss

nina: no, but I did create the new issue #1458

tony: any other business?

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/07/22 20:04:59 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision of Date 
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: jfontana wseltzer elundberg nsteele jeffh Akshay Eric Gavin Jiewen Nina Rae sbweeden selfissued jbarclay jcj_moz
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Jul/0112.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)


[End of scribe.perl diagnostic output]