W3C

- DRAFT -

WebAuthn WG

05 Aug 2020

Attendees

Present
nsteele, jeffh, agl, akshay, davidwaite, davidturner, elundberg, eric, gavinshenker, jbarclay, jfontana, jiewen, johnbradley, nadalin, selfissued, nick, nina, rae, sbweeden
Regrets
Chair
Nadalin, Fontana
Scribe
jfontana

Contents

tony: wd03 published
... wd-04 end of sept., end of oct. put out CR and Proposed by end of Dec.

jbradley: ctap2 work trying to sync with Web Authn
... was discussion in SPWG to change privacy principle.
... could impact CTAP2

tony: issues. any update on Apple attstation

https://github.com/w3c/webauthn/issues/1453

JTan: waiting for lawyers.
... you can test it now.

tony: any questions

shane: when requesting direct attestation I was getting an error.

JTan: we can discuss offline

tony: when you get permission you will create a PR

JTan: yes.

https://github.com/w3c/webauthn/issues/1457

jbradley: relates to Apple platform authenticator on iOS
... not sure what to do about it.

tony: Msft is changing its behavior

akshay: I can't guarantee what we will do.

tony: will you change?

JTan: will not change right now, not sure in the futuree

agl: it could change in 14.1
... OK, nothing looking forward

tony: we should leave it.

shane: this is about FIDO spec not working\
... makes implementation of RP less consistent

agl: we highlighted, we can't change the world. we need help there

tony: we don't change spec here, and hope people don't change their implementations

agl: we don't have to back up to CTAP
... we could add a note
... but that ages quickly.

tony: do we move this to future level
... Apple won't make deadline

jbradley: do we revert the changes to web authn spec

tony: so move to next level or close

shane: we need consistency

jeffH: spec could be moree clear #1459

jbradly: look at $1459

jeffH: section 5.4.4, does not use discoverable language. should be updated

https://github.com/w3c/webauthn/issues/1459

agl: update language, tweak wording elsewhere

elundberg: did update terms, but not use of terms

jeffh: we are not using new language around resident kehys
... we ought to clarify is what I am hearing from agl

agl: I am open to changing things around.

tony: so do #1459 and not #1457

afgl: nod toward #1457
... it does happen

jeffh: we should note down sides

tony: agl can yo craft a PR to cover both.

agl: I will do next week

jbradley: problem here is need to track creation of credentials

https://github.com/w3c/webauthn/issues/1441

JeffH: I will clean-up

tony: jbradley, you adding some wording

jbradley: yes.

tony: some un-traiaged

https://github.com/w3c/webauthn/issues/1462

agl: this is mozilla objections to PR extension.
... not worth sinking the spec ovre.

akshay: I like this extenison
... I want it in web auth, addresses web crypto

tony: so both google and msdft are in favor of keeping this

JTan: pseudo-random function. I need to review this

tony: does anyone want to take this one over?

agl: we should give him another week, but we might need some help

tony: I will move it into WD-04

https://github.com/w3c/webauthn/issues/1463

agl: hope to get consensus on specifics, and put note in spec mentioning this.

tony: see this an editorial

agl: yes, but with guidancee

tony: any other issues to discuss
... are we going to leave this, close it. moves to level three and someone with look at it. https://github.com/w3c/webauthn/issues/1396

jeffH: all the editors in draft; RFC 8809 eminent

tony: when do we see completion with this in ITF

selfissue: this week
... this is IETF to be clear

<selfissued> The registries are at https://www.iana.org/assignments/webauthn/webauthn.xhtml

<selfissued> draft-hodges-webauthn-registries will be RFC 8809

tony: adjourn

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2020/08/05 19:51:53 $