Tony: TPAC coming up. a few weeks
out.
... open to discussion on how we structure it
... anybody want more than weekly meeting? Or joint session
jeffH: payments folks
nsteele: anything from web payments, any interest.
tony: we have not seen any activity
Bendy: no requests.
Wendy: we can have meetings on work and collaboration.
<jeffh> i.e. other parties, such as web payments, might wish to meet with us, but we have not heard yet
<wseltzer> https://www.w3.org/wiki/TPAC/2020/GroupMeetings
wendy: web payments has a
wiki.
... I see tentative meeting for web payments WG.
tony: if they ask , we should do something.
slef-issue: the DIDs schedule
looks to be virtual face to face.
... I don't think they have any interest in meeting with
us.
wendy: noting that the breakouts,
scheduled over one day, something can be self organized.
... we can look to organize things when the schedule comes
out.
tony: my question, should we NOT
meet that week.
... or shoud we follow normal schedule
wendy: meetings that week, breakouts one hour each day
tony: we will keep an eye on
this
... when will sked by finalized?
wendy: we are being encouraged to get things organized this week
tony: any other discussion
... look at open PRs
https://github.com/w3c/webauthn/pull/1470
<wseltzer> [TPAC breakouts will be 1400-1500 UTC, week of 26-30 October]
agl: jeffh has added some things and I will follow up
https://github.com/w3c/webauthn/pull/1472
tony: vitual authenticator
nina: i just replied to JC.
tony: akshay you are going to
look at it.
... let it hang out until Akshay is ready.
JC_Moz: it's not as complicated
as it looks.
... thanks Nina for your work
elundberg: why are we dnot kusing WEb IDL
jc_MOz: it is not a web IDL interface at all.
elundberg: ok, i think then this is a separate thing
tony: some untriaged.
https://github.com/w3c/webauthn/pull/1474
jeffH: Jeiwan submitted this. so
issues with teh terminollgy, needs clarified
... I disagree with current approach here
... coming closer to agreement. may not finish to we see the PR
from Apple on attestation
JTan: explaining Apple attestation
jbradley: how is this different
from safety net attesation
... why a different definition
... is this internal to the authenticator
JTan: because anonymous does not
work in a way that the current model is defined.
... there is no match to our attestation.
bBradley: is it a basic attestation and walk bsck to know root
jTan: that can be applied to the
CA
... attestation will operate ??? in different places than
authenticator
... platform and roaming authenticators can both be used
eventually
jeffH: attestaton formats are
different than types
... my initial motivate for #1422, we did not tease out all the
definitions for the attestation types.
... all this discussion means I was right, not teased apart
enough
... we should wait to see what this looks like and then finish
teasing all this apart
JTan: should I in PR define something in attestation types
jeffH: i'm thinking presently
that attestation CA , I could be wrong, that we can define this
with more depth.
... apple anonymous could be part of a sub-section
... we need to see more in order to make these decisions
JTan: I don't expect to get into those details that you are suggesting. They are specific and we don't want to share.
jeffH: you are saying no further details
JTan: yes.
jeffH: which format are yo usign
JTZan: our own,
... maybe wee should continue the discussion after we upload
something.
jeffH: TCG did not put that info. in the web authn spec. we read their docs and added the details ourselves. it's all publicly defined
JTan: I would appreciate for TCG
to comment
... there is some confusion about how attestation should
work.
elundberg: i was thinking it was
some kind of proxy for attestation
... but that was incorrect
... we have been talking about attestation proxy, could we use
that term
jeeffH: possibly
tony: one quesiton is are people comfortable doing this now
JTan: ys, I think we wait until my PR and then discuss
tony: do we handle in L2, yes.
JTan: yes
jeffH: is there an answer from apple lawyers
JTan: soon
tony" pull this into WD04
<jcj_moz> https://github.com/w3c/webauthn/pull/1476
thanks, JC!
jeffH: I have comments on it. I
do have qustions for this PR
... we may close and do another one .
tony: do we leave where it is, or move it over
jeffH: leave it alone
https://github.com/w3c/webauthn/issues/1475
elundberg: some privacy
concerns
... there could be a privacy leak and a securty issues - could
see what acconts have web authn set up and those that do
not
... some are saying privacy issues should apply to this
... we should crosslink this work
... I will assign this to myself
tony: not at issues .
... now at issues
https://github.com/w3c/webauthn/issues/1462
JC_moz: I am going to say this is
out of scope
... it doesn't match the Web authn charter. needs to go to
other group
... I will open that and get it done before any CR
designation
agl: google thinks this is not something we will bother with
self-issue: i think it belongs in
this working group
... I am on the hook to move this.
wendy: procedural: thee group can
publish notes.
... it can indicate what the WG wants to see.
akdhay: our position is we like
this extension
... we don't want to delays.
... we could come back to it on some other level.
tony: jc, I leave this up to you
https://github.com/w3c/webauthn/issues/1457
tony: this is the discoverable discussion
jbradley: I think we can probably close this. we have had thee discussions
tony: other views
shane: i would rather not ignore
it
... we could bring back resident keys=forbidden
agl: I don't think this is useful.
shane: any thoughts from CG
nsteele: I have to look into this.
<nsteele> Thanks!
Line 13:47, the issue should be 1457
This is scribe.perl Revision of Date Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/2 weeks/a few weeks/ Succeeded: s/1447/1457/ Present: jfontana wseltzer selfissued nsteele sbweeden agl akshay bill davidwaite davidturner elundberg jcj_moz jeffh jeremy jiewen nadalin nina rae tim No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Sep/0006.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]