W3C

- DRAFT -

Web Authentication WG

23 Sep 2020

Agenda

Attendees

Present
jfontana, wseltzer, elundberg, tim, jeffh, nina, agl, billleddy, davidturner, eric, jeremyerickson, johnbradley, nadalin, nsteele, raehayward, sbweeden
Regrets
Chair
SV_MEETING_CHAIR
Scribe
jfontana

Contents

https://github.com/w3c/webauthn/pull/1470

tony: waiting for updates.

https://github.com/w3c/webauthn/pull/1474

tony: still waiting for Apple. will look to completing next week.
... look at untriaged issues.

https://github.com/w3c/webauthn/pull/1484

tony: this is one we might not address

jbradley: need to talk to Google and Firefox

nickS: were we talking about this going to CG
... that was another issue.

tony: does anybody want to weigh in before this closes?

JeffH: we have said in another issue, we are working on this.
... no guarantee when.

jbradley: this is not a secret.
... firefox needs some resources here
... firefox on adroid

tony: should we move to futures?

jbradley: move it to the next version

tony: open issues. no apple update.

https://github.com/w3c/webauthn/issues/1453

https://github.com/w3c/webauthn/issues/1485

tony: should we handle this?

shane: that to me is RP policy.
... more than a spec

nickS: i agree.

tony: not doing anything to prevent creation of these

agl: think this is correct stand for spec

jeffH: i agree

tony: so close this with that statement.

nickS: will respond and close

https://github.com/w3c/webauthn/issues/1486

jeffH: this is spec bug.

https://github.com/w3c/webauthn/issues/1441

tony: any other issues to talk about?

jbradley: we've added a way to get transport without attestation, should we also add a way to report the AAGUID?
... to get full attestation.

agl: if we remove attestation we zero out attestation
... remove the AABUID

AAGUID

nickS: if you have aaguid without attestation you can lie about it

jbradley: question, is there way to find info. without going through attestation
... this is a Level 3 issue likely

tony: thinking of this as browser or spec change

agl: browser

tony: so this is not a Level 3 item

jeffH: but we can tag it as a discuss issue.

jbradlley: we should open an issue, on if you get a self-signed attestation what do you do

jeffH: you are right

jbradley: need to look at AAGUID in the MDS

jeffH: we should put the self signed cert in the MDS , that is the out of bound thing that you need.
... out of band thing

tony: any other discussions?
... adjourn

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/09/23 19:46:48 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision of Date 
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: jfontana wseltzer elundberg tim jeffh nina agl billleddy davidturner eric jeremyerickson johnbradley nadalin nsteele raehayward sbweeden
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Sep/0132.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]