W3C

- DRAFT -

Web Authentication WG

14 Oct 2020

Agenda

Attendees

Present
agl, akshay, davidturner, davidwaite, elundberg, eric, jeffh, jfontana, jiewentan, johnbradley, nadalin, nsteele, rae, ricky, sbweeden, timcappalli, wseltzer, nina, jbarclay
Regrets
Chair
Nadalin, Fontana
Scribe
jfontana

Contents

Tony: start with discussion.

jbradley: thre are things dragging out in FIDO land, but it is still in process

elundberg: been working with researches on secuity analysis of proposed recovery mechanism we have
... asked if Web authn can provide a quote to use in PR material, to talk about the work.

<elundberg> Backup credentials are an important problem for the WebAuthn ecosystem to solve, and the key generation approach behind ARKG enables architectures that fit well with the decentralized and interoperable design of WebAuthn. The ARKG analysis performed by Dr. Manulis and his team proves that this technique preserves WebAuthn's security and privacy principles. The Web Authentication Working Group looks forward to exploring how it can be lever[CUT]

elundberg: I can post it in IRC

<wseltzer> [leveraged to improve the Webauthn end-user experience]

<jeffh> ...aged to improve the webauthn user experience.

elundberg: do we want to provide quote. if yes, is text good or does it need edits.

agl: the researchers are unpaid.
... I am supported of offering this to them, .

tony: when will they do this.

elundberg: in Nov.

tony: any issues from W3C

wendy: seems reasonable to say. I'll check with our comm team.
... confirm WG is OK and I will see if W3C is.

tony: any other people have comment

jeffH: reasonable.

akshay: fine.

tony: not hearing anything let record show no objections
... anymore discussion.

none

https://github.com/w3c/webauthn/pull/1474

jeffH: Shane is saying he can work on this.

jtan: I can work on this issue.
... want to know how this will be working. good for me to talk about how this works and how it relates to FIDO spec

tony: timing?

Shane: will work with JTan.
... I will submit a PR to JTan branch and look at it that way.

https://github.com/w3c/webauthn/pull/1491

nickS: waiting on more info.

shane: the spec should be the record

nickS: needs approval before I can work with it

tony: any other issues with this PR

shane: I am happy to approve

tony: other questions been resolved.

jeffH: I think so. This is connected to #1474
... when they update, I can re-review and land it.

tony: get these done next week.

https://github.com/w3c/webauthn/pull/1497

jeffH: needs a look from the group.
... this is implemented in Chrome.
... it is being used by some sites and results are successfull

tony: any other discussion?
... next, issues

https://github.com/w3c/webauthn/issues/1495

tonhy: this is updating the IANA registry

jeffH: #1491 should also update IANA; this should be in #1491
... once Level 1 goes to Recommendation we then ask IANA to register these

shane: juggling with #1491 and #1474; make this one PR?
... JTan what are your thoughts

JeffH: I agree

shane: as one PR all the changes are together.

Jtan: but other changes could impact other places in spec
... I think there are other sections that mention the attestation cA
... if we have another one, we need to add that one

shane: oK we can keep it scret and make one of pre-req of the other.
... keep it separate

tony: Issues

<jeffh> editorial ones worth doing: https://github.com/w3c/webauthn/issues?q=is%3Aissue+is%3Aopen+label%3Atype%3Aeditorial+milestone%3A%22L2-WD-04+Final%22+-label%3Astat%3Apuntable

jeffH PR #1331 can shane look at this

shane: have to read it.

https://github.com/w3c/webauthn/issues/1331

jeffH: if you want editorial issues addressed a PR would be welcomed.
... in myself opinion all the other editorial ones for final can be punted to L3. I don't think we necessarily need to do this

<jeffh> presently open L2-WD-04 editorial issues: is:issue is:open label:type:editorial milestone:"L2-WD-04 Final"

tony: this will need some work

jeffH: i tagged the ones I think are puntable

tony: nothing more. adjourn

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/10/14 19:36:39 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision of Date 
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/say./say. I'll check with our comm team./
Present: agl akshay davidturner davidwaite elundberg eric jeffh jfontana jiewentan johnbradley nadalin nsteele rae ricky sbweeden timcappalli wseltzer nina jbarclay
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Oct/0033.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]