Web Authentication WG

18 Nov 2020



jfontana, jcj, selfissued, jeffh, dveditz, agl, akshay, davidturner, davidwaite, elundberg, eric, johnbradley, nadalin, martin, nsteele, nina, sbweeden, timcappalli, wseltzer
Nadalin, Fontana


tony: wd04 has been published
... please review
... know if there are any issues.

<wseltzer> https://www.w3.org/TR/2020/WD-webauthn-2-20201116/

ready to start the process

agl: we want working group to submit a TAG request for review

wSeltzer: not sure there is specific new TAG review point.
... but we can submit for TAG review

agl: we are - Google - required to submit a TAG

jeffH: in the blink process

agL: we would like to do this now

WSeltzer: this won't be the first time, we did it with L1

agl: we will submit delta between L1 and l2

tony: is this from Google or the working group
... anything else on CR to discuss
... not hearing any.

WSeltzer: the privacy reviewers have filed some questions in issues.

tony: we want to start CR doc and look at wd-04 by Friday.
... so we can fix what we need to and submit a CR
... have some issues to look at; think all editorial at this point.
... do need some updates



tony: any updates on editorial issues.

JeffH: there are a bunch I have not looked at.
... all editorial

tony: we could punt some of these to L3


tony: need someone assigned to Secure Payment Confirmation effort has implications on the WebAuthn spec

JefH: assign me


tony: jeff is this you.

jeffH: remains puntable
... we don't really need to do it.

tony: can we move to L3
... any objections



tony: assigned to JC

jcj_Moz: don't know where we stand. this looks like it needs to be a web platform test issue

tony: is Nina on

Nina: yes

tony: need to assign someone to this

agl: assign me

nina: we might already have a test fo rthis
... I will take a look

jcj_moz: if there is a test we can close #1302
... we could add a step, but if there is a test that is enough.

toy: we have some untriaged issues

tony: https://github.com/w3c/webauthn/issues/1523

jcj_moz: that can be scrubbed.

agl: we should list step numbers by symbolic label

jeffH: we should fix this and I can do it by Friday.

<elundberg> my mic isn't working it seems

<elundberg> I'll do 1524

<elundberg> sorry, 1523

tony: emeil will do this.

jeffH: we will review this.


agL: i can write a response here. I don't think it is a spec change.

tony: this would be a close?

agl: I will look at it, we can make a decision next week.

jbradley: I think is trying to force authenticators to supply the transporst
... they want it in Web Authn; don't think it works.

nsteele: is this preferred rather than required?

tony: not mandatory


agl: we could throw in use agent should get confirmation

tony: agl, can you write response.

agl: response could be PR; I will give him an answer.

akshay: specifying UX is not what I would go for. need some user consent.

tony: you want a response?
... put somthing in the doc?

akshay: I am fine with the way it is right now

tony: say it is UI and out of scope

jcj_moz: you can take no action, we are going to all have opinions

agl: I will writ an response and close.


agl: I don't know if this is for web authn stuff,

akshay: we can close if it is not needed here

jcj_moz: if we start prescribing how PKI works , then we have to show why it works
... FIDO would say those are not valid authenticators

jbradley: are they trying to make this retro-actively work

agl: i don't want to cover this in the spec

jbradley: maybe they should make new self signed certs


agl: this strikes me as nonsense

tony: who wants to be owner

nsteele: I will assign myself.

agl: this is wrong already; too many bytes.


agl: we removed the extension (location)

jeffh: this is something old.

tony: close this one

agl: i think so

selfissue: close

tony: who will close PKI?

agl: I will

WSeltzer: PING has a call tomororw, so I can relate some context
... I will see if they have a full reivew or we need more info.

jcj_moz: I will leave Mozilla at end of month.
... it has been a pleasure to bring web authn out to the world
... an honor.

tony: appreciate your help and all your contributions.
... how do you want to be listed. editor?

jcj_moz: yes, would like to be listed as editor; retire me on anything after L2

tony: OK.

<jcj> jfontana Dan Veditz

Dan Veditz will be taking over for jcj_moz.

tonny: please let us know by Friday on wd-04
... elundberg and jeffH will work on this

<wseltzer> Next meeting: Dec. 2

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/11/18 20:49:01 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision of Date 
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: jfontana jcj selfissued jeffh dveditz agl akshay davidturner davidwaite elundberg eric johnbradley nadalin martin nsteele nina sbweeden timcappalli wseltzer
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Nov/0161.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)

[End of scribe.perl diagnostic output]