20:02:13 RRSAgent has joined #webauthn 20:02:13 logging to https://www.w3.org/2021/01/06-webauthn-irc 20:02:16 RRSAgent, make logs Public 20:02:17 Meeting: Web Authentication WG 20:04:18 present+ 20:04:37 wseltzer has changed the topic to: 6 January https://lists.w3.org/Archives/Public/public-webauthn/2021Jan/0002.html 20:04:41 Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2021Jan/0002.html 20:05:25 tony: we have entered into CR 20:05:38 ...We have started IPR process 20:05:53 ... thanks Wendy and John 20:07:02 ...IPR runs to Feb. 19 20:07:14 ...some issues, but no real PRs open 20:07:46 https://github.com/w3c/webauthn/issues/1522 20:08:18 selfissued has joined #webauthn 20:08:24 present+ 20:08:30 agl: I will reply to this, I don't think any changes are called for here 20:08:43 tony: you will reply, agl 20:08:50 agl: yes, net week we can take a look 20:08:59 tony: the rest are editorial. 20:09:08 ...most are assigned to Jeff. 20:09:35 ...any idea Jeff, which ones need work or punted 20:10:05 ...Jeff not present 20:10:27 agl: decide on a deadline, then work on these 20:10:49 tony: deadline of week before we exit PR? 20:10:53 ...or earlier 20:11:01 agl: I don't have a strong opinion 20:11:27 present+ agl, akshay, bill, davidturner, davidwaite, elundberg, johnbradley, nadalin, raerivera, sbweeden, tim 20:11:31 present+ 20:11:35 tony: that would give us 2 weeks or so 20:12:24 tony: we had one person who said they would submit issues, none have arrived so far. 20:12:50 ...we also have some issues un-triaged. 20:13:13 https://github.com/w3c/webauthn/issues/1544 20:13:38 tony: this is editorial. move to CR bucket? 20:13:50 ...not hearing any. move to CR status 20:14:05 https://github.com/w3c/webauthn/issues/1540 20:14:16 tony: this is about platform authenticators 20:14:25 ...shane, david have commented. 20:14:31 present+ 20:14:58 shane: don't think this fine grain authn detection being asked for will be examined 20:15:03 nina has joined #webauthn 20:15:07 tony: for llevel 3 20:15:12 shane: think it is a close 20:16:04 jeffH: I need to read this. 20:16:49 shane: think issue can be confusing here. it mixes products 20:17:49 elundberg: we have moved extensions, so this likely won't work 20:18:05 shane: I will file a comment and close 20:18:20 tony: that is the agenda for today 20:18:41 ...do need to talk about Level 3, if we continue need to re-charter 20:19:02 ...some things lined up for Level 3 20:19:06 https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL3-WD-01 20:19:28 ...what should we do here? what do we want to work on? Any changes to the charter 20:19:51 https://github.com/w3c/webauthn/issues/1514 20:20:26 agl: this is not on chrome's roadmap 20:20:41 akshay: not on windows roadmap 20:21:04 jbradely: was does anyone want to install such a thing. 20:21:21 ag: they are clear in implementing an authenticator 20:21:35 bradley: being an authenticator makes no sense, but could see platform 20:22:13 TimC: would fit with SIOP 20:23:23 tony: OIDC is discussing SIOP 20:23:52 on OIDC wg call, discussed SIOP (self-issued openid providers) + DIDs (+ WebAuthn?) 20:24:59 agl: I don't know of any motivation, but we don't have plans. 20:25:19 tonY: should this move to futures? 20:25:40 ...find what we want to do before we re-issue charter 20:26:30 dwaite: this isn't just about PWA, there is no facility to add functionality 20:26:48 tony: move to futures if we don't get specifics 20:27:16 ...moved to futures with consensus of group 20:27:41 tony: take on device loss 20:27:56 elundberg: yes, Yubico would like to do this 20:28:13 tony: silent authentication. Issue #199. any interst? 20:28:22 seflissue: I would not rule it out. 20:28:32 ...we have not worked on this. 20:28:50 tony: you don't want to rule it out 20:28:59 BillL: I would like to see it. 20:29:09 akshay: I like the look of this. 20:29:16 jbradely: might be used as a super cookie 20:29:33 dwaite: needs to be more like a normal cookie. 20:29:54 jeffH: what are the use cases. need to flesh this out 20:30:26 ...silence authentication has been more like brute force 20:30:45 tony: keep this a potential Level 3 20:31:13 tony: any other supporters for Level 3? 20:31:34 jbradley: look at use cases, and see if anything is there. 20:31:58 jeffH: we could punt to futures and then re-evaluate 20:33:10 wendy: re-charter to continue, pick up new patent policy, then amend scope 20:33:20 tonyu: cna w eput in scopre and not do it. 20:33:25 wendy: sure 20:34:35 tony: how about supporting software authenticators 20:34:50 eluncberg: seems to be like PWA 20:35:02 agl: this sounds like a platform concern and not an API 20:35:06 akshay: I agree 20:35:13 tony: close? futures? 20:35:18 akshay: close 20:35:26 agl: I also think close 20:36:07 jbradley: quickly here. it is a ctap issue. question, if ctap defined a software, could web authen recognize a platform authenticator 20:36:33 ...close and if there is interest we can re-evaluate if software authenticator came along 20:36:37 ...I would be against it. 20:37:20 agl: I can write something and close it. 20:37:39 tony: any objections 20:37:40 none 20:38:52 tony: issue #1255 20:39:01 jbradley: no real favor here. 20:42:11 tony: close? 20:42:26 ...any objection to move to futures 20:42:34 none 20:43:33 tony: add additional network transport? 20:43:54 agl: will not be a specific caBle into Web Authn 20:44:17 tony: so lleave in Level 3 and also include transport hints 20:44:34 ...transaction confirmation #1396 20:44:51 agl: no concrete plans, but don't want to close the door 20:45:13 BillL: would be nice to have a clear answer. part of PSD2 20:45:18 tony: any objections? 20:45:35 ...WG would decide on work - or not- later 20:50:02 agl: if we don't charter for this, we may get blocked on innovation later 20:50:08 tony: include ein charter. 20:50:35 ...#1372, shane? 20:51:01 shane: scenarios are suspect 20:51:54 https://github.com/w3c/webauthn/issues/1372 20:52:10 jbradlely: keep in charter, but we would have to decide on use cases 20:52:24 shane: have one, but not in web authn now 20:53:25 tony: put in scope and leave in futures? 20:53:31 no objections 20:53:51 ...that takes care of all the changes that would influence scope. 20:54:19 agl: can I throw something out - non-module UI 20:54:33 non-modal UI 20:54:44 tony: any objections to that at Level 3 20:54:55 ...could be a usability issues 20:55:18 jeffH: could add things to the options. 20:55:36 akshay: does this consider charter change 20:55:43 tony: usability folks may want to know 20:55:58 akshay: one more issue for charter? 20:57:32 ... extension of charter. PRF extension shat was removed from level 2, does not mention issue #1462 20:57:34 https://github.com/w3c/webauthn/issues/1462 20:58:00 ...put this back in the charter 20:58:12 tony: don't want to have this is charter, could be an issue 20:58:24 ...some think it belongs outside Web Authn 20:59:02 ..charter would be to include private key along with public key, maybe symetric keys, encryption? 20:59:29 jbradley: could this have objections for the charter. 20:59:43 ...this is some working items to include in new charter. 20:59:46 agl: timeline? 20:59:51 tony: end of Jan. 21:00:15 tony: adjorn 21:02:58 rrsagent, draft minutes 21:02:58 I have made the request to generate https://www.w3.org/2021/01/06-webauthn-minutes.html wseltzer 22:52:42 Zakim has left #webauthn