Web Authentication WG

06 January 2021


agl, akshay, bill, davidturner, davidwaite, elundberg, jeffh, jfontana, johnbradley, nadalin, raerivera, sbweeden, selfissued, tim, wseltzer

Meeting minutes

tony: we have entered into CR
… We have started IPR process
… thanks Wendy and John
… IPR runs to Feb. 19
… some issues, but no real PRs open


agl: I will reply to this, I don't think any changes are called for here

tony: you will reply, agl

agl: yes, net week we can take a look

tony: the rest are editorial.
… most are assigned to Jeff.
… any idea Jeff, which ones need work or punted
… Jeff not present

agl: decide on a deadline, then work on these

tony: deadline of week before we exit PR?
… or earlier

agl: I don't have a strong opinion

tony: that would give us 2 weeks or so

tony: we had one person who said they would submit issues, none have arrived so far.
… we also have some issues un-triaged.


tony: this is editorial. move to CR bucket?
… not hearing any. move to CR status


tony: this is about platform authenticators
… shane, david have commented.

shane: don't think this fine grain authn detection being asked for will be examined

tony: for llevel 3

shane: think it is a close

jeffH: I need to read this.

shane: think issue can be confusing here. it mixes products

elundberg: we have moved extensions, so this likely won't work

shane: I will file a comment and close

tony: that is the agenda for today
… do need to talk about Level 3, if we continue need to re-charter
… some things lined up for Level 3

<jeffh> https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL3-WD-01

tony: what should we do here? what do we want to work on? Any changes to the charter

<jeffh> https://github.com/w3c/webauthn/issues/1514

agl: this is not on chrome's roadmap

akshay: not on windows roadmap

jbradely: was does anyone want to install such a thing.

ag: they are clear in implementing an authenticator

bradley: being an authenticator makes no sense, but could see platform

TimC: would fit with SIOP

tony: OIDC is discussing SIOP

<jeffh> on OIDC wg call, discussed SIOP (self-issued openid providers) + DIDs (+ WebAuthn?)

agl: I don't know of any motivation, but we don't have plans.

tonY: should this move to futures?
… find what we want to do before we re-issue charter

dwaite: this isn't just about PWA, there is no facility to add functionality

tony: move to futures if we don't get specifics
… moved to futures with consensus of group

tony: take on device loss

elundberg: yes, Yubico would like to do this

tony: silent authentication. Issue #199. any interst?

seflissue: I would not rule it out.
… we have not worked on this.

tony: you don't want to rule it out

BillL: I would like to see it.

akshay: I like the look of this.

jbradely: might be used as a super cookie

dwaite: needs to be more like a normal cookie.

jeffH: what are the use cases. need to flesh this out
… silence authentication has been more like brute force

tony: keep this a potential Level 3

tony: any other supporters for Level 3?

jbradley: look at use cases, and see if anything is there.

jeffH: we could punt to futures and then re-evaluate

wendy: re-charter to continue, pick up new patent policy, then amend scope

tonyu: cna w eput in scopre and not do it.

wendy: sure

tony: how about supporting software authenticators

eluncberg: seems to be like PWA

agl: this sounds like a platform concern and not an API

akshay: I agree

tony: close? futures?

akshay: close

agl: I also think close

jbradley: quickly here. it is a ctap issue. question, if ctap defined a software, could web authen recognize a platform authenticator
… close and if there is interest we can re-evaluate if software authenticator came along
… I would be against it.

agl: I can write something and close it.

tony: any objections


tony: issue #1255

jbradley: no real favor here.

tony: close?
… any objection to move to futures


tony: add additional network transport?

agl: will not be a specific caBle into Web Authn

tony: so lleave in Level 3 and also include transport hints
… transaction confirmation #1396

agl: no concrete plans, but don't want to close the door

BillL: would be nice to have a clear answer. part of PSD2

tony: any objections?
… WG would decide on work - or not- later

agl: if we don't charter for this, we may get blocked on innovation later

tony: include ein charter.
… #1372, shane?

shane: scenarios are suspect


jbradlely: keep in charter, but we would have to decide on use cases

shane: have one, but not in web authn now

tony: put in scope and leave in futures?

no objections
… that takes care of all the changes that would influence scope.

agl: can I throw something out - non-module UI

<jeffh> non-modal UI

tony: any objections to that at Level 3
… could be a usability issues

jeffH: could add things to the options.

akshay: does this consider charter change

tony: usability folks may want to know

akshay: one more issue for charter?
… extension of charter. PRF extension shat was removed from level 2, does not mention issue #1462

… put this back in the charter

tony: don't want to have this is charter, could be an issue
… some think it belongs outside Web Authn
… charter would be to include private key along with public key, maybe symetric keys, encryption?

jbradley: could this have objections for the charter.
… this is some working items to include in new charter.

agl: timeline?

tony: end of Jan.

tony: adjorn

Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).


No scribenick or scribe found. Guessed: jfontana

Maybe present: ag, BillL, bradley, dwaite, eluncberg, jbradely, jbradlely, jbradley, seflissue, shane, TimC, tony, tonyu, wendy