17:18:37 RRSAgent has joined #webauthn 17:18:37 logging to https://www.w3.org/2021/01/20-webauthn-irc 17:18:39 RRSAgent, make logs Public 17:18:40 Meeting: Web Authentication WG 17:18:46 Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2021Jan/0030.html 17:18:55 rrsagent, please stay 19:56:05 jyrossi has joined #webauthn 20:00:05 jfontana has joined #webauthn 20:01:30 elundberg has joined #webauthn 20:01:36 present+ elundberg 20:04:32 present+ 20:05:40 present+ 20:05:54 nsteele has joined #webauthn 20:06:01 present+ 20:08:30 https://github.com/w3c/webauthn/issues/1547 20:08:45 https://github.com/w3c/webauthn/issues/1510 20:08:48 tony: this is associated with #1510, look at this. 20:10:21 https://github.com/w3c/webauthn/issues/1510 20:10:37 tony: I don't think this warrants a change; other opinions? 20:11:18 akshay: I have to finish reading, but this UV options we have are not per-cred basis in get assertion 20:12:07 ...he seems to be proposing do the credential thing first, but can't release the U2F cred 20:12:23 ...I don't think this changes anything from the spec perspective. 20:12:41 JeffH: our thought was there is a mis-understanding. 20:13:01 ...we were going to try and clarify. 20:13:16 tony: he has a PR, should we undertake this in CR 20:13:19 jeffH: no 20:13:22 akshay: no 20:13:30 tony: so no editorial chang for CR 20:13:44 jeffH: I have not gone through this with a fine tooth comb 20:13:58 tony: so you think this is not warranted for CR 20:14:07 jeffH: given pushback from Shane, Emil.... 20:14:34 Shane: it's a very wordy description of the problem. I'm struggling with the description 20:14:47 ...the user experience and scenario 20:14:59 ..I am re-reading it 20:15:40 ...initially I thought it was a misconception binding vs. ceremony 20:16:12 jeffH: he wrote a long blog post to go with it. I have not read that yet. 20:16:25 shane: need to do this before we take it on. 20:16:46 elundberg: I don't think we need any normative changes now 20:17:01 ...he proposed a technical change. 20:17:14 ...I don't see change for CR 20:17:32 ...probably solved bypass cred protect in CTAP 20:18:06 jbradley: I think he thinks web authn works in a different way than it does 20:19:13 ...we have looked at user verificaiton. don't think we can do it for L2 20:19:25 tonhy: but is this a web auth or ctap issue 20:19:55 jbradley: i don't think that it is CTAP 20:20:34 ...is user verified preferred the best wording, we need RPs to understand/enforce this 20:20:54 ...people are getting confused, can we solve that editorially 20:21:06 ...but not something we can do in Level 2 20:21:48 ...sites that don't check at all end up with UX that can confuse people 20:21:53 akshay: it's not a spec issue 20:22:06 elundberg: default is a spec issue. 20:22:52 jbradly: this comes up every other week. was pin in, 20:23:38 ...maybe not have default prompt user for PIN when there isn't one. 20:24:42 akshay: I don't think this is a spec issue. 20:25:11 jeffH: lets not do anything for this issue for Level 2, clarify in adoption issues 20:25:30 ...maybe make an editorial update in L3 and straighten it out. 20:25:40 tony: give one extra week to look at this 20:25:56 jeffH: other methods to get adoption issues out. 20:26:18 nickS: I need to find the time to look closer at it 20:26:33 tony: make a decision next week. That sound OK. 20:26:37 jeffH: that sounds good. 20:26:58 https://lists.w3.org/Archives/Public/public-webauthn/2021Jan/0018.html 20:27:05 nina has joined #webauthn 20:27:18 tony: this is all out of scope 20:27:19 Denis Pinkas' comments on webauthn L2 CR 20:27:36 ...some of this will be taken on in Level 3 20:28:27 tony: put this off - define authenticator more thoroughly 20:28:59 elunberg: not sure we need a definition in the definition section. 20:29:16 jeffH: only used in section 11 20:29:28 ...northing to do for L2 20:33:14 lookin at email https://lists.w3.org/Archives/Public/public-webauthn/2021Jan/0018.html 20:33:59 gong through numbered sections 20:34:34 jeffH: in item 6 something to fix. 13.4 is not appearing in spec 20:34:44 elundberg: was there any content? 20:35:03 jeffH: thought we had some; can't find it now 20:35:09 selfissued has joined #webauthn 20:35:14 present+ 20:35:59 jeffH: there is no content here. 20:36:18 tony: is this something to work on? 20:36:26 jeffh: editorial, we should clean it up. 20:36:39 jbradley: gete rid of section numbers or come up with some text. 20:36:57 jeffH: look back at this and see if something was deleted. 20:37:22 jeffH: I will submit an issu 20:37:26 ...issu 20:37:30 ..issue 20:37:40 tony: number 7 in this list? 20:37:56 elundberg: I will open an issue for this 20:38:32 tnoy: anything else 20:38:58 ...next week we will figure out #1547 20:39:21 ...should not do fix for L2 20:40:23 ...reach out and see if he wants to join, but this is a normative change 20:40:30 tony: I will reach out 20:40:59 ...group seems to be saying we won't take his approach to fix this - so no IPR issue. 22:16:49 rrsagent, draft minutes 22:16:49 I have made the request to generate https://www.w3.org/2021/01/20-webauthn-minutes.html wseltzer 22:16:59 rrsagent, make logs public 22:17:13 rrsagent, draft minutes 22:17:13 I have made the request to generate https://www.w3.org/2021/01/20-webauthn-minutes.html wseltzer 22:17:21 chair: Nadalin, Fontana 22:17:22 rrsagent, draft minutes 22:17:22 I have made the request to generate https://www.w3.org/2021/01/20-webauthn-minutes.html wseltzer 22:38:38 Zakim has left #webauthn