Web Authentication WG

3 February 2021


agl, akshay, davidturner, davidwaite, elundberg, jeffh, jfontana, johnbradley, nadalin, nina, nsteele, rae, selfissued, timcappalli, wseltzer
Fontana, Nadalin

Meeting minutes

tony: last week , thinking about move to PR
… any objection in moving to PR?
… no objections
… can do this before the IPR ends.

wendy: only IRP related timing is exclsion be over by the time we are ready to pub the recommendation

tony: one more thing. re-naming the master branch
… do this after we go to level 2 - after we pass recommendation

selfissue: this can be very disruptive, lets finish before we have to start over.

wendy: no problem. seems like good time to make updates

tony: we will do this before we go Level 3

tony: any progress on 7 open editorial issues
… close or punt?
… some untrained issues.

<jeffh> untriaged issues: https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+no%3Amilestone


bradley: contact NIST and work with them


tony: pause for procedural issue
… we have request for invited expert

selfissue: qualificaitions?


jeffH: step 12 is the issue, we already do that
… I suggested getting his hands on the credential
… this looks like editorial, or even do we need to clarify

tony: we can make it a CR or PR item

jeffH: triage to REC and call it editorial

wendy has extended offer to invited expert


breadley: this sounds more like a deployment issue

tony: put it in notes and milestones

bradley: other things like transport to consideer


jeffH: this is a process one; do we need to do this for L2 REC?

wendy: will it be taken as an objection if it is not done.
… could it rise to level of formal objection

agl: can we address this

tony: suggest we do 2 and 3 with eye on getting to recommendation

jeffH: we should get this done.

bradley: we should figure out now many how to distribute work on non-modal UI, and authenticator sync credentials
… non-modal is in Web Authn

agl: we have hopes and ideas at this point.

bradley: time frame?

agl: in the next few months.
… dual 🔑 and non modal

bradley: dual key thing raises what is priority for our current 🔑 recovery proposal

agl: if it makes sense is up to your. both can exist

bradley: if not implemented in platforms, it cold be a waste of time.

agl: it is not our primary thrust for key recovery for masses
… bigget concern is RP support

bradley: will they support more than one method

nickS: at duo, recovery was main issu.

elundberg: might be nice to have a protocol, as an ideology thing.
… then we would have combo of open standard and an extension to that standard.
… more on an ideology levle

bradley: is there something is emil's proposal that would work.

elundberg: dual issue?

agl: could have more than one key, key that is synchronized and one that does not
… leave the platform

that is issue #1546


bradley: may be something here for roaming authenticators.
… authenticators that are not synced may be able to use same path for key recovery
… could be some alignment for key recovery schemes

tony: anything else?

tony: adjorn

Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).


Succeeded: s/q_//

No scribenick or scribe found. Guessed: jfontana

Maybe present: bradley, breadley, nickS, selfissue, tony, wendy