Web Authentication WG

10 February 2021


agl, akshay, davidturner, elundberg, jeffh, jeremyerickson, jfontana, johnbradley, matthewmiller, mmiller, nadalin, nina, ninasatragno, nsteele, raerivera, sbweeden, selfissued, timcappalli, wseltzer
Fontana, Nadalin

Meeting minutes

tony: untriaged issues.

<nsteele> if I put a 🍔 emoji in the logs will zakim parse it properly


tony: don't this this will block PR, can assign to futures.
… close or move to open status

MMiller: keep it open and close it out in the future.


jeffH: in ctap 2.1 can manage discoverable credentials - this is not the web authn level

tony: wait for a response?

jeffH: wait for David.
… to respond

<mmiller> There we go

akshay: this is food for thought here
… delete it.


tony: seems like a deployment issue

nickS: I can flag this and discuss next week. I can chat with felix in CG


tony: go back to #1565


akshay: this is a newe API, something more for browsers to adapt

agl: can't get rid of the old name.

jeffH: in the actual api

akshay: close this is my suggestion

tony: any others?

mmiller: does levl 2 introduce the idea, is that the confusion

agl: resident keys have confused some people, we tried to clarify, but ran into old fields
… want to support browsers that don't know Level 2

jefh: we did not change web IDL

mmiller: level 2 mandates values

<selfissued> I also suggest we close this

bradley RP still needs to send the old values for the old browsers

<selfissued> This would make things worse - not better

jeffH: we have a futures catchall

tony: let's put it there


tony: need apple on the call

nickS;can submit to webkit. I will close this


akshay: trying to create credential, need exclude list.

tony: close?

agl: don't think we should. Lucas is github, if they are struggling, others will

bradely: don't want to ask user to re-authenticate, this goes back to our past, have a hybrid-command

agl: what is the concrete use case?

nickS: I think this is a specific implementation issue

agl: let's reply and ask

mmiller: lots of RPs will struggle here from a naming perspective

bradley: i think this is more for re-authenticate. does not make sense for make credential
… or before it happens

bradley: let's find out what he wants.=

nicks: I will follow up with him. and have him submit apple bug to webkit


akshay: I think this is probably not needed.

agl: is lack of android support the crux here
… yes

mmiller: what is going on here?

bradely: android does not support discoverable creds or CTAP2

tonhy: what do we do with #1568
… move to futures

agl: L3?

tony: move to L3


akshay: I need to look more on this, will follow-up
… earlier, can add external key, did not specify transport. all keys are second factor. problem is we dont' have all the info. we need

tony: akshay will follow-up

jeeffH: do we need more information from cred props

selfissue: these all seem like L3 issuese

tony: I think we are done with open issues and triaged issues
… two to follow up on #1560 and #1566. won't impact L2

Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).


No scribenick or scribe found. Guessed: jfontana

Maybe present: bradely, bradley, jeeffH, jefh, nickS, selfissue, tonhy, tony