Web Authentication WG

03 March 2021


agl, akshaykumar, davidturner, davidwaite, dveditz, elundberg, jeffh, jericks, jfontana, johnbradley, matthewmiller, Nadalin, nina, nsteele, raerivera, sbweeden, selfissued, timcappalli, wseltzer

Meeting minutes

Tony: does L2 supersede or does L1 stay around

agl: yes.

tony: supersede means depricate

agl: there are no users for the extensions, L1

selfissue: we should deprecate
… normal part of process.

tony: we don't change the L1 spec, we don't have a pointer

<wseltzer> PROPOSED: L2 Supersedes L1

Resolution: L2 Supersedes L1

tony: so we want to go supersede.

wendy: the patent policies for L1 remain in place.

bradley: reference in IANA registry.

tony: nothing left for CR
… some open issues for L3,
… I have not finished the charter.
… a draft will be posted.
… we are not merging any pull requests, just sorting out what we have.


elundberg: if we do this, we should keep in the RP updates

selfissue: for this to work you would have to update all Web authn clients to do this

agl: agents and servers, yes

selfissue: close and say will not do

agl: needs more explaining, justification

tony: nick will you do this and close it?

nickS: yes

nickS: I don't know if Rolf has any interest in taking this on

tony: he can re-open if he wants.


elundberg: no updates right now.


jeffH: still interested


tony: talking about payments in general.

URL correction: https://github.com/w3c/webauthn/issues/1570


agl: we have a whole series of issues on github. boil down to re-auth does not work

tony: shold re-auth be in level 3

agl: it does not work, but might want to address in L3

tony: can we get a generic issue on this one.

jeffH: we could add something to the charter.
… a blanket issue to cover all of them

bradley: we support re-auth, it is about improving or streamlining

agl: it's a bad UX


akshay: we need #1569 #1567 #1559 all of these

bradley; need to look at #554. what to do now that token binding is dead



JeffH: HSTS was a patch, we are defaulting to secure connections


agl: multiple keys, yes, interested

selfissue: MSFT supports as well
… could be used for recovery or migration

tony: non modal UI

jeffH: yes.


tony: does anyone not support going ahead with this



mattM: I guess I can take this one.
… sure

NickS: will help coordinate.


tony: this was a google one originally

shane: thought platform authenticators are device bound

agl: I think we can close this.

tony: agl can you close


jeffH: close it
… clear out PR and issue

tony: this covers all the major enhancements we want to do.
… anything else.

bradley: https://github.com/w3c/webauthn/issues/1446
… don't think it needs to be in charter.
… a new version of CTAP will catch up to it.

selfissues: fine for charter to include new algorithm work and it does not get done.

agl: should not happen by charter

tony: what do we say in charter; additional curves

bradley: additional work on algorithm agility

tony: this is all I have.

tony: should we pause until PR is done
… take next week off and meet the following.
… so meet again on the 17th
… ?
… concerns?
… skips the 10th and meet on the 17th

jeffH: sounds fine as proposed.

tony: adjourn

Summary of resolutions

  1. L2 Supersedes L1
Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).


Succeeded: s/sounds like a warning :-)//

No scribenick or scribe found. Guessed: jfontana

Maybe present: akshay, bradley, mattM, nickS, selfissue, selfissues, shane, Tony, wendy