W3C

– DRAFT –
Web Authentication WG

24 March 2021

Attendees

Present
dveditz, jeffh, jfontana, nsteele, plh, wseltzer
Regrets
-
Chair
-
Scribe
jfontana

Meeting minutes

<wseltzer> plh: director expects an updated implementation report before move to Rec

<wseltzer> ... if we have testable assertion in the spec, get tests into WPT

<wseltzer> ... Do we have tests for the new high-level features as described in CR transition

<wseltzer> agl: when chromium implements, we add web platform tests

<wseltzer> ... so those we implement should have tests

<wseltzer> plh: it looks as though we have tests for all but attestation

<wseltzer> sbweeden: we've tested but not in automated manner

<wseltzer> agl: enterprise attestation tests woudl require webdriver changes

<wseltzer> plh: please provide info in response to my email

tony: suggestions comments on charter?
… anymore, I can get it together and push it out
… ok, some issues to look at

jeffH: charter, we do have a label for feature proposal, we likely have to put all issues in.
… update credential metadata
… issue #\1200
… also #14560 from D.Waite

correcrtion #1560

dwaite: push is to have RP take responsibility.
… i don't have a solution; kicking off discussion

tony: need some general terms to define problem

jfeffH: RP driven cred cleanup

agl: this is an enterprise thing.
… we may have a mechanism to use with this.

tony: back to https://github.com/w3c/webauthn/issues/1586
… this is for L3?
… get around in L2

jeffH: do we need to think about this somemore.

tony: where do we put it>

we are back at https://github.com/w3c/webauthn/issues/1560

agl: we could say deletion of creds

jeffH: sounds good

tony: https://github.com/w3c/webauthn/issues/1586
… blob and web driver

jeffH: it's a PR

https://github.com/w3c/webauthn/issues/1587

jeffH: looks like a cleanup for L3

https://github.com/w3c/webauthn/issues/1580

jbradley: they want to do remote bio-metrics and layer on web authn
… we don't do that, or maybe that is done under a separate API

agl: you mean biometrics off device?

jbradley: yes

agk: biometrics don't leave the device

correction: agl

jeffH: they show they are at odds with FIDO principless

jbradley: who wants to close this.

akshay: back to #1580

nsteele: we can suggest not do it.

tony: can put verbiage in the document

dwaite: we should say something about this proposal.

jbradley: fido is clear you can't do biometric off the device
… authenticator

nsteele: will come down to browsers and hardware

akshay: we may want to look if we need something more; let's leave it open

tony: we can make an issue if we need to.

elundberg: #1587 I missed some of that.

tony: didn't miss it

Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).

Diagnostics

Succeeded: s/1580/1587/

No scribenick or scribe found. Guessed: jfontana

Maybe present: agk, agl, akshay, correction, dwaite, elundberg, jbradley, jfeffH, tony