Web Authentication WG

21 April 2021


agl, akshay, Bill, elundberg, jeffh, jfontana, johnbradley, Martin, matthewmiller, nadalin, nsteele, sbweeden, wseltzer, Yuriy

Meeting minutes

Tony: TPAC 2021 set. Virtual.

wendy: breakout and cross group meetings.
… oct.

tony: wendy, are we set for first proposed working draft. we are set to go.


jeffH: signed off on this


tony: wendy merge



jeffH: think what they want is not good for FIDO, Web Authn

agl: what about PR extension

jeffH: depends on all the use cases, do they snowball out of control

aksay: there are some use cases. we want raw signature.
… I don't have a complete use case in my mind

jbradley: not directly related.

mmiller: want to use a key like for a lock box.

jeffH: we have cred blob to link this.

agl: cred blob in in CTAP spec

<wseltzer> wseltzer: WebAppSec is considering putting webcrypto updates into charter scope

jbradley: prf extension or some derivation seems like thing to do

jeffH: do we want to go in the web crypto direction?

akshay: CTAP 2 and 2.1 will have this extension.
… I don't see web crypto being changed

agl: i offer to write something on this bug

tony: thank you.


elundberg: need to consider the output value

agl: this working says you can specify using null. might be a chrome bug

jeffH: think this is webIDL funky-ness

elundberg: to make it null the definition should be followed by question mark

jeffH; yes.

agl: the wording in the spec is wrong.

elundberg: my understanding.

agl: next week we can decide what the change is - web authn or chrome

agl: this comes from 1536 was issues, 1537 was PR

elundberg: clarify it may be null in response but not in the request
… I can summarize in an Issue

tony: reminder two weeks until next meeting - May 5

Minutes manually created (not a transcript), formatted by scribe.perl version 127 (Wed Dec 30 17:39:58 2020 UTC).


No scribenick or scribe found. Guessed: jfontana

Maybe present: aksay, jbradley, mmiller, Tony, wendy