18:43:39 RRSAgent has joined #webauthn 18:43:39 logging to https://www.w3.org/2021/07/14-webauthn-irc 18:43:40 RRSAgent, make logs Public 18:43:41 Meeting: Web Authentication WG 18:43:42 Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2021Jul/0075.html 18:56:02 jfontana_ has joined #webauthn 18:56:20 present+ 19:00:02 elundberg has joined #webauthn 19:02:37 thank you, Wendy 19:03:21 addison has joined #webauthn 19:03:41 nsteele has joined #webauthn 19:03:53 present+ 19:04:08 present+ 19:04:10 nina has joined #webauthn 19:04:13 Charter: what is the target date for approval? 19:05:25 https://github.com/w3c/webauthn/pull/1630 19:05:50 tony: waiting for Mike to get on the call. Looks like he stated his concern in writing. 19:05:54 https://github.com/w3c/webauthn/pull/1622 19:06:53 jeff: I will put a flag on this, I said my peace 19:06:56 https://github.com/w3c/webauthn/pull/1621 19:07:13 elundberg: t his is a work in progresss 19:07:28 tony: shane, are your issues answered? 19:07:32 matthewmiller has joined #webauthn 19:07:34 shane: I will check it again. 19:07:41 https://github.com/w3c/webauthn/pull/1676 19:07:51 tony: work in progress? 19:08:05 jeff: yes, in progress 19:08:10 https://github.com/w3c/webauthn/pull/1425 19:08:19 tony: work in progress 19:08:22 ? 19:08:48 elundberg: yes, in progress 19:08:52 https://github.com/w3c/webauthn/pull/1649 19:09:37 elundberg: This would merge into PR #1621. 19:09:49 ...wnat to do as part of #1621 19:09:57 jeff: yes, we should do this. 19:10:08 selfissue: I will look at it 19:10:14 jbradley: I will look 19:12:06 selfissued has joined #webauthn 19:12:19 present+ 19:12:32 present+ 19:13:23 https://github.com/w3c/webauthn/issues/1646 19:13:34 agl: think we should wait to end, things will change 19:13:57 Addison: happy to discuss 19:14:03 tony: what do you want us to do? 19:14:26 addision: work out right guidance for language metadata 19:14:34 ...some editorial problems 19:14:45 agl: no one is going to implement it 19:15:10 addision: lets work out best way to fix the metadata issue 19:15:18 agl: do PR for the old chain. 19:15:32 ...there is one field and can only be one. 19:16:01 ...we were trying to accommodate everything you specified. 19:16:07 addison: what is the best way to start 19:16:19 agl: we will adopt what you recommend 19:16:26 ...I could trun something into a PR 19:16:35 addison: Ok 19:17:04 ...I want to make sure we don't recommend something is a non-starter 19:17:22 agl: it is unlikely for chrome to implement this. 19:17:40 ...we have not heard concerns 19:17:51 ...I only speak for chrome 19:18:51 jbradley: some issues. RP has to know what serialization 19:20:57 addison: if we come up with proposed it looks like it needs to be a single field 19:21:06 jbradley: we cold have a metadata field 19:22:53 tony: Addision can you open a new PR? Do you want this in a first working draft 19:23:30 tony: we will deal with the five issues after that 19:23:37 I requested changes to the tokenBinding PR in https://github.com/w3c/webauthn/pull/1630#pullrequestreview-706636912 19:23:54 addsion: let us know if you have questions or issues. 19:23:59 ...we will track 19:24:13 https://github.com/w3c/webauthn/issues/1640 19:25:05 akshay: we want to do this at scale. 19:25:36 ...#1614 is very much separated into its own issue, because it talks about syncing keys 19:25:50 ...this is more about how you do the recovery 19:26:09 ...#1640 more about RPs 19:28:33 tony: we haven't had this issue like web payments have, but we have had lots of discussion with Anders 19:28:46 ...leave this open 19:28:53 https://github.com/w3c/webauthn/issues/1639 19:29:19 agl: the answer is in #1637 19:29:43 ...lets wait for comments then we can resolve 19:29:47 https://github.com/w3c/webauthn/issues/1638 19:29:55 tony: this is Anders 19:30:14 agl: #1637 may resolve this 19:30:21 ...help resolve this 19:30:48 https://github.com/w3c/webauthn/issues/1637 19:30:59 agl: this is quite large, people need time to read 19:31:33 ...goal is to use web authn to replace passwords 19:32:07 ...we think backup in on phones. we layout design of how phones can be used an authenticators 19:32:53 ...there are ecosystems. apple, android, windows, etc. 19:33:02 tony: this is across ecosystems 19:33:32 agl: you could send assertion across eco-systems 19:33:46 ...see useful changes in web authn 19:33:55 ...largest one is conditional UI 19:33:59 ...we are updating it. 19:34:05 ...adding auto complete 19:35:07 ...we think this makes sense 19:35:21 ...bits to fill in - want transport in assertion 19:36:13 ...what we are saying we will tell websites to put cred IDs in exclude list. 19:36:21 ...we will tell website valid state error 19:36:49 ...re-authentication is best prractice. 19:37:10 ...upgrade to web-authn is a suggestion; read 19:41:34 ...akshay has a follow-up and people should read that. 19:42:28 MMiller: lot of these things are addressed, there are some mentions of specific options; are we getting in realm of magical options 19:42:50 ...do these options work, that is a question 19:43:25 ...report signaling, intent is they are immediate signals to help sync authnticators 19:44:35 agl: I think these options make sense, I don' t think they are magical 19:48:17 agl: whole issues assume discoverable credentials, think this is best for consumers 19:51:08 https://github.com/w3c/webauthn/issues/1637 19:51:17 present+ 19:52:07 akshay: has soem concerns, discoverable vs. non-discover; preventing intentional overwrites, but most of signals here we support 19:52:28 ...we do have some differences of opinions 19:52:46 ...and for some definitions 19:53:13 ...by and large we looked at issues, and we noted some patterns we need to solve 19:53:28 ...it is mostly about mass adoption. 19:53:59 tony: time frame, seems like big change 19:54:36 agl: we will work on getting everything discussed, some will be longer than others. 19:55:07 ...want this to land this calendar year 19:55:28 elundberg: this seems like a reasonable ides, we have to look at it. 20:01:13 jbradley: we should talk about what durable means. 20:04:36 tony: when do we run out of re-charter time 20:04:53 wendy: Dec. 31 20:05:00 tony: what is target date? 20:05:30 ...want end of august 20:05:41 akshay: we want to start sooner, sooner the better 20:06:17 tony: try to close on charter at the next meeting. 20:07:48 rrsagent, make logs public 20:08:03 rrsagent, draft minutes 20:08:03 I have made the request to generate https://www.w3.org/2021/07/14-webauthn-minutes.html jfontana_ 20:09:51 *minutes updated 20:10:07 Zakim, list attendees 20:10:07 As of this point the attendees have been jfontana_, nsteele, addison, selfissued, matthewmiller, jeffh 20:10:22 chair: Nadalin, Fontana 20:10:26 present+ 20:10:32 rrsagent, draft minutes 20:10:32 I have made the request to generate https://www.w3.org/2021/07/14-webauthn-minutes.html wseltzer 22:25:47 Zakim has left #webauthn