19:59:22 <RRSAgent> RRSAgent has joined #webauthn
19:59:22 <RRSAgent> logging to https://www.w3.org/2022/01/12-webauthn-irc
19:59:24 <Zakim> RRSAgent, make logs Public
19:59:25 <Zakim> Meeting: Web Authentication WG
20:00:33 <wseltzer> wseltzer has changed the topic to: Agenda 12 January https://lists.w3.org/Archives/Public/public-webauthn/2022Jan/0024.html
20:00:37 <wseltzer> Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2022Jan/0024.html
20:00:42 <wseltzer> chair: nadalin, fontana
20:01:01 <selfissued> selfissued has joined #webauthn
20:01:46 <selfissued> present+
20:02:06 <tara> tara has joined #webauthn
20:03:24 <tara> tara has left #webauthn
20:04:50 <jfontana> jfontana has joined #webauthn
20:06:53 <tara> tara has joined #webauthn
20:07:40 <dveditz> dveditz has joined #webauthn
20:07:50 <jfontana> does not look like this will resolve anytime soon.
20:07:58 <jfontana> could impact what we want to get done.
20:08:11 <jfontana> Wendy can you shed some light on us.
20:08:25 <jfontana> tony: I don't want to get into trouble
20:08:38 <jfontana> wnedy: still under esisting charter, we are free to work on
20:08:44 <jfontana>  the FO was rasied to re-charting
20:09:05 <jfontana> ...it is not about any specific to the group
20:09:21 <jfontana> ...spinning up a council to handle the FO (formal objection)
20:09:44 <jfontana> ...working with advisory board and TAG to make process efficient
20:09:56 <jfontana> ...hope to conclude in a few months
20:10:10 <jfontana> tony: so this slows work on level 3
20:10:29 <jfontana> wendy: can't go outside the current charter
20:10:40 <jfontana> tony: there are other groups going through this
20:10:47 <nsteele> nsteele has joined #webauthn
20:10:57 <nsteele> present +
20:11:02 <jfontana> agl: we had items in charter for level 3.
20:11:11 <jfontana> ...if you read level 2 everything is in that scope
20:11:36 <jfontana>  tony: we could say that almost anything
20:11:45 <jfontana> ...my concern if people come back and say this is not right
20:12:01 <jfontana> agl: it says we are in scope if you read it.
20:12:13 <jfontana> ...nothing in level 3 is going outside of that
20:12:45 <jfontana> ...I think it is plausible that we have a lot in scope
20:12:55 <jfontana> jeffH: I think adam has a good point
20:13:15 <jfontana> tony: there are things we could do, but some are fairly major items
20:13:28 <jfontana> agl: I think it is the chairs call
20:13:40 <jfontana> ...are thing that are essentially not level 2, but 3
20:14:03 <jfontana> tony: I would say backup and recovery are fairly major.
20:14:17 <jfontana> agl: conditional UI, how do you feel about that
20:14:41 <jfontana> tony: ambivalent about that, likely. I would say that is OK to contiue to work on
20:14:48 <jfontana> ...not a lot of new technical work
20:15:11 <jfontana> agl: device-bound key proposal is part of that, guess we have to pause that?
20:15:29 <jfontana> tony: if people don't agree, lets find that out
20:15:45 <jfontana> DWaite: work  that is in conflict is the work we sould avoid .
20:16:16 <jfontana> ...other features I don't see objection to other parts of charter
20:16:41 <jfontana> NSteele: feal there are channels we can continue to work on
20:17:02 <wseltzer> q+
20:17:11 <jfontana> tony: the draft charter is  out there.
20:17:12 <wseltzer> https://www.w3.org/2002/09/wbs/33280/webauthn2021/results
20:17:42 <jfontana> tony: the objection is not about our charter. It is just some procedure that has to go on to eliminate the FO
20:17:48 <wseltzer> s|https://www.w3.org/2002/09/wbs/33280/webauthn2021/results|Charter review ->https://www.w3.org/2002/09/wbs/33280/webauthn2021/results |
20:18:16 <jeffh> present+
20:18:25 <jfontana> present+
20:18:54 <selfissued> selfissued has joined #webauthn
20:19:30 <jfontana> wendy: we are called out in objection, but not specific to the contents of our charter
20:19:57 <jfontana> tony: seeing these objections being raised and then have them come back and say we were out of our charter
20:20:43 <jfontana> akshay: is it is snapshot or does it cover anything.
20:20:51 <jfontana> ...when will charter be finalized.
20:21:01 <jfontana> wendy: goal to get it done before march
20:21:04 <jfontana> ...plausible
20:21:35 <selfissued> present+
20:21:46 <jfontana> tony: my opinion would be to discuss things have issues, but now a PR on these issues. not merge
20:21:53 <jfontana> ...that was my interpretation
20:22:11 <jfontana> jeffH: working on pull requests are OK, but they don't land anywhere.
20:22:13 <selfissued> Could someone resend the objection link?  My IRC crashed.
20:22:44 <wseltzer> s|Could someone resend the objection link?  My IRC crashed.||
20:22:49 <jfontana> mmiller: charter process? how can this be derailed by one person.
20:22:53 <jfontana> ...how did this happen
20:22:58 <jfontana> tony: it is the process
20:23:22 <jfontana> tony: some of it is about equality
20:23:32 <jfontana> wendy: could be a feature or  a bug
20:24:16 <jfontana> ...twist here, W3C is evolving process from TBL conclusion to have a solution that goes beyond the current format
20:24:20 <wseltzer> s/could be a feature or  a bug
20:25:02 <jfontana> mmiller: if we follow letter of this, will we see anything on this before the issue is solved.
20:25:03 <wseltzer> s/could be a feature or  a bug/Our process requires us to address every formal objection/
20:26:17 <jfontana> tony: questionable state between level 2 and new level 3 charter.
20:27:03 <jfontana> ...we are  on a bit of an edge here
20:27:06 <matthewmiller> matthewmiller has joined #webauthn
20:27:09 <jfontana> ...I stick to my proposal
20:27:18 <jfontana> agL: I am OK with that
20:27:39 <jfontana> ...can't land in editors draft until this is resolved.
20:27:51 <jfontana> tony: I don't think we can get a formal review on this
20:28:36 <jfontana> dwaite: I feel OK proceeding the way Tony laid it out
20:29:12 <jfontana> ...things that are dealing with export of keys and other issues, just can't land work
20:29:22 <jfontana> selfissue: that sounds pragmatic to me.
20:29:40 <jfontana> tim: could take a big hit, may impact FIDO
20:29:46 <jfontana> tonuy: I see david and rae are on.
20:30:03 <jfontana> tony: there will be impact.
20:30:17 <jfontana> tony: 3 or 6 month delay could happen
20:31:07 <jfontana> tony: if no one objects than I think we should proceed as we have talked about
20:31:29 <jfontana> wendy: I will keep the group posted as we make progress
20:32:03 <jfontana> https://github.com/w3c/webauthn/pull/1663
20:32:12 <jfontana> jeffH: chipping away at this
20:32:37 <jfontana> ...I have some remaining items.
20:33:10 <jfontana> https://github.com/w3c/webauthn/pull/1576
20:33:16 <jfontana> jeffH: I think that is ready to go.
20:33:28 <jfontana> tony: we can do reviews and get sign-offs
20:33:45 <jfontana> agl: is conditional UI within scope?
20:33:49 <jfontana> tony: I would be fine with that.
20:34:11 <jfontana> jeffH: this has been reviewed as we have been going along
20:34:22 <jfontana> ...still need some reviews.
20:35:44 <jfontana> tony: https://github.com/w3c/webauthn/pull/1425
20:37:01 <jfontana> elundberg:   take a look at last couple of comments in #1640
20:37:22 <jfontana> ...it looks like we could unlock some things as browser features
20:37:50 <jfontana> ...thing this could also be tied to an authenticator feaure
20:37:54 <jfontana> ...feature
20:38:44 <dwaite> dwaite has joined #webAuthn
20:39:36 <jfontana> tony: we have some un-triaged issues
20:39:50 <jfontana> https://github.com/w3c/webauthn/issues/1687
20:39:58 <jfontana> jeffH: minor, editorial
20:40:48 <jfontana> elundberg: I can do this in the next couple of days. queue it up
20:41:13 <jfontana> tony: https://github.com/w3c/webauthn/issues/1688
20:42:31 <jfontana> shane: concern here is passkey issue. for RPs, the idea of supporting log-in where root of trust is cloud provider account alone is a scary thought
20:42:44 <jfontana> ...more of a state of mind. who has control of account?
20:44:12 <jfontana> ...ifd I am an RP that is adverse to passkeys, because losing control, then how do I do it with webauthn
20:44:44 <jfontana> alg: RPs that want some complexity in risk score, the solution is there in passkey.
20:45:21 <jfontana> ...things that are platform bound today will continue to be that
20:47:36 <jfontana> ...I understand the approach, but it would mean attestation is compulsory
20:52:11 <jfontana> agl: RPs that want to get extra stuff have to do more work, but think that is the right way
20:52:23 <jfontana> shane: I accept that point of view
20:52:46 <jfontana> ...I expect we will see more push back on this.
20:54:02 <jfontana> agl: this can be a big change. device bound key extension. still getting all things together.
20:59:09 <jfontana> tony: leave this one hanging right now.
20:59:29 <jfontana> shane: it looks destine to a close with an explanation.
20:59:47 <jfontana> tony: what is cadance for meetings. every two weeks?
21:00:03 <jfontana> Nsteele: two weeks is good for Web Authn CG
21:00:08 <jfontana> agl: keep it is same
21:00:23 <jfontana> ...stay in sync with FIDO TWG
21:01:09 <wseltzer> [adjourned]
21:02:05 <jfontana> rrsagent, make logs public
21:02:20 <jfontana> rrsagent: draft minutes
21:02:20 <RRSAgent> I have made the request to generate https://www.w3.org/2022/01/12-webauthn-minutes.html jfontana
21:02:51 <jfontana> Zakim, list attendees
21:02:51 <Zakim> As of this point the attendees have been selfissued, jeffh, jfontana
21:04:58 <jfontana> Additional attendees: M. Miller, N.Steel, D.Waite, M. Jones, W. Seltzer, Tony Nadalin,
21:05:13 <jfontana> Chairs: Nadalin, Fontana
21:05:55 <jfontana> *web page updated with minutes
21:06:08 <jfontana> Zakim, bye
21:06:08 <Zakim> leaving.  As of this point the attendees have been selfissued, jeffh, jfontana
21:06:08 <Zakim> Zakim has left #webauthn
21:06:25 <jfontana> rrsagent, bye
21:06:25 <RRSAgent> I see no action items