Meeting minutes
tony: does not look like charter will be resolved anytime soon.
...could impact what we want to get done.
...Wendy can you shed some light on us.
wendy: still under esisting charter, we are free to work on
... the FO was rasied to re-charting
… it is not about any specific to the group
… spinning up a council to handle the FO (formal objection)
… working with advisory board and TAG to make process efficient
… hope to conclude in a few months
tony: so this slows work on level 3
wendy: can't go outside the current charter
tony: there are other groups going through this
agl: we had items in charter for level 3.
… if you read level 2 everything is in that scope
tony: we could say that almost anything
… my concern if people come back and say this is not right
agl: it says we are in scope if you read it.
… nothing in level 3 is going outside of that
… I think it is plausible that we have a lot in scope
jeffH: I think adam has a good point
tony: there are things we could do, but some are fairly major items
agl: I think it is the chairs call
… are thing that are essentially not level 2, but 3
tony: I would say backup and recovery are fairly major.
agl: conditional UI, how do you feel about that
tony: ambivalent about that, likely. I would say that is OK to contiue to work on
… not a lot of new technical work
agl: device-bound key proposal is part of that, guess we have to pause that?
tony: if people don't agree, lets find that out
DWaite: work that is in conflict is the work we sould avoid .
… other features I don't see objection to other parts of charter
NSteele: feal there are channels we can continue to work on
tony: the draft charter is out there.
<wseltzer> Charter review
tony: the objection is not about our charter. It is just some procedure that has to go on to eliminate the FO
wendy: we are called out in objection, but not specific to the contents of our charter
tony: seeing these objections being raised and then have them come back and say we were out of our charter
akshay: is it is snapshot or does it cover anything.
… when will charter be finalized.
wendy: goal to get it done before march
… plausible
tony: my opinion would be to discuss things have issues, but now a PR on these issues. not merge
… that was my interpretation
jeffH: working on pull requests are OK, but they don't land anywhere.
mmiller: charter process? how can this be derailed by one person.
… how did this happen
tony: it is the process
tony: some of it is about equality
wendy: Our process requires us to address every formal objection
… twist here, W3C is evolving process from TBL conclusion to have a solution that goes beyond the current format
mmiller: if we follow letter of this, will we see anything on this before the issue is solved.
tony: questionable state between level 2 and new level 3 charter.
… we are on a bit of an edge here
… I stick to my proposal
agL: I am OK with that
… can't land in editors draft until this is resolved.
tony: I don't think we can get a formal review on this
dwaite: I feel OK proceeding the way Tony laid it out
… things that are dealing with export of keys and other issues, just can't land work
selfissue: that sounds pragmatic to me.
tim: could take a big hit, may impact FIDO
tonuy: I see david and rae are on.
tony: there will be impact.
tony: 3 or 6 month delay could happen
tony: if no one objects than I think we should proceed as we have talked about
wendy: I will keep the group posted as we make progress
https://
jeffH: chipping away at this
… I have some remaining items.
https://
jeffH: I think that is ready to go.
tony: we can do reviews and get sign-offs
agl: is conditional UI within scope?
tony: I would be fine with that.
jeffH: this has been reviewed as we have been going along
… still need some reviews.
tony: https://
elundberg: take a look at last couple of comments in #1640
… it looks like we could unlock some things as browser features
… thing this could also be tied to an authenticator feaure
… feature
tony: we have some un-triaged issues
https://
jeffH: minor, editorial
elundberg: I can do this in the next couple of days. queue it up
tony: https://
shane: concern here is passkey issue. for RPs, the idea of supporting log-in where root of trust is cloud provider account alone is a scary thought
… more of a state of mind. who has control of account?
… ifd I am an RP that is adverse to passkeys, because losing control, then how do I do it with webauthn
alg: RPs that want some complexity in risk score, the solution is there in passkey.
… things that are platform bound today will continue to be that
… I understand the approach, but it would mean attestation is compulsory
agl: RPs that want to get extra stuff have to do more work, but think that is the right way
shane: I accept that point of view
… I expect we will see more push back on this.
agl: this can be a big change. device bound key extension. still getting all things together.
tony: leave this one hanging right now.
shane: it looks destine to a close with an explanation.
tony: what is cadance for meetings. every two weeks?
Nsteele: two weeks is good for Web Authn CG
agl: keep it is same
… stay in sync with FIDO TWG
<wseltzer> [adjourned]
rrsagent: draft minutes