18:45:14 RRSAgent has joined #webauthn 18:45:14 logging to https://www.w3.org/2022/02/09-webauthn-irc 18:45:16 RRSAgent, make logs Public 18:45:17 Meeting: Web Authentication WG 18:45:18 Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2022Feb/0016.html 20:00:07 jfontana has joined #webauthn 20:02:21 * thank you 20:03:45 present= 20:04:26 present+ wseltzer, agl, akshay, andre, davidturner, jpascoe, johnbradley, jfontana, nadalin, kenbuchanan, nicksteele, sbweeden, timcappalli 20:04:29 present+ 20:04:55 dveditz has joined #webauthn 20:05:17 nadalin: Week of June 6, RSA, still considering a Thurs/Fri F2F 20:05:22 tony: Tim will take on finding meeting spot in SF 20:05:23 s/still// 20:06:12 tony: nothing new on the charter 20:06:18 ...open pull requests. 20:06:45 https://github.com/w3c/webauthn/pull/1663 20:07:52 JeffH: added verficaiton, need some responses 20:07:58 https://github.com/w3c/webauthn/pull/1576 20:08:20 jeffH: conditional UI. nominally ready to go. waiting on review. it is feature complete 20:08:39 ...still waiting for reviews, but comments are pending. 20:09:21 tony: have some triage 20:09:36 https://github.com/w3c/webauthn/pull/1695 20:09:56 timC: this addresses some feedback coming in on multi-device credentials 20:10:04 ...some assurance the cred is backed up 20:10:39 ...bit 3 is static, bit 4 is can change 20:12:09 akshay: we will soon have back-up. 20:12:36 timC: soon flag still requires a check for backup 20:12:41 present+ jeffh 20:12:56 agl: if msft does not need that 4th state can it go? 20:13:23 shane: less states is better 20:13:25 present+ dveditz, davidwaite, jdeng, raerivera 20:13:32 present+ 20:13:37 nsteele has joined #webauthn 20:13:44 present+ 20:17:26 jBradley: we need to be specific in the validation. 20:17:49 shane 7.2 is where we should look. 20:24:25 timC: this is meant to guide users 20:24:38 ... it is not designating what the key can do 20:24:54 jbradely: we could have another approach 20:25:10 ...could force autheticators to have multiple AAGUIDs. 20:26:03 shane: an appealing patten for RPs, provides options 20:26:26 akshay: looking if it can be backed up or not 20:27:29 timc: should we be more explict that its not a security property 20:27:40 shane: it is something RPs want to know 20:28:37 timC: not just on the RP side, the user can decide what to do 20:31:18 jeffH: what is the model we are talking about 20:31:45 ...bit 3 is it capable of being a single stautus 20:31:55 ...yes 20:32:47 jbradley: imagine RPs will make diff decisions depending on what comes back. 20:33:04 nickS: think vast majority of RPs will not evaluate this. 20:33:11 jbradley: that could be true 20:38:52 timC: I will work on this in the section 20:39:02 ...7.2 20:40:10 tony: we have a couple of un-triaged issues. 20:40:27 https://github.com/w3c/webauthn/issues/1694 20:40:49 jeffH: M.jones said he would do this. 20:41:27 https://github.com/w3c/webauthn/issues/1697 20:41:49 jbradley: appears safari on ios and OSx there are attestation issues 20:42:04 ...outcome is you don't get a credential made. 20:42:12 ...cold be issues for RPs 20:42:59 agl: that reflects my understanding. is this an apple bug 20:43:00 ? 20:43:29 jbradley: were we too vague in the spec 20:43:32 ? 20:43:41 ...need to be explicit 20:44:05 dwaite has joined #webauthn 20:44:11 WebKit issue @ https://bugs.webkit.org/show_bug.cgi?id=224042 20:44:11 ...in CTAP can't ask for an attestation type 20:44:40 agl: perhaps add wording. 20:44:56 jbradley: OK. I will work on this and talk to apple 20:45:11 jbradley: I will write the PR 20:45:47 https://bugs.webkit.org/show_bug.cgi?id=224042 20:46:03 present+ martinkreichgauer 20:51:27 jbradley: not planning on sync for non-discoverable creds 20:51:54 agl: that is right 20:52:37 agl: our guidance will be to request discoverable creds. 20:53:31 https://github.com/w3c/webauthn/issues/1696 20:53:43 agl: this is deleting 20:53:45 tony: yes 20:54:04 jbradley: we have said no to this in the past 20:54:15 tony: any new insight? 20:56:04 agl: new API for deletion; prescriptive 20:56:44 agl: having channel at RP to send something back. 20:58:05 timC: concepts are there, but we should be open to some of this 20:58:27 agl: don't want users to get locked out. 21:06:25 rrsagent, make logs public 21:06:41 rrsagent, draft minutes 21:06:41 I have made the request to generate https://www.w3.org/2022/02/09-webauthn-minutes.html jfontana 21:06:59 zakim, list attendees 21:06:59 As of this point the attendees have been wseltzer, agl, akshay, andre, davidturner, jpascoe, johnbradley, jfontana, nadalin, kenbuchanan, nicksteele, sbweeden, timcappalli, jeffh, 21:07:02 ... dveditz, davidwaite, jdeng, raerivera, nsteele, martinkreichgauer 21:07:23 Chairs, Nadalin, Fontana 21:08:08 *webpage updated with minutes 21:08:17 zakim, bye 21:08:17 leaving. As of this point the attendees have been wseltzer, agl, akshay, andre, davidturner, jpascoe, johnbradley, jfontana, nadalin, kenbuchanan, nicksteele, sbweeden, 21:08:17 Zakim has left #webauthn 21:08:20 ... timcappalli, jeffh, dveditz, davidwaite, jdeng, raerivera, nsteele, martinkreichgauer 21:08:27 rrsagent, bye 21:08:27 I see no action items