19:01:26 RRSAgent has joined #webauthn 19:01:26 logging to https://www.w3.org/2022/04/06-webauthn-irc 19:01:29 RRSAgent, make logs Public 19:01:29 Meeting: Web Authentication WG 19:01:52 wseltzer has changed the topic to: https://lists.w3.org/Archives/Public/public-webauthn/2022Apr/0035.html 19:01:56 Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2022Apr/0035.html 19:02:02 chair: Nadalin, Fontana 19:04:23 matthewmiller has joined #webauthn 19:05:12 nadalin: F2F updates? 19:05:26 nsteele: CG members may be interested in participating 19:05:58 nadalin: please ask them to communicate with the chairs for a formal invitation to participate 19:06:20 timcappalli: please register so we can order food 19:06:41 nadalin: SPWG updates? 19:06:50 johnbradley: nothing relevant to us 19:07:57 nadalin: charter updates? 19:08:30 wseltzer: we extended the existing charter through April 30, aiming for a recharter before then 19:08:44 nadalin: Copyright license? 19:09:08 https://github.com/w3c/webauthn/issues/1705 19:09:40 nadalin: any thoughts from FIDO side? 19:10:10 ... would like to hear their input 19:10:32 davidturner: I'll take that for consideration 19:11:06 Topic: PRs 19:11:23 nadalin: don't se emlun 19:11:27 s/se/see/ 19:11:42 https://github.com/w3c/webauthn/pull/1704 19:11:49 sbweeden: no problem with it 19:11:59 nadalin: any objections? 19:12:12 ... good to go. 19:12:27 https://github.com/w3c/webauthn/pull/1703 19:12:44 matthewmiller: working on sbweeden's feedback 19:13:38 ... would welcome more feedback 19:13:46 martinkreichgauer: I'll take a look 19:14:14 https://github.com/w3c/webauthn/pull/1695 19:14:24 timcappalli: incorporated most feedback 19:14:43 ... open question: thinking a credential is single-device until backed up 19:15:09 ... but @@ 19:15:20 nsteele has joined #webauthn 19:15:40 matthewmiller: I thought flag 3 could never change 19:16:01 timcappalli: if a multi-device credential never gets backed up, is it really multi-device 19:16:11 johnbradley: eligibility 19:16:31 timcappalli: is the distinction determiend by bit 3 or bit 4, sounds as though people are leaning toward bit 3 19:16:35 agl: I think bit 3 19:16:46 ... don't complicate terminology to "aspiring multi-device" 19:17:02 nadalin: please review 19:17:17 https://github.com/w3c/webauthn/pull/1663 19:17:35 nadalin: what shall we do with JeffH's things? 19:17:52 agl: as JeffH has retired, I'll be taking over his items 19:18:08 ... we're still interested in this 19:19:04 https://github.com/w3c/webauthn/pull/1576 19:19:09 nadalin: also waiting for recharter 19:19:15 agl: still interested 19:19:54 nadalin: Untriaged 19:20:00 ... 1717 19:20:14 Martin: chrome wants to support remote desktop software in webauthn 19:20:38 ... on a desktop or in a data-center 19:21:01 ... think there's some general USB passthrough, and some webapps 19:21:37 sbweeden: what does that do for principle of user presence 19:21:50 martin: think it's reasonable in managed enterprise 19:22:08 johnbradley: the user still has to be present with the authenticator. the authenticator is on the remote computer 19:22:42 nsteele: this doesn't break anything to assume the authenticator is proximal to the user 19:22:55 agl: we do have concept of proximity to the user and device being signed in 19:23:13 ... as it's already done in practice, bringing it safely to the web 19:23:50 johnbradley: need to assure appropriate permissions, not any website can proxy any RPID 19:24:13 martin: we're still developing explainer, appropriate mechanisms for user, managed enterprise opt in to this privilege 19:25:54 present+ agl, andrebuttner, davidturer, emlun, johnbradley, johnpascoe, martinkreichgauer, nadalin, nsteele, timcappalli, matthewmiller, sbweeden, wseltzer 19:26:32 agl: we're experimenting internally, want to figure out how it can be enabled more broadly 19:26:43 present+ davidwaite 19:26:53 johnbradley: are you targeting Level 3? 19:27:05 dwaite has joined #webauthn 19:27:32 agl: it's flexible, we wanted to bring the explainer to the group's attention 19:28:04 ... not to hold up the work 19:28:22 ... informational explainer, should we throw it in the wiki and close the PR? 19:29:03 nadalin: close and move to the wiki 19:29:25 nadalin: 706 19:29:31 s/706/1706/ 19:29:44 https://github.com/w3c/webauthn/pull/1706 19:30:27 agl: if nina thinks it's a good idea, she's the one who knows most about them 19:31:20 sbweeden: I'd like akshay's review 19:31:31 Topic: Untriaged issues 19:32:24 https://github.com/w3c/webauthn/issues/1716 19:32:40 agl: we think it's user's choice, not RP's 19:34:30 matthewmiller: I wouldn't mind being able to limit 19:34:59 agl: in the consumer setting, users choose their authenticator 19:35:22 johnbradley: we'll have to communicate to RPs that "platform-only" may not be the correct choice 19:43:16 [further discussion of cable] 19:45:59 davidwaite: conditional mediate can help 19:46:05 s/mediate/mediation/ 19:50:25 [discussion of communication of platform updates] 19:51:09 nadalin: 1713 19:51:33 https://github.com/w3c/webauthn/issues/1713 19:52:19 agl: he's filed bugs asking for UI wording changes 20:02:06 nadalin: we'll discuss again 20:02:25 [adjourned] 20:02:29 rrsagent, draft minutes 20:02:29 I have made the request to generate https://www.w3.org/2022/04/06-webauthn-minutes.html wseltzer 21:32:59 Zakim has left #webauthn