W3C

– DRAFT –
Web Authentication WG

20 April 2022

Attendees

Present
agl, christiaan, davidturner, davidwaite, dveditz, emlundberg, Ian, jfontana, johnbradley, johnpascoe, kenbuchanan, martinkreichgauer, mikejones, nadalin, nina, nsteele, selfissued, timcappalli, wseltzer
Regrets
-
Chair
Fontana, Nadalin
Scribe
jfontana

Meeting minutes

<Ian> WPWG meeting agenda

Ian: meetings may 3-5
… focus is on Authentication
… addtion this year, SPC work
… a few issues, want to talk thorough some open issues.
… we welcome you to our foroum
… setting up time for 5th of May
… can we record a decision for those participating.

<wseltzer> [5 May, 10-11 Eastern / 1400-1500 UTC]

Tony: call for anyone to join the call from this WG
… will lock this down for you.
… no registering needed.

Ian: other bits of interest. Best Buy using WebAuthn for log-in, they will come and talk about their experience.
… I have put this on the same day May 5
… we have been talking about conditional UI
… holding a slot to hear about - also with user recognition
… on other session. talked to French bank about use cases. re-use creds for authn and for sensitive flows
… what other needs does SPC have in terms of FIDO?

tony: will you guys meet at TPAC

Ian: think we will have people there

tony: we are thinking tuesday for WebAuthn piece

Ian: we can add a little about remote and TPAC

Tim: June 9 face to face.

<wseltzer> https://www.w3.org/2002/09/wbs/87227/webauthn2022/

selfissued: can you put the registration link in the record

jbradly: multi device credential coming up in SPWG FIDO group

wendy: charter approved!!! Have 45 days to re-join group.
… april 13 is when the notice came out on re-joining

<nsteele> @wseltzer I appear to be unable to re-join the Working Group

<wseltzer> nsteele, I'll look into it

Tony: some people have expressed opening up as much as possible

<nsteele> Submitted an invited expert form, which may actually be more appropriate given my involvement

https://github.com/w3c/webauthn/pull/1706

https://github.com/w3c/webauthn/pull/1706

tony: look at this and see Nina if you solvd issues ,

https://github.com/w3c/webauthn/pull/1703

Tony: do we need a new PR for this?

eluncberg: I could track that issue.

selfissue: I can review the Pr when it is created.

https://github.com/w3c/webauthn/pull/1695

elundberg: one more question here.

tim: goal here for RP to allow users to remove the password
… there is no public shipping multi-device to test this.

jbradely: specs should be consistent.
… we should leave some edge cases alone

tim: we do want them to hard code

elundberg: worried about edge cases

jbradely: current reserve bits are now dynamic
… what are teh other bits?

https://github.com/w3c/webauthn/pull/1663

agl: should there be attestation on this, there are other questions

what is apple going to be doing? are the security properties the same?

jbradley: need to engaged the security and privacy group

tony: adjourn

Minutes manually created (not a transcript), formatted by scribe.perl version 185 (Thu Dec 2 18:51:55 2021 UTC).

Diagnostics

Succeeded: s/19/13/

No scribenick or scribe found. Guessed: jfontana

Maybe present: eluncberg, elundberg, jbradely, jbradley, jbradly, selfissue, Tim, Tony, wendy