18:59:40 RRSAgent has joined #webauthn 18:59:40 logging to https://www.w3.org/2022/05/18-webauthn-irc 18:59:42 RRSAgent, make logs Public 18:59:44 Meeting: Web Authentication WG 19:00:58 Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2022May/0044.html 19:01:04 wseltzer has changed the topic to: 18 May https://lists.w3.org/Archives/Public/public-webauthn/2022May/0044.html 19:02:05 Ian has joined #webauthn 19:02:17 RRSAGENT, pointer? 19:02:17 See https://www.w3.org/2022/05/18-webauthn-irc#T19-02-17 19:02:26 present+ 19:03:47 nina has joined #webauthn 19:04:05 present+ Akshay, AndyPeterson, elundberg, jfontana, Nadalin, JohnBradley, JohnPascoe, sbweeden, Nina, StephenMcGruer 19:04:26 present+ 19:05:17 -> http://www.w3.org/2022/Talks/wpwg-authn-202205/wpwga-202205.pptx joint meeting slide deck 19:05:22 Ian: guest with Stephen from Web Payments 19:05:55 matthewmiller has joined #webauthn 19:06:09 agenda? 19:06:13 agenda+ TPAC meeting 19:06:14 ...completing his notes from previous Web Payments meeting. 19:06:22 F2F Registration: https://www.w3.org/2002/09/wbs/87227/webauthn2022/ 19:06:54 jfontana: Proposed agenda for F2F 19:07:02 ... 30 min demonstration from Best Buy 19:07:14 ... invitation to Ian, from Web Payments 19:07:22 ... Dom, from Adoption CG 19:07:28 ... and Nick 19:07:44 [Ian has limited availability on 9 June] 19:07:58 ... Update on FIDO2 from David Waite 19:08:14 ... Spec work, passkey discussion 19:08:59 (thanks for the reminder!) 19:09:15 tony: how many people have signed on after the new charter 19:09:55 wendy: people have until the 29th to re-join after new charter 19:10:48 tony: SPWF (FIDO) talking about what to do with passkey and what certification landscape will look like. 19:11:06 wendy: we are done with copyright, talked in PSIG 19:11:19 ...this is off recurring agenda 19:11:26 dveditz has joined #webauthn 19:11:41 tony: now to Ian 19:11:49 -> https://www.w3.org/2022/05/05-wpwg-minutes.html#t01 Minute from recent discussion 19:11:49 present+ nsteele, matthewmiller, dveditz 19:12:09 Ina SPC twoard candidate rec. have issues to close 19:12:22 ...have dependencies on fido 19:12:31 sbweeden has joined #webauthn 19:12:54 ...discussion on migrating some SPC features to webauthn 19:13:17 ...issue #174; rtracning changes for multi-device credentials 19:13:37 could someone repost the slide link? 19:14:06 ah, I can see it in the mtg 19:14:22 Stephen: SPC have similar non-modul pieces 19:14:33 ...we have credential IDs, no discovery 19:15:02 amazing review for conditional ui! 19:15:04 ...we think this functionality wil be same as conditional UI 19:15:20 ...try to stick close to WebAuth, 19:15:29 ... share conditional and SPC 19:15:33 present+ agl 19:15:43 ...like it to work with any transport 19:16:06 shane: what about caBLE transport 19:16:12 bradley: will be the same. 19:17:12 "no vision that cable authenticators will silently wake up" 19:17:25 shane: sounds like target is platform authenticators and "others: re: caBLE 19:17:38 stephen: roaming is more and more important 19:20:04 Stephen: looking at the low friction, and have something other that might not be as clean. 19:20:26 ...so ideas about pre-caching, but that is far-flung 19:20:56 bradley: will be option to click button to use caBLE authenticator or use a Security Key. 19:21:04 ...these might always be there is authentication flow 19:21:16 ian: next slide some examples in detail 19:21:43 ...with SPC , some challenges, what to do with users with different scenarios 19:21:49 ...how do we provide UX 19:22:08 ...we have these questions and others and how we answer them 19:22:17 q+ "silently query credential ID" and privacy review 19:22:30 ...multi-device credentials may change some of these 19:22:33 q+ 19:22:54 yes 19:23:17 ack next 19:24:38 elundberg: depends on who is discovering. these are two different things. 19:24:55 andypete has joined #webauthn 19:26:15 I would love to get the link to these slides if that's possible (I think I joined too late to have seen then earlier) 19:26:19 ian: challenge is we don't have all the answers for all these cases. how do I know when to do things. re:prompt 19:26:24 q? 19:27:38 Ian: this is what we are chatting about. 19:28:34 ...in SPC case and cross-origin case; hard to know who am I authenticating to and with whom 19:28:42 ...we have issue in SPC on this. 19:29:32 bradley: two scenarioes. PSP is talking to 3DS, the other is where there is delgated authentication 19:30:02 Ian: issue #187 in Web Payments 19:30:18 ...boils down to bank or merchant use case. 19:30:59 ...we are tracking a range of scenarios 19:31:25 ...expecting to be signed over, but could move out of SPC with platform prompts. 19:31:49 ...talking about joint meeting at TPAC 19:32:25 ...get the right groups together and understand what we can do 19:33:02 Ian: thank you all 19:33:17 Ian has left #webauthn 19:36:47 bradley: discussion on SPWG and FIDO certification 19:36:56 tony: next steps for SPWG 19:37:03 bradley: meeting in Munich 19:37:40 https://github.com/w3c/webauthn/pull/1706 19:37:53 nina, ready to merge. 19:37:54 kaiju has joined #webauthn 19:37:59 https://github.com/w3c/webauthn/pull/1703 19:38:05 tony: some questions. 19:38:17 mattM: yes, some issues here outstanding. 19:39:04 https://github.com/w3c/webauthn/pull/1695 19:39:21 tony: still in limbo. 19:39:47 https://github.com/w3c/webauthn/pull/1576 19:39:54 tony: this is UI 19:40:02 nina: still waiting on some reivew 19:40:24 https://github.com/w3c/webauthn/pull/1425 19:40:30 eluncberg: no change 19:41:12 tony: un-triaged PR, #1718 19:41:40 https://github.com/w3c/webauthn/pull/1718 19:41:49 agl: working on reply 19:42:35 tony: un-triaged #1731 19:43:15 https://github.com/w3c/webauthn/issues/1731 19:43:33 agl: we reponed and will not be acting on this. 19:43:42 responded 19:47:29 https://github.com/w3c/webauthn/issues/1730 19:48:08 https://github.com/w3c/webauthn/issues/1730 19:48:13 agl: we should drop this 19:48:41 mattM: want to know what dropping it means 19:50:40 tony: what do we do here? 19:50:55 bradley: drop it. it confuses people the feature does not exists 19:52:49 tony: close this one? 19:53:13 mattM: the issue was to drop generic pass through. 19:53:23 nic: think it hinges on another PR 19:53:27 agl: no. 19:54:22 eluncberg: proposal here is to remove this 19:54:39 agl: no browser wants to implement 19:55:09 nick: I will put together a PR and drop this. 19:55:17 tony: thank you 19:55:21 https://github.com/w3c/webauthn/issues/1722 19:55:40 agl: I have answered this 19:55:50 tony: no one has responded to the answer 19:56:17 elundberg: I will close it 19:56:19 https://github.com/w3c/webauthn/issues/1721 19:56:41 agl: I answered this one 19:56:47 tony: any issue closing this? 19:56:58 ...not hearing any objection. 19:57:04 ...close? 19:58:23 tony: will meet on June 1 and skip the meeting on June 15th. 19:58:31 ...resume on the 29th again. 19:59:40 rrsagent, make logs public 19:59:52 rrsagent, draft minutes 19:59:52 I have made the request to generate https://www.w3.org/2022/05/18-webauthn-minutes.html jfontana 20:00:00 Zakim: list attendees 20:00:26 chair: Nadalin, Fontana 20:00:29 rrsagent, draft minutes 20:00:29 I have made the request to generate https://www.w3.org/2022/05/18-webauthn-minutes.html wseltzer 20:00:43 Chairs, Nadalin, Fontana 20:06:28 kaiju has joined #webauthn 20:11:23 kaiju has joined #webauthn 20:18:06 kaiju has joined #webauthn 20:27:16 kaiju has joined #webauthn 21:28:15 kaiju has joined #webauthn 21:47:27 kaiju has joined #webauthn 22:19:57 kaiju has joined #webauthn 22:53:18 kaiju has joined #webauthn 22:58:27 kaiju has joined #webauthn