Web Authentication WG – 18 May 2022

Meeting minutes

<Ian> joint meeting slide deck

Ian: guest with Stephen from Web Payments
… completing his notes from previous Web Payments meeting.

<wseltzer> F2F Registration: https://www.w3.org/2002/09/wbs/87227/webauthn2022/

<wseltzer> jfontana: Proposed agenda for F2F

<wseltzer> ... 30 min demonstration from Best Buy

<wseltzer> ... invitation to Ian, from Web Payments

<wseltzer> ... Dom, from Adoption CG

<wseltzer> ... and Nick

<Ian> [Ian has limited availability on 9 June]

<wseltzer> ... Update on FIDO2 from David Waite

<wseltzer> ... Spec work, passkey discussion

<nina> (thanks for the reminder!)

tony: how many people have signed on after the new charter

wendy: people have until the 29th to re-join after new charter

tony: SPWF (FIDO) talking about what to do with passkey and what certification landscape will look like.

wendy: we are done with copyright, talked in PSIG
… this is off recurring agenda

tony: now to Ian

<Ian> Minute from recent discussion

Ina SPC twoard candidate rec. have issues to close
… have dependencies on fido
… discussion on migrating some SPC features to webauthn
… issue #174; rtracning changes for multi-device credentials

<dveditz> could someone repost the slide link?

<dveditz> ah, I can see it in the mtg

Stephen: SPC have similar non-modul pieces
… we have credential IDs, no discovery

<nina> amazing review for conditional ui!

Stephen: we think this functionality wil be same as conditional UI
… try to stick close to WebAuth,
… share conditional and SPC
… like it to work with any transport

shane: what about caBLE transport

bradley: will be the same.

<Ian> "no vision that cable authenticators will silently wake up"

shane: sounds like target is platform authenticators and "others: re: caBLE

stephen: roaming is more and more important

Stephen: looking at the low friction, and have something other that might not be as clean.
… so ideas about pre-caching, but that is far-flung

bradley: will be option to click button to use caBLE authenticator or use a Security Key.
… these might always be there is authentication flow

ian: next slide some examples in detail
… with SPC , some challenges, what to do with users with different scenarios
… how do we provide UX
… we have these questions and others and how we answer them
… multi-device credentials may change some of these

yes

elundberg: depends on who is discovering. these are two different things.

<dveditz> I would love to get the link to these slides if that's possible (I think I joined too late to have seen then earlier)

ian: challenge is we don't have all the answers for all these cases. how do I know when to do things. re:prompt

Ian: this is what we are chatting about.
… in SPC case and cross-origin case; hard to know who am I authenticating to and with whom
… we have issue in SPC on this.

bradley: two scenarioes. PSP is talking to 3DS, the other is where there is delgated authentication

Ian: issue #187 in Web Payments
… boils down to bank or merchant use case.
… we are tracking a range of scenarios
… expecting to be signed over, but could move out of SPC with platform prompts.
… talking about joint meeting at TPAC
… get the right groups together and understand what we can do

Ian: thank you all

bradley: discussion on SPWG and FIDO certification

tony: next steps for SPWG

bradley: meeting in Munich

https://github.com/w3c/webauthn/pull/1706

nina, ready to merge.

https://github.com/w3c/webauthn/pull/1703

tony: some questions.

mattM: yes, some issues here outstanding.

https://github.com/w3c/webauthn/pull/1695

tony: still in limbo.

https://github.com/w3c/webauthn/pull/1576