Meeting minutes
thanks, Wendy
tony: we are scheduled for TPAC.
… on agenda for Monday Sept 12.
… we have join meetings for tuesday with Web payments and other groups
… on wednesday can do other work or go home.
… suggest those in-person look at W3C web site.
wendy: some inter-group participation.
… putting a lot into being a good hybrid meeting
… registration should be opening soon
Tony: Wednesday is submit your topic.
tony
<nina> thank you
agl: I can help with review if the others are busy
https://
elundberg: I made sme changes for it to be more clear.
agl: think this is good.
https://
agl: no response from Mozilla, no changes so far.
tony: how long should we wait?
agl: that comes from Akshay
jbradley: I am good with it.
… fine to merge now, but check with Aksay
tony: Tim? Issues?
<dveditz> Who did you send that to at Mozilla?
tim: I am getting it done.
https://
<dveditz> My mic is apparently not working
mattM: in a good state right now, need a bit of feedback
… with no objections, we can land as is
tony: I would like to see this in the first draft.
… any issue moving forward
matt: will merge and follow up
nickS: think it is fine
https://
agl: still in works to some extent, but settling
… at face to face questions about attestation stuff
… its a large PR now
… but it is significant
… read it
tony: we will resolve everyone's comments
tony: aimed at first public draft.
… before TPAC in late August
agl: we have a similar target
jbradley: looking at some issues we may have with Windows
… we are changing things beyond extension
agL; working on some CTAP issues also
https://
nina: looking to merge this
tony: Matthew and shane can you look at this
tony: want to get this into first draft since implementd.
agL; want to merge it now, but if people want a read, go ahead
shane: no objection
… I want to relook at it
… I did not that and I see the implementation and I am happy
tony: so change status to approve
tony: matthew merge?
mattM: yes
https://
tony: sitll on hold, nothing new
https://
agl: the name of cable is hybrid
… its the new name
… I will look at this
https://
shane: I won't object to this
jbradely: : akshay was leaning against this
… do we need another nob to move?
… what this means and how to implement this may cause more confusion
elundberg: browser best effort may be the best we get
… it is enough?
tim: then why to we do DPK
mattM: sitll value for DPK
shane: will be some RPs without DPK, but still might want a credential
… there are a broader set of comments in GitHub; some looking for more control
mattM: also the point that if you want a single device credential, need to have an authentication and see value created.
Tim: if you don't like a security key you reject it.
mattM: then why is credential around?
… should not go forward with this. don't see how this is different from other authenticators.
tony: is anyone agansit this
?
agL: don't think this proposal is the way to go.
Tim: I am supportive of the idea, but concerned on this method
… I would like an MDM policy
agl: policy could be best way to go
elundberg: we have added
… so I am leaning against it.
… but not a hard opinion either way
mattM: issue that continues to bug me, alternative way to approach this without new parameter
… was a proposal to delete credentials, can we revive that
shane: worried about the user experience
… should have been presented upfront
agl: think this is two issues
… backburner the notion this will not work.
tony: so leave #1744 open
tony: https://
… this could be forwarded to Web Authn adoption group
tony: does Matt want to champion this issue;
matt: I will make editorial note in the spec.