20:04:52 <RRSAgent> RRSAgent has joined #webauthn
20:04:57 <RRSAgent> logging to https://www.w3.org/2023/11/29-webauthn-irc
20:05:22 <plh> Topic: Next week meeting
20:05:30 <plh> Tony: I can't make it next week...
20:06:04 <plh> ... we'll cancel unless someone speaks up now
20:06:23 <plh> (none heard))
20:07:29 <plh> Topic: Web Identity Credential Working Group Charter
20:07:41 <plh> Tim: it's essentially the FedCM API WG.
20:07:56 <jfontana> jfontana has joined #webauthn
20:08:08 <plh> --> https://github.com/w3c/strategy/issues/427 Web Identity Credential Working Group Charter
20:10:23 <plh> Tony: +1 to list WebAuthn as a depencency
20:11:26 <soba> soba has joined #webauthn
20:11:50 <steele> is anyone scribing?
20:12:14 <steele> I'll scribe
20:12:23 <steele> no problem!
20:12:28 <jfontana_> jfontana_ has joined #webauthn
20:12:38 <plh> Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2023Nov/0145.html
20:12:57 <steele> Meeting: WebAuthn Weekly
20:13:02 <steele> Chair: Tony Nadalin
20:14:00 <plh> rrsagent, generate minutes
20:14:01 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/29-webauthn-minutes.html plh
20:14:05 <steele> Discussion around Web Identity Working Group Charter before pull requests
20:14:11 <steele> TOPIC: Pull Requests
20:14:17 <steele> Discussing https://github.com/w3c/webauthn/pull/2001
20:14:39 <selfissued> selfissued has joined #webauthn
20:14:41 <selfissued> present+
20:14:42 <steele> AGL: Want to discuss with Nina Satragno, John Bradley & Tim Cappalli to review
20:15:48 <steele> present+  ShaneWeeden,JasonCai,TimCappalli,AGL,TonyNadalin,PLH,AnderAberg,JaiminBhatt,DavidTurner
20:15:57 <steele> present+ JohnPascoe
20:16:14 <steele> present+ JohnSchanck
20:16:34 <steele> Discussion of https://github.com/w3c/webauthn/pulls
20:16:40 <steele> Shane making editorial change
20:16:55 <steele> Tim Cappalli approved, ready to merge
20:17:57 <steele> https://github.com/w3c/webauthn/pull/1992
20:18:03 <steele> Matthew on PTO this week
20:18:23 <steele> Ready to Merge
20:18:59 <steele> Nick Steele to merge
20:19:57 <steele> https://github.com/w3c/webauthn/pull/1998
20:20:29 <steele> https://github.com/w3c/webauthn/pull/1988
20:20:48 <steele> Not been merged, ready for merge
20:20:55 <steele> Nick Steele merging
20:21:47 <steele> https://github.com/w3c/webauthn/pull/1972
20:21:52 <steele> Still pending
20:22:03 <steele> https://github.com/w3c/webauthn/pull/1945
20:22:14 <steele> Closed
20:22:23 <steele> https://github.com/w3c/webauthn/pull/1926
20:22:29 <steele> Tim: we're still waiting for a response
20:23:05 <steele> https://github.com/w3c/webauthn/pull/1923
20:23:16 <steele> Tim: I need to add the privacy statement, will add before next call.
20:23:37 <steele> TOPIC: Issues
20:23:53 <steele> https://github.com/w3c/webauthn/issues/1998
20:24:06 <steele> Shane: this has been closed
20:24:22 <steele> https://github.com/w3c/webauthn/issues/1994
20:24:26 <steele> Emlun not present to discuss
20:24:49 <steele> https://github.com/w3c/webauthn/issues/1987
20:25:12 <steele> AGL: this would be resolved by #1999
20:25:20 <steele> Matt not present
20:25:48 <steele> https://github.com/w3c/webauthn/issues/1967
20:25:59 <steele> AGL: Nina will be present in 2 weeks to discuss
20:26:09 <steele> https://github.com/w3c/webauthn/issues/1965
20:28:09 <steele> Shane: Our security model does not extend to a man in the browser model
20:28:21 <steele> ACTION: Nick steele to relay this message and close #1965
20:28:28 <steele> https://github.com/w3c/webauthn/issues/1964
20:28:56 <steele> AGL: This is in the CTAP spec, we could point to this if there's a recently published CTAP spec
20:29:24 <steele> Tony: Do you want to respond?
20:29:30 <steele> AGL: I can address in 2 weeks
20:29:34 <steele> Issue to remain open
20:29:36 <steele> https://github.com/w3c/webauthn/issues/1942
20:30:10 <steele> Tim: this issue was brought up the other day on Stack Overflow
20:30:24 <steele> Tim: I think we should close this issue
20:30:44 <steele> AGL: this could cause UI breakage
20:30:56 <steele> Action: Tim Cappalli to draft response
20:32:40 <steele> Discussion around requests for getOrCreate methd
20:33:07 <steele> AGL: if hordes of developers are calling for it, Google would consider it
20:33:28 <steele> MikeJones: becomes an issue when you have a multitude of accounts for an RP
20:35:29 <steele> https://github.com/w3c/webauthn/issues/1921
20:36:03 <steele> Tim: I don't think this is appropriate for WebAuthn
20:36:11 <steele> Shane agrees, this is out of scope
20:37:02 <steele> JohnBradley: I disagree with tim that this is a security key issue, I think this is fundamentally different than sharing a hardware key. This is a FIDO issue
20:37:41 <steele> Shane: we should get Emlun's opinion on this
20:38:06 <steele> ...he has some proposed chaanges to the wording
20:38:09 <steele> https://github.com/w3c/webauthn/issues/1912
20:38:11 <steele> https://github.com/w3c/webauthn/issues/1913
20:38:26 <steele> Emlun to address
20:39:08 <steele> Tim: I know that there was an issue in bikeshed regarding indenting? Has this been addressed?
20:39:12 <steele> AGL: I've seen them
20:39:21 <steele> Tim: next time I see them I'll try to remove them
20:39:24 <steele> https://github.com/w3c/webauthn/issues/1888
20:40:15 <steele> Arnar assigned, still pending a reviewer. Tim to assign MatthewMiller who had opinions on the topic
20:40:21 <steele> https://github.com/w3c/webauthn/issues/1859
20:40:47 <steele> https://github.com/w3c/webauthn/issues/1856
20:41:04 <steele> Tim bumping issue with Ackshay
20:41:46 <steele> AGL: There is some amount of consternation happening because this introduces latency. Some RPs find this a problem. Idea of having a challenge callback is making an emergence again. We're still discussing
20:41:57 <steele> Tony: would it align with this issue?
20:42:01 <steele> AGL: maybe not directly
20:42:33 <steele> https://github.com/w3c/webauthn/issues/1854
20:43:07 <steele> AGL: At some point we might want to decide to ignore or remove legacy issues
20:43:16 <steele> Tony: Nina has responded
20:43:26 <steele> AGL: waiting to put energy behind this
20:43:35 <steele> Tony: is this something that folks want to do?
20:43:53 <steele> ... it's at risk, although unsure if people have time and capacity
20:43:59 <steele> ... can also leave undecided
20:44:38 <steele> AGL: no objections, haven't heard about it in feedback, the utility is small. I wouldn't prioritize it for L3
20:44:42 <steele> https://github.com/w3c/webauthn/issues/1819
20:45:13 <steele> AGL: When Arnar returns in two weeks you can bug him about this
20:45:32 <steele> Tony assigns Arnar to the issue, the wily fellow
20:45:45 <steele> https://github.com/w3c/webauthn/issues/1797
20:45:56 <steele> Tony: this is just a process and editorial change
20:46:01 <steele> https://github.com/w3c/webauthn/issues/1795
20:47:19 <steele> John: we might want to just say that the type changes when we talk to CTAP2
20:47:26 <steele> AGL okay with this
20:47:43 <steele> ACTION: John Bradley to write a PR for issue #1795
20:47:52 <steele> https://github.com/w3c/webauthn/issues/1748
20:47:56 <steele> Waiting for Nina
20:48:16 <steele> AGL: issue not wrong, will bother Nina about it
20:48:21 <steele> Tony: issue is at risk
20:48:28 <steele> AGL will follow up with Nina
20:50:23 <steele> https://github.com/w3c/webauthn/issues/1743
20:50:30 <steele> Action: Nick Steele to close
20:51:18 <steele> https://github.com/w3c/webauthn/issues/1667
20:51:44 <steele> This issue is primordial but still valid
20:52:27 <steele> Tony: I'll ping Ian Jacobs
20:52:46 <steele> issue to remain open, a relic of the old world
20:53:01 <selfissued> https://github.com/w3c/webauthn/issues/1635
20:53:43 <steele> MikeJones: For one thing, we have a reference to large per credential blobs that I am unable to find in the CTAP2 spec. Did that occur? was it deleted?
20:54:10 <steele> AGL: At the webauthn layer we have largblob, at CTAP this gets abstracted down into a different format
20:55:05 <steele> Mike Jones posts a note from the issue to chat: NOTE: In order to interoperate, user agents storing large blobs on authenticators using [FIDO-CTAP] are expected to use the provisions detailed in that specification for storing large, per-credential blobs.
20:55:30 <selfissued> https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#large-blob
20:55:51 <steele> Adam Langley points to RD (review draft) https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#authenticatorLargeBlobs
20:56:04 <steele> David Turner: That's the 2.0 version, Mike, not 2.1
20:56:26 <steele> From David Turner, https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#conformance
20:56:33 <plh> --> https://w3c.github.io/webauthn/#sctn-large-blob-extension 10.1.5. Large blob storage extension (largeBlob)
20:56:37 <selfissued> https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html
20:57:08 <steele> AGL posts to 2.1 draft https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#authenticatorLargeBlobs
20:57:39 <steele> Mike Jones should have what he needs now to make a PR regarding largeblob
20:57:55 <steele> MikeJones: there's also a different link to responses
20:58:51 <steele> MikeJones: I need to fix the CTAP references, will sort out other issues async
20:59:21 <steele> We will cancel next two weeks of meetings as discussed, resume in two weeks
20:59:24 <plh> rrsagent, generate minutes
20:59:25 <RRSAgent> I have made the request to generate https://www.w3.org/2023/11/29-webauthn-minutes.html plh
20:59:58 <steele> adjourn
21:00:00 <steele> RRSAgent, make logs public
21:06:36 <steele> steele has joined #webauthn
21:41:32 <steele> steele has joined #webauthn
21:49:59 <steele> steele has joined #webauthn
21:51:02 <steele_> steele_ has joined #webauthn
23:44:17 <Zakim> Zakim has left #webauthn