Meeting minutes
Face to Face
AGL: We have a venue, it's near the Internet History Museum (the venue for IIW) on April 19th
… On the Google campus
MikeJones: OpenID is also meeting that morning on the Google campus, presents a conflict for John and I in the morning
AGL: All the details provided should be in an email sent to the list
Charter
Simone: Proposes an addendum to the pending charter that includes a formality section regarding security topics (risks, threat modeling, etc). This should be in the template provided.
Simone: The security topics such as the threat model is already included in the specification, so we could reuse that
Tony can work with Simone to reformat the draft to include this
Pull Requests
Discussion with Rolf
There are financial regulatory and fraud concerns that compel this work
Discussion of different solutions that could exist to solve this issue
John: important to have another browser than chrome to support it
Rolf: from a regulatory perspective, the authenticator needs to display it, not the platform
elundberg: there would be value in keeping the name if it can be backwards compatible with existing authenticator implementations
MatthewMiller: we should change the name, txAuthSimple isn't very descriptive
TimCappalli: or accurate, necessarily
elundberg: short extension ID is preferable because it's reflected in CBOR on the wire, some message size limits are as low as ~1KB
TimCappalli: there should be a "type" attribute or similar at least
nadalin: hearing mixed feelings about this proposal
jbradley: how much do we want to expand the scope
TimCappalli: we should hear from banks that they understand this will be inconsistent between platforms
… I suspect they will deem it not useful due to inconsistency
RolfLindemann: I've heard a need for this capability for many use cases
nadalin: adjourn