BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Sabre//Sabre VObject 4.5.8//EN
CALSCALE:GREGORIAN
LAST-MODIFIED:20230911T055439Z
BEGIN:VTIMEZONE
TZID:Europe/Madrid
BEGIN:STANDARD
DTSTART:20221030T010000
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
END:STANDARD
BEGIN:STANDARD
DTSTART:20231029T010000
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20230326T010000
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:88f88a3d-0100-4cdc-b7ad-61ca777413c8
DTSTAMP:20230911T055439Z
SUMMARY:Web Authentication WG
DTSTART;TZID=Europe/Madrid:20230911T093000
DTEND;TZID=Europe/Madrid:20230911T110000
DESCRIPTION:https://www.w3.org/events/meetings/88f88a3d-0100-4cdc-b7ad-61ca
 777413c8/\n\n* [Current publications](https://www.w3.org/groups/wg/webauth
 n/publications)\n* [WebAuthn pull requests](https://github.com/w3c/webauth
 n/pulls)\n* [WebAuthn pull issues](https://github.com/w3c/webauthn/issues)
 \n\nAgenda: https://www.w3.org/Search/Mail/Public/search?keywords=&hdr-1-n
 ame=subject&hdr-1-query=%222023+W3C+Web+Authentication+Meeting%22&index-gr
 p=Public_FULL&index-type=t&type-index=public-webauthn\n\nAgenda\n\nHere is
  the agenda for the 09/11/2023 W3C Web Authentication WG TPAC Meeting\, \n
 \nSelect scribe please someone be willing to scribe so we can get down to 
 the issues\n \n1.	Here is the link to the Level 2 Webauthn Recommendation 
  https://www.w3.org/TR/2021/REC-webauthn-2-20210408/\n2.	First Public Work
 ing Draft of Level 3 has now been published\, https://www.w3.org/TR/webaut
 hn-3/\n3.	Joint session with WebPayments WG during TPAC\n4.	PWG Update (Jo
 hn B.)\n5.	We have 47 open issues\, 25 of them have been tagged with the @
 RISK label\, please review with the link below\, if you don’t agree we w
 ill discuss as the first item on the agenda \na.	Issues · w3c/webauthn (g
 ithub.com)\n6.	W3c WebID proposal for authentication see WebID - W3C Wiki\
 n7.	L3 WD01 open pull requests and open issues\n\n \nPull requests · w3c/
 webauthn (github.com)\n1.	devicePubKey → supplementalPubKeys by agl · P
 ull Request #1957 · w3c/webauthn (github.com)\n2.	Enterprise packed attes
 tation guidance by dwaite · Pull Request #1954 · w3c/webauthn (github.co
 m)\n3.	Add packed attestation optional firmware version attribute by dwait
 e · Pull Request #1953 · w3c/webauthn (github.com)\n4.	Initial text for 
 conditional create by pascoej · Pull Request #1951 · w3c/webauthn (githu
 b.com)\n5.	Recommend duration of challenge validity by emlun · Pull Reque
 st #1855 · w3c/webauthn (github.com)\n \nPull requests · w3c/webauthn ·
  GitHub\n1.	Add `compound` attestation format by timcappalli · Pull Reque
 st #1950 · w3c/webauthn (github.com)\n2.	Fix inconsistent usage of option
 s variable by Kieun · Pull Request #1948 · w3c/webauthn (github.com)\n3.
 	Add importCryptoKey input to PRF extension by emlun · Pull Request #1945
  · w3c/webauthn (github.com)\n4.	Delete outdated note about checking regi
 stration UV with PRF extension by emlun · Pull Request #1944 · w3c/webau
 thn (github.com)\n5.	Clarify distinction between PublicKeyCredentialUserEn
 tity name and displayName by MasterKale · Pull Request #1932 · w3c/webau
 thn (github.com)\n6.	Clarify TPM attestation verification instructions by 
 sbweeden · Pull Request #1926 · w3c/webauthn (github.com)\n7.	Add new ge
 tClientCapabilities method by timcappalli · Pull Request #1923 · w3c/web
 authn (github.com)\n8.	Add userDisplayName and vendorDisplayName to credPr
 ops by emlun · Pull Request #1880 · w3c/webauthn · GitHub\n\n\nIssues 
 · w3c/webauthn (github.com)\n1.	Describe firmware OID usage in packed att
 estation · Issue #1952 · w3c/webauthn (github.com)\n2.	Non-modal registr
 ation during conditional assertion · Issue #1929 · w3c/webauthn (github.
 com)\n3.	Allow desired attestation format to be an ordered list · Issue #
 1917 · w3c/webauthn (github.com)\n4.	Describe packed enterprise attestati
 on · Issue #1916 · w3c/webauthn (github.com)\n5.	Emphasize use of `user.
 name` for RP's to help users distinguish credentials · Issue #1852 · w3c
 /webauthn (github.com)\n6.	Prescriptive behaviours for Autofill UI · Issu
 e #1800 · w3c/webauthn (github.com)\n7.	Enforce backup eligibility during
  assertion · Issue #1791 · w3c/webauthn (github.com)\n8.	Facility for an
  RP to indicate a change of displayName to a discoverable credential · Is
 sue #1779 · w3c/webauthn (github.com)\n9.	Should enterprise attestation s
 upport be flagged explicitly? · Issue #1742 · w3c/webauthn · GitHub\n10
 .	Discussing mechanisms for enterprise RP's to enforce bound properties of
  credentials · Issue #1739 · w3c/webauthn · GitHub\n11.	Provide passwor
 dless example\, or update 1.3.2. to be a passwordless example · Issue #17
 35 · w3c/webauthn · GitHub\n12.	Update top level use cases to account fo
 r multi-device credentials · Issue #1720 · w3c/webauthn · GitHub\n13.	P
 ublic Key Credential Source and Extensions · Issue #1719 · w3c/webauthn 
 · GitHub\n14.	RP operations: some extension processing may assume that th
 e encompassing signature is valid · Issue #1711 · w3c/webauthn · GitHub
 \n15.	Split RP ops "Registering a new credential" into one with and one wi
 thout attestation · Issue #1710 · w3c/webauthn (github.com)\n16.	Switch 
 to permissive copyright license? · Issue #1705 · w3c/webauthn (github.co
 m)\n17.	Platform Errors for attestations. · Issue #1697 · w3c/webauthn (
 github.com)\n18.	Should an RP be able to provide finer grained authenticat
 or filtering in attestation options? · Issue #1688 · w3c/webauthn (githu
 b.com)\n19.	Lookup Credential Source by Credential ID Algorithm returns se
 nsitive data such as the credential private key · Issue #1678 · w3c/weba
 uthn · GitHub\n20.	Synced Credentials · Issue #1665 · w3c/webauthn · G
 itHub\n21.	Cross-origin credential creation in iframes · Issue #1656 · w
 3c/webauthn (github.com)\n22.	Trailing position of metadata · Issue #1646
  · w3c/webauthn (github.com)\n23.	[Editorial] Truncation description inac
 curate · Issue #1645 · w3c/webauthn (github.com)\n24.	Mechanism for enco
 ding *direction* metadata may need more work · Issue #1644 · w3c/webauth
 n (github.com)\n25.	Use of in-field metadata not preferred · Issue #1643 
 · w3c/webauthn (github.com)\n26.	Unicode "tag" characters are deprecated 
 for language tagging · Issue #1642 · w3c/webauthn (github.com)\n27.	U+ n
 otation incorrect · Issue #1641 · w3c/webauthn (github.com)\n28.	Syncing
  Platform Keys\, Recoverability and Security levels · Issue #1640 · w3c/
 webauthn (github.com)\n29.	Possible experiences in a future WebAuthn · Is
 sue #1637 · w3c/webauthn (github.com)\n30.	reference CTAP2.1 PS spec and 
 fix broken link · Issue #1635 · w3c/webauthn (github.com)\n31.	Missing T
 est Vectors · Issue #1633 · w3c/webauthn (github.com)\n32.	CollectedClie
 ntData.crossOrigin default value and whether it is required · Issue #1631
  · w3c/webauthn (github.com)\n33.	Support for remote desktops · Issue #1
 577 · w3c/webauthn (github.com)\n34.	Prevent browsers from deleting crede
 ntials that the RP wanted to be server-side · Issue #1569 · w3c/webauthn
  (github.com)\n35.	Support a "create or get [or replace]" credential re-as
 sociation operation · Issue #1568 · w3c/webauthn (github.com)\n36.	Addin
 g info about HSTS for the RPID to client Data. · Issue #1554 · w3c/webau
 thn (github.com)\n37.	Making PublicKeyCredentialDescriptor.transports mand
 atory · Issue #1522 · w3c/webauthn (github.com)\n38.	cleanup <pre class=
 anchors> and use <pre class="link-defaults"> as appropriate · Issue #1489
  · w3c/webauthn (github.com)\n39.	Regarding the issue of Credential ID ex
 posure(13.5.6)\, from what perspective should RP compare RK and NRK and wh
 ich should be adopted? · Issue #1484 · w3c/webauthn (github.com)\n40.	Ad
 ding info about HSTS for the RPID to client Data. · Issue #1554 · w3c/we
 bauthn (github.com)\n41.	Requesting properties of created credentials. · 
 Issue #1449 · w3c/webauthn (github.com)\n42.	More explicitly document use
  cases · Issue #1389 · w3c/webauthn (github.com)\n43.	Addition of a netw
 ork transport · Issue #1381 · w3c/webauthn (github.com)\n44.	Minor clean
 ups from PR 1270 review · Issue #1291 · w3c/webauthn (github.com)\n45.	C
 learly define the way how RP handles the extensions · Issue #1258 · w3c/
 webauthn (github.com)\n46.	add feature detection blurb... · Issue #1208 
 · w3c/webauthn (github.com)\n47.	think about adding note wrt how client p
 latform might obtain authenticator capabilities · Issue #1207 · w3c/weba
 uthn (github.com)\n48.	Update name\, displayname and icon for RP and user 
 · Issue #1200 · w3c/webauthn (github.com)\n49.	export definitions? · Is
 sue #1049 · w3c/webauthn (github.com)\n50.	ReIssues · w3c/webauthn (gith
 ub.com)covering from Device Loss · Issue #931 · w3c/webauthn (github.com
 )\n51.	undefined terms and terms we really ought to define · Issue #462 
 · w3c/webauthn (github.com)\n\nIssues · w3c/webauthn · GitHub\n1.	Publi
 cKeyCredentialJSON is an invalid WebIDL construct · Issue #1958 · w3c/we
 bauthn (github.com)\n2.	[[preventSilentAccess]] seems incorrect · Issue #
 1956 · w3c/webauthn (github.com)\n3.	make username fields optional (do no
 t delete them\, but do not force their usage\, either\, which is hostile a
 gainst usernameless services) · Issue #1942 · w3c/webauthn (github.com)\
 n4.	The default value of `attestation` member in `PublicKeyCredentialReque
 stOptions` should be null or must not have default value · Issue #1941 ·
  w3c/webauthn (github.com)\n5.	Remove isPPAA() and expand getClientCapabil
 ities() · Issue #1937 · w3c/webauthn (github.com)\n6.	Indicate that the 
 credential could be backed up and restored\, but not synchronized · Issue
  #1933 · w3c/webauthn (github.com)\n7.	Adding some sentences to describe 
 credential sharing between multiple users · Issue #1921 · w3c/webauthn (
 github.com) \n8.	Misaligned steps in Section 7.2 · Issue #1913 · w3c/web
 authn (github.com)\n9.	Clarify browser behavior when an authenticators ret
 urn equivalent of "InvalidStateError" · Issue #1888 · w3c/webauthn (gith
 ub.com)\n10.	Clarify how to differentiate between exceptions · Issue #185
 9 · w3c/webauthn (github.com)\n11.	Clarify the need for truly randomly ge
 nerated challenges (aka challenge callback issue) · Issue #1856 · w3c/we
 bauthn (github.com)\n12.	Allow conditional and modal flows to run simultan
 eously · Issue #1854 · w3c/webauthn (github.com)\n13.	"android-key" and 
 "android-safetynet" are really basic attestation type support? · Issue #1
 819 · w3c/webauthn (github.com)\n14.	Dependencies section is out of date 
 and duplicates terms index · Issue #1797 · w3c/webauthn (github.com)\n15
 .	Enterprise attestaion is a bool in WebAuthn and an Int in CTAP2.1 · Iss
 ue #1795 · w3c/webauthn (github.com)\n16.	Better specify what an unknown 
 type credential descriptor being ignored means · Issue #1748 · w3c/webau
 thn (github.com)\n17.	Spec abstract is out of date on the eve of multi-dev
 ice credentials and cross-device auth · Issue #1743 · w3c/webauthn (gith
 ub.com)\n18.	Cross origin authentication without iframes (accommodating SP
 C in WebAuthn) · Issue #1667 · w3c/webauthn · GitHub\n\n  \n4.   Other 
 open issues\n5.   Adjourn
STATUS:CONFIRMED
CREATED:20230612T173940Z
LAST-MODIFIED:20230911T055439Z
SEQUENCE:1
ORGANIZER;CN=W3C Calendar;PARTSTAT=ACCEPTED;ROLE=NON-PARTICIPANT:mailto:nor
 eply@w3.org
ATTENDEE;CUTYPE=GROUP;ROLE=OPT-PARTICIPANT;RSVP=FALSE;CN=Web Authentication
  Working Group:mailto:public-webauthn@w3.org
LOCATION:Giralda III\, Level -2
CATEGORIES:TPAC 2023,Group Meetings
END:VEVENT
END:VCALENDAR