See also: IRC log
<wseltzer> trackbot, start teleconf
<trackbot> Sorry, but no Tracker is associated with this channel.
Mike Jones here
<wseltzer> todd_albers: Federal Reserve
<hhalpin> or Mike Jones?
You're welcome
<wseltzer> scribenick: selfissued
<hhalpin> chair: Nadalin
Wendy: We were discussing whether
all the work belongs in one document or even whether it all
belongs in one working group
... We chartered to do the three pieces of work - members
approved this work package
... The submitters thought that the pieces were logically
related
<JeffH> could who is typing loud mute mic ?
Wendy: My preference is to keep working on all of them here
Alexei: Giving background - All
started when I and Vijay looked at the spec
... Asked whether stuff that hardward vendors would be
implementing belongs in a W3C spec
... Asking whether the current structure makes sense. Has
struck a chord with some people. I'm fine with it as is.
Sampath: Some of attestation text doesn't belong in this document - such as Android-specific text
Vijay: Will send out a PR this
week to move the attestation into an appendix
... Then we can talk about whether the appendix should remain
in the document or not
Wendy: That treatment makes sense to me
<hhalpin> Or we could just do separate docs, but an appendix is fine w/i me.
Fine with several others
Rolf: What should stay in the original document then?
<wseltzer> selfissued: I believe what we'd be moving to appendix is still necessary for interop
<wseltzer> ... ok moving it, but it's still normative
Mike: The attestation format is necessary for interop
<JeffH> selfissued: the attestation stuff is necessary for interop....
Vijay: The preamble is about a
conforming user agent
... Stuff about authenticators can then be in an appendix
Sergei: A conforming user agent doesn't need to understand the signature format either
Wendy: It might not all fit under the same preamble but W3C specs can talk about things other than just user agents
<wseltzer> selfissued: I'd rather change the preamble than deprecate some normative text
<JeffH> selfissued == mike jones :)_
Sampath: There will only be a handful of attestation types
Vijay: I want to move things that
matter to the UA and parts that matter to the authenticator and
put them in different sections
... I want to keep the signature format in
Jeff: I'm fine with Vijay's suggestion
<wseltzer> JeffH: keep it in one document while we're normalizing the terminology
<wseltzer> selfissued: I agree that editorially, things for different audiences should be in different sections
<wseltzer> ... disagree with putting some things into an appendix, since the parts for authenticators are also normative
<Hubert-PayPal> Agree with selfissued
<wseltzer> ... none of the audiences (authenticators, servers, user agents) is less important than the others
<wseltzer> ... so shouldn't be put in appendix
<JeffH> i nominally agree with mike/selfissued tho am fine to entertain reviewing proposals such as Vijay's
<hhalpin> the appendix is a short-term measure for temrinological consistency, i.e. when we have non-FIDO folks try to implement, then we can see how folks who are on authenticator-facing teams and server-facing teams prefer the docs laid out and if they can actually implement.
<hhalpin> Or if they need more docs etc.
<hhalpin> and how to best structure those docs.
Are you seeing me now?
<vgb> yes, mike
<JeffH> yes
<wseltzer> alexei-goog: I agree with both Vijay and Mike. Happy to put it into an "Authenticator" section
Mike: I'm good with sections being for different audiences being in different sections but it's all essential normative text
Tony: I agree with Mike
... We can actually refer to the attestations we want people to
use with external references or inline
... We have a charter to follow which includes attestations
<JeffH> i tend to agree with Mike, tho am fine with entertaining proposals -- we don't merge to master until we have consensus....
Rolf: Sometimes it's not
sufficient to refer to an external standard
... You need to say *how* you're using the external spec
... Such as how to use the TPM spec
Tony: There are things that need to stay in the WebAuthN doc - including how to use attestations
<JeffH> +1 to Rolf
Rolf: The W3C doc needs to say, for instance, how we're using the TPM spec
+1 to Rolf
Mike: Can we confirm that nothing is being moved into an appendix?
<Rolf> +1
Vijay: I will send out a PR that will be reviewed
<wseltzer> JeffH: No pull request will be merged to master without group consensus
Tony: Let's see what the PR requests says
<wseltzer> selfissued: If it includes "section," I'll propose changing it to a section
Tony: We've had action lately in
the repository
... JC did his terminology section
Vijay: We have 5 open issues - 1
terminology
... JC has created follow-on issues
<wseltzer> https://github.com/w3c/webauthn/issues
Vijay: None of this should block
FPWD
... Vijay is looking at feedback from the TAG
... Feedback on images at multiple resolutions
... Not clear to Vijay that this is widely implemented or
used
... There was a question about whether we should move to the
arrayBuffer types
... There was one about whether we should converge with
Credential ID
... A Credential ID is a USB string
... These two things are in conflict
... Vijay will start an email thread about this
... Finally, the TAG asked about eTLD+1
... We need to get back to the TAG on eTLD+1
... Do people feel that if we address these things, we'll be
ready for FPWD in Berlin?
Jeff: Yes
JC: I also agree
<jcj_moz> ack
Tony: I'd like to close that
one
... Issue 50
... According to Vijay we're still in a good shape for FPWD in
Berlin
We're down to 4 open issues after closing the terminology issue
scribe: We definitely need to get the structure of the document settled before we put it out
Tony: I have to depart - Wendy will take over
Wendy: Let's take up the glossary and terms discussion
<hhalpin> I think that *depends* on the amount of terminology
<wseltzer> 
Mike: It's normal to put terminolgy up front before you use the terms
<wseltzer> https://w3c.github.io/webauthn/#terminology
JC: The terms are hyperlinked
<hhalpin> So far its quite small
Wendy: Is there additional terminology to define
Felipe: I added a comment with a
longer list of terms
... I tried to include everything unusual that people would
need to know as a prerequisite
Hubert: There is a reference to
account creation - this likely is not correct
... This probably should be "registration"
Jeff: Yes
<wseltzer> https://github.com/w3c/webauthn/issues/50#issuecomment-206624812
The above is Felipe's comment
<hhalpin> Index
<hhalpin> JSON Web Keys -> WebCrypto
Harry: The terminology section needs a review, including the index
<hhalpin> I've done a random sample but not the whole thing
<hhalpin> i.e. the index is more important really than the 'terminology' section re implementers
Alexei: There are inconsistencies in the terminogy usage
<wseltzer> Felipe's issue re: consistency
<hhalpin> IDL type is only defined in WebCrypto
Vijay: The JWK reference is intentional
<hhalpin> i.e. just an inline note on what part of WebCrypto we are referring to (i.e. the IDL) given the whole spec is rather larger
Vijay: Find the issue and send a
PR
... That's the best thing to do
Wendy: Yes, please!
... GitHub makes sure that others take a look
<wseltzer> https://github.com/w3c/webauthn/issues?q=is%3Aissue+is%3Aopen+label%3Apriority%3Ahigh
<wseltzer> JeffH: We already reviewd the FPWD milestones
Jeff: Are those that Tony labelled SPWD that people think should be FPWD?
Vijay: There are 4 SPWD issues with priority high
Issue 25: Server challenge timeout
<trackbot> Sorry, but no Tracker is associated with this channel.
<wseltzer> https://github.com/w3c/webauthn/issues/25
Vijay: The problem is that the
authenticator manages to create the key but doesn't manage to
respond in time for the registration to happen
... Then there is an orphaned structure
... Deal with orphaned keys
... I think this is a second-level thing we don't have to get
right for FPWD
Jeff: That's fine with me
<wseltzer> https://github.com/w3c/webauthn/issues/26
Vijay: I don't see this as being a FPWD problem
<wseltzer> JeffH: put 26 on the Berlin agenda
Jeff: Agree, but we should have it on the agenda for Berlin
<wseltzer> https://github.com/w3c/webauthn/issues/37
Vijay: Rolf has text that could
be added to the attestation description
... Feels like something that isn't essential for FPWD
... The goal of FPWD is "Do we have the right things in here" -
not whether they're perfectly described
Jeff: Status OKToDo - If easy, someone could just do it
Rolf: These changes will not create any merge conflicts
<hhalpin> Should be fine either way really
Vijay: I'll just merge this in
<wseltzer> https://github.com/w3c/webauthn/issues/38
Vijay: Final is #38 about
Credential.RPCurrency assumed to be RP unique
... Assumes that Credential ID is unique across
authenticators
... It's worth having the discussion and trying to close it
before Berlin
This is architectural - not editorial
Mike: This needs to be FPWD - not second
Alexei: Most people agree that that the credential ID needs to be unique
Rolf: Nothing wrong with that assumption - but it must be explicit - not implicit
Mike: +1
Vijay: Agree that Credential ID
can be unique
... Will send a PR saying that it's unique
<JeffH> jeffh: +1
Vijay: If poeple agree, we can merge it and be done
Thanks, Vijay!
Wendy: Would it be useful to have a label to indicate that something is ready for WG discussion?
Vijay: Instead, just send e-mail about it
I'd rather have e-mail than tags
<JeffH> +1 vijay
<jcj_moz> +2
+1
Vijay: Both end up creating a persistent record in the future
<wseltzer> see, e.g. https://lists.w3.org/Archives/Public/public-webauthn/2016Apr/
<hhalpin> https://lists.w3.org/Archives/Public/public-webauthn/2016Apr/0045.html
Wendy: No other business
<hhalpin> Meeting adjourned
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/appendix/section/ Succeeded: s/Filipe/Felipe/ Succeeded: s/selfissued_/selfissued/G Found ScribeNick: selfissued Inferring Scribes: selfissued Default Present: wseltzer, jcj_moz, felipe_bbg, vgb, alexei-goog, JeffH, Rolf, Hubert-PayPal, hhalpin, todd_albers, adamkcooper, selfissued, (IRC Present: wseltzer jcj_moz felipe_bbg vgb alexei-goog JeffH Rolf Hubert-PayPal hhalpin todd_albers adamkcooper (IRC only) Sam Regrets: rbarnes Got date from IRC log name: 13 Apr 2016 Guessing minutes URL: http://www.w3.org/2016/04/13-webauthn-minutes.html People with action items:[End of scribe.perl diagnostic output]