13:03:20 RRSAgent has joined #hb-secure-services 13:03:20 logging to http://www.w3.org/2016/06/01-hb-secure-services-irc 13:03:23 Zakim has joined #hb-secure-services 13:16:16 wseltzer has changed the topic to: HB-Secure Services call 1400 UTC June 1, https://lists.w3.org/Archives/Public/public-hb-secure-services/2016May/0011.html 13:16:19 Agenda: https://lists.w3.org/Archives/Public/public-hb-secure-services/2016May/0011.html 13:57:53 colin has joined #hb-secure-services 14:00:38 phofmanntsy has joined #hb-secure-services 14:01:26 present+ wseltzer 14:01:50 virginie has joined #hb-secure-services 14:01:58 acouvert has joined #hb-secure-services 14:01:59 hi all, call is starting :) 14:02:10 present+ virginie, acouvert 14:02:12 hello everyone 14:02:54 zakim, who is here? 14:02:54 Present: wseltzer, virginie, acouvert 14:02:56 On IRC I see acouvert, virginie, phofmanntsy, colin, Zakim, RRSAgent, schuki_, wseltzer 14:03:16 present+ phofmanntsy 14:03:17 Sebastien has joined #hb-secure-services 14:03:59 present+ rigo 14:04:00 rigo has joined #hb-secure-services 14:04:05 present+ colin 14:04:23 present+ bruno 14:04:37 present+ Sebastien 14:05:03 present+ opotonnier 14:05:13 present+ Ketan 14:06:11 agenda? 14:06:12 mzwolinski has joined #hb-secure-services 14:06:49 Ketan has joined #hb-secure-services 14:06:50 agenda+ Welcome and introduction 14:06:54 brunoj has joined #hb-secure-services 14:07:12 agenda+ CG objective reminder 14:07:26 agenda+ Review of Morpho’s contribution (see https://rawgit.com/w3c/websec/gh-pages/hbss.html) 14:07:49 agenda+ Discussing use case description 14:08:02 agenda+ Discussing technical proposal 14:08:18 zakim, who is here? 14:08:18 Present: wseltzer, virginie, acouvert, phofmanntsy, rigo, colin, bruno, Sebastien, opotonnier, Ketan 14:08:19 zakim, who is here ? 14:08:21 On IRC I see brunoj, Ketan, mzwolinski, rigo, Sebastien, acouvert, virginie, phofmanntsy, colin, Zakim, RRSAgent, schuki_, wseltzer 14:08:21 Present: wseltzer, virginie, acouvert, phofmanntsy, rigo, colin, bruno, Sebastien, opotonnier, Ketan 14:08:21 On IRC I see brunoj, Ketan, mzwolinski, rigo, Sebastien, acouvert, virginie, phofmanntsy, colin, Zakim, RRSAgent, schuki_, wseltzer 14:08:52 Peter Hofmann 14:09:00 present+ mzwolinski 14:09:22 agenda ? 14:09:35 zakim, take up agendum 1 14:09:36 agendum 1. "Welcome and introduction" taken up [from virginie] 14:10:28 opoto has joined #hb-secure-services 14:10:44 Laurent_ has joined #hb-secure-services 14:11:05 present+ Laurent 14:11:33 zakim, take up next agendum 14:11:33 agendum 2. "CG objective reminder" taken up [from virginie] 14:11:46 present+ opoto 14:12:28 virginie: goal of this CG is to demonstrate the value of using hardware-provided secure services for the Web 14:12:46 ... aim to be quick, to spark conversations with user-agent-implementers 14:12:57 ... in order to bring proposal to W3C 14:13:06 ... timeline, a few months 14:13:26 virginie: documentation and prototyping/demonstration 14:13:48 zakim, take up next agendum 14:13:48 agendum 3. "Review of Morpho’s contribution (see https://rawgit.com/w3c/websec/gh-pages/hbss.html)" taken up [from virginie] 14:14:23 virginie: Sebastien sent draft to list 14:14:48 -> https://rawgit.com/w3c/websec/gh-pages/hbss.html Sebastien's draft Hardware Based Secure Services Report 14:14:57 The draft is here : https://rawgit.com/w3c/websec/gh-pages/hbss.html 14:14:59 Sebastien: review the high-level table of contents 14:15:19 ... this is a draft to kick off conversation 14:16:05 ... Terminology; Problem Statement; Use Cases 14:17:02 ... Problem statment: key access, management, user verification 14:17:20 ... API design 14:17:41 ... at high-level, key usage, and secure credential storage and management. 14:18:07 ... Architectures and security requirements 14:19:12 virginie: thanks Sebastien! I sent some comments 14:19:52 ... use cases are important, to convince implementers there's value 14:20:03 ... questions? 14:21:19 virginie: are we going to describe scenarios where smartcard or trusted UI is used? 14:21:42 ... e.g. citizen identity, high-level? 14:21:54 ... or more detailed to secure transaction confirmation, key management? 14:22:12 Sebastien: possibly both 14:22:27 ... e.g., Estonian citizen who wants to sign documents, needs to prove identity, make signature 14:22:46 ... then propose use transaction confirmation as alternative 14:22:51 ... to achieve functional goal 14:24:23 Sebastien: if we want to add transportation, e-health, people should give input on the use cases 14:24:46 virginie: I'll ping Deutsche Telekom on transportation 14:25:13 ... remove topics on which there's no contribution (for the moment) 14:25:51 colin has joined #hb-secure-services 14:26:52 virginie: a short paragraph on how secure transaction confirmation and secure credential storage support those use cases 14:26:56 ... then move on to API 14:27:08 mr has joined #hb-secure-services 14:28:26 opoto has left #hb-secure-services 14:28:46 virginie: did we say we'd cover device authentication? 14:29:00 Sebastien: Visa requested for online payments 14:29:11 ... instead of explicit end-user authentication 14:30:13 virginie: I was expecting an API for transaction confirmation; an API for using and storing keys 14:30:42 Sebastien: so for signature, do we say "rely on webcrypto, with additional support"? 14:30:44 q+ 14:30:57 rrsagent, draft minutes 14:30:57 I have made the request to generate http://www.w3.org/2016/06/01-hb-secure-services-minutes.html wseltzer 14:31:29 opoto: we can reuse webcrypto with additional notion of a crypto provider 14:31:31 q+ 14:31:37 ack brunoj 14:31:53 brunoj: hardware backing on webcrypto would answer 80-90% of use cases 14:32:11 ... is that an acceptable option? 14:32:52 ... that would be valuable 14:33:23 virginie: that proposal could be made to W3C, either to extend WebCrypto or in a new WG 14:33:26 ack rigo 14:35:30 rigo: issue of unscoped token 14:36:38 colin_ has joined #hb-secure-services 14:36:42 rigo: We shouldn't preclude too many things. CGs are made to explore. We will find new issues running down the generic use cases, find that imagined issues aren't as dramatic and perhaps add needed futures (scope of tokens) 14:36:59 RRSAgent, please draft minutes 14:36:59 I have made the request to generate http://www.w3.org/2016/06/01-hb-secure-services-minutes.html rigo 14:39:03 sebastion: scope could be within the key itself to avoid relying on browser implementation 14:39:57 https://www.w3.org/TR/webauthn/ 14:40:03 in web authentication : scoped is aused here : https://w3c.github.io/webauthn/#iface-credentialInfo 14:40:41 sebastien: proposition to rely upon existing keys with scoping enforced by browsers 14:41:02 https://www.w3.org/TR/2016/WD-webauthn-20160531/#scopedcredentialinfo ? 14:41:10 [[ Scoped credentials are always scoped to a single WebAuthn Relying Party. ]] 14:41:27 https://w3c.github.io/webauthn/#use-cases 14:46:00 virginie: work to propose amendment to webcrypto that supports storing a scoped key in hardware 14:46:03 colin has joined #hb-secure-services 14:50:57 scribenick : virginie 14:51:29 bruno : how do you select the key in the TEE or Secure Element ? how will be managed the choice ? any naming rule ? 14:51:47 sebastien : do you mean pre-filterning the type of SE that may be used ? 14:51:51 bruno : yes 14:52:06 bruno : and usually there is only one credential 14:52:33 sebastien : filtering is also about being able to discover what is inside the providers 14:53:07 sebastien : proposal is not to allow to select by the user, it is more about the authority that will help making choice 14:53:54 q+ 14:54:11 bruno : thinking about the already enrolled credentials in the web part 14:54:39 bruno : discovering can be risky, but the discovery could be made by OS and/or by browser 14:55:08 bruno : in current implem, you can select at browser level the type of video/camero you want to use 14:55:43 sebastien : yes, and video is not a sensitive value, whereas, secure element and sensitive application may be more complex to handle 14:56:05 sebastien : discovering by a simple service request, has to be protected 14:56:38 rigo : an API must not deal with User Interface, the web app will handle it 14:57:36 rigo : about the naming, ig you find id in the web, you can always turn them into URIs, so, we should be cerfull allowing any web app scanning key presence without user consent 14:57:46 q+ 14:57:48 s/cerfull/carefull 14:57:56 ack ri 14:58:29 q- 14:59:27 option 1 : the user select the key, option 2 : the user pre-defines a choice that the borwser owns, option 3 : the certification authority is the main trigger to elect the right key 15:01:13 it is discussed that the borwser first filter based on CA, and at the end of the day, the user will have to be aware that this is happening 15:01:38 key discovery is certainly a fingerprinting issue 15:03:28 q+ 15:03:33 q- 15:05:06 sebastien : about the digital sinature, we will have to sign the document without displaying it to the user 15:05:41 sebastien : thus, it will be the choice of the service provider to accept the signature with some non-repudiation data 15:06:20 sebastien : there should have some nested operation, such as signing document, then signing the message, and checking both are valid 15:06:40 q+ 15:07:05 rigo : why document can not be presented in trusted UI 15:07:17 ack rig 15:07:36 sebastien : because Tusted UI has some capabilities which are limited 15:08:17 sébastien : thus we have to provide a complex document signature, but we have to add another step for the non-repudiation 15:08:38 sébastien : we need to provide something that is understood by the end user 15:15:02 q+ 15:15:18 rigo : feel there is a limitation in stating that a large or complex document can not be used in a Trusted UI, and this is not suitable to the web spirit 15:15:55 sebastien : but the garantee that the user confirm the content has to take into account the accessibility, the capability of the user to actually check every bit of the docu, including the images 15:16:26 rigo : we should define an intermediate levl where we can garantee that there is a 'some' security in the digital signature 15:16:43 to rigo, please check I correclty reported your statement :) 15:17:36 sébastien : the trusted Ui should not rely on the browser, but on the system underlying (TEE or operating system, or whatever is able to provide some secure display) 15:17:56 s/whatever/whatever or a middleware 15:18:01 q- 15:19:30 virginie : lets comment the chapter 5 15:19:49 sébastien : this is description of the different elements that will be involved into that solution 15:20:29 sébastien : there are some parts touching the browser, parts touching the operating system, each of them having their caracteristics (Windows and android hving different security models) 15:20:49 sébastien : it is a decsription of the security requirements 15:23:16 ok for me 15:23:33 +1 15:23:33 +1 15:23:35 -1 very difficult that week 15:23:37 +1 15:23:52 colin has joined #hb-secure-services 15:26:17 https://www.w3.org/community/hb-secure-services/participants 15:27:53 virginie: next meeting June 15 15:28:03 [adjourned] 15:28:10 zakim, list attendees 15:28:10 As of this point the attendees have been wseltzer, virginie, acouvert, phofmanntsy, rigo, colin, bruno, Sebastien, opotonnier, Ketan, mzwolinski, Laurent 15:28:17 rrsagent, make logs public 15:28:21 rrsagent, draft minutes 15:28:21 I have made the request to generate http://www.w3.org/2016/06/01-hb-secure-services-minutes.html wseltzer 16:18:08 mzwolinski has joined #hb-secure-services 16:18:54 mzwolinski has left #hb-secure-services 16:54:23 phofmanntsy has joined #hb-secure-services 17:13:12 phofmanntsy has joined #hb-secure-services