See also: IRC log
<wseltzer> present=
<rbarnes> heh, i was about to make the same request
<rbarnes> anyone know why w3.org is down?
<apowers> https://mit.webex.com/mit/j.php?MTID=m5efd2927c573e7748740d42055207a28
<wseltzer> scribenick: selfissued
There has been activity with JC and Jeff and Vijay tweaking some aspects of the spec
We are talking about departing from the WebAppSec credential interface
Vijay: We no longer think that alignment makes sense
Jeff: I haven't reviewed this
yet
... Mike West told Jeff that they should talk
Mike West is based in Munich
He might be able to come talk to us during IETF in Berlin in 2 weeks
There's a bunch of stuff in the HTTP working group on cookies
These are subtle issues. Tony would rather not close this without input from him.
Vijay wants to not pollute the global namespace
Jeff: Is there a document to reference for namespace usage guidance?
Richard: Other things that provide device access, such as gelocation, are in the navigator namespace
Jeff: We should get this written down. We have a wide audience for this spec.
Vijay: It would be good to not
have two interfaces that talk about credentials that do
different things
... We had a debate a while ago about what the credential type
does
... It's essentially a signature format
Jeff will propose a new name
<JeffH> s/Jeff/JeffH/ :)
<wseltzer> https://github.com/w3c/webauthn/issues/107
Talking about issue #107 - signature format doesn't cover both contexts
Issue #86
Do we want it to be possible for authenticators to not do attestation?
Rolf: Brought up "nullable
attestation"
... surrogate attestation is a self-signed object
<JeffH> surrogate attstn: https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-protocol-v1.0-ps-20141208.html#surrogate-basic-attestation
Rolf advocates supporting surrogate attestation
Jeff: You use the private key to sign
<apowers> one tangential point: note that the clientDataHash is stored in the attestation statement, so if you have null attestation the clientDataHash isn't signed / returned to the RP either
Rolf: A trust decision needs to be made about the authenticator
Discussions about what keys are used for what...
Vijay: You want to establish
proof of possession of the private key.
... What's the alternative proposal?
Rolf: Sign with a JSON key - not a certificate
There will be a proposal made over e-mail
Vijay: Want to look at issue 84
Create an options dictionary rather than having lots of options at the end
No objections
Vijay: Those things are Vijay's first tier
Richard: Vijay should ping JC
<JeffH> ...on-list :)
The scoped credential thing is on Jeff's list
Jeff is travelling for the week before IETF
Tony: Jeff had produced an IANA
draft
... We need to start putting that through the IETF process
Jeff: I need to revise it
... I will try to do this by Friday
We will meet next week but will skip the week of IETF
End of call
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) WARNING: Bad s/// command: s/Jeff/JeffH/ :) Found ScribeNick: selfissued Inferring Scribes: selfissued Present: wseltzer tonynad jeffh selfissued vgb apowers ketan weiler christiaan rbarnes RobTrace WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 06 Jul 2016 Guessing minutes URL: http://www.w3.org/2016/07/06-webauthn-minutes.html People with action items:[End of scribe.perl diagnostic output]