16:51:10 RRSAgent has joined #webauthn 16:51:10 logging to http://www.w3.org/2017/03/15-webauthn-irc 16:51:12 RRSAgent, make logs public 16:51:12 Zakim has joined #webauthn 16:51:14 Zakim, this will be 16:51:14 I don't understand 'this will be', trackbot 16:51:15 Meeting: Web Authentication Working Group Teleconference 16:51:15 Date: 15 March 2017 16:57:24 rolf has joined #webauthn 16:59:23 present+ rbarnes, nadalin, weiler, rolf 16:59:35 present+ 16:59:52 present+ 17:01:29 agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Mar/0247.html 17:01:31 gmandyam has joined #webauthn 17:01:33 weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Mar/0247.html 17:01:46 present+ gmandyam 17:02:06 present+ jcj_moz 17:02:23 apowers has joined #webauthn 17:03:14 vgb has joined #webauthn 17:03:16 present+ JeffH 17:03:36 present+ 17:04:19 present+ 17:04:30 present+ 17:05:03 present+ christiaan 17:05:31 present+ alexei 17:06:14 scribenick: vgb 17:06:17 zakim, who is here? 17:06:17 Present: rbarnes, nadalin, weiler, rolf, wseltzer, battre, gmandyam, jcj_moz, JeffH, vgb, apowers, jyasskin, christiaan, alexei 17:06:19 On IRC I see vgb, apowers, gmandyam, rolf, Zakim, RRSAgent, weiler, jyasskin, wseltzer, jcj_moz, trackbot, mkwst, adrianba, slightlyoff, jochen___, battre 17:06:39 alexei-goog has joined #webauthn 17:06:55 tony: review PRs. Start with #344 17:07:21 present+ 17:07:31 Kim: just made changes to address last comments, ready now 17:07:38 JeffH: will approve shortly 17:07:50 tony: #348 17:08:06 ... still some issues there 17:08:09 present+ kpaulh 17:08:27 jcj_moz: waiting for new commits from Angelo 17:08:39 Tony: #375 17:09:00 JeffH: still working on understanding feedback 17:09:05 ... this is not a rush 17:09:53 JeffH: #377 is fixing bugs per review in collaboration with jyasskin 17:10:10 jyasskin: ok with me 17:10:28 jcj_moz: will review this later today 17:11:02 Tony: #378 17:11:18 vgb: Had some comments, waiting for Angelo 17:11:37 ... #379 is the same status 17:11:57 kpaulh has joined #webauthn 17:13:28 Rolf: #381 is cleanup of DAA parts. Please review 17:13:35 present+ kpaulh 17:13:39 vgb and jeffh: will do today 17:14:11 alexei-goog: would like to hear from Kim about the cancel issue 17:14:16 selfissued has joined #webauthn 17:14:35 present+ jfontana 17:14:46 present+ selfissued 17:14:48 rbarnes has joined #webauthn 17:14:52 present+ 17:15:01 present+ Ketan 17:15:12 ... many pages do complex things without navigating 17:16:14 ... in this type of situation, the page may want to cancel operations on such a non-navigation page change 17:17:28 kpaulh: added this use case to the issue 17:18:02 ... agree that browser-level changes could be handled by the browser not by the page 17:19:18 webauthn has joined #webauthn 17:19:39 kpaulh: talked to jyasskin earlier about whether promises could be cancellable 17:19:51 http://memedad.com/memes/1131466.jpg 17:20:24 ... fetch is creating an abort operation that can be initiated by a cancellation handle 17:21:13 jyasskin: this is part of a larger rethink about adding cancellation to promises (or a pattern achieving the same effect) 17:22:46 ... we should study what fetch is doing 17:23:09 https://goo.gl/photos/SssLA8aPR8EJQXQp7 17:23:25 rbarnes: *nice*! 17:23:59 jeffh: that seems like it would add a lot of machinery 17:24:32 kpaulh: still kicking this around - is the use case real enough to justify this complexity 17:25:18 tony: should move faster on ctap-affecting issues 17:25:29 ... so we don't slow progress on that spec 17:26:38 rrsagent, draft minutes 17:26:38 I have made the request to generate http://www.w3.org/2017/03/15-webauthn-minutes.html weiler 17:26:45 vgb: of the tagged issues, is #366 the big one? 17:26:49 rrsagent, make logs public 17:26:56 tony: may be more, this is just what we have identified so far. 17:27:19 chair: nadalin, rbarnes 17:27:22 ... should go through and tag any others we see 17:28:41 selfissued: about #366, COSE is almost ready and should be used 17:29:29 vgb: seems to be a lot of optional fields, should we define a profile? 17:29:39 selfissued: yes, we could 17:30:44 apowers: will off-the shelf parsers work with COSE? things like negative indexes in there. 17:31:05 selfissued: those are explicitly allowed, it's all valid CBOR and should just work 17:33:17 ... RSA draft is on the fast track in IETF and should be ready for last call in Chicago later this month. 17:34:32 ... if CTAP takes a dependency that will help argue for hurrying it up 17:35:20 zakim, list participants 17:35:20 As of this point the attendees have been rbarnes, nadalin, weiler, rolf, wseltzer, battre, gmandyam, jcj_moz, JeffH, vgb, apowers, jyasskin, christiaan, alexei, alexei-goog, 17:35:23 ... kpaulh, jfontana, selfissued, Ketan 17:35:27 rrsagent, draft minutes 17:35:27 I have made the request to generate http://www.w3.org/2017/03/15-webauthn-minutes.html weiler 17:36:00 tony: there is also #362 17:37:21 vgb: should this be a CTAP issue? 17:37:41 ... from the pov of the wire protocol it's just a bunch of bits 17:38:28 ... it is the application above webauthn that cares 17:40:17 tony: issue #270. more about extensions, which are still hanging. what should we do? 17:40:48 selfissued: will look at this after finishing IETF tasks 17:43:06 tony: will still need to figure out where we want to go with extensions. not a lot of support from browser vendors for these in initial implementations, so should we hold up the core spec for them? 17:43:48 selfissued: as long as we agree on the overall extension semantics, which specific extensions are supported is not important 17:44:25 jeffh: extensions discussion is worse than california traffic 17:46:52 alexei-goog: can we define extensions in the spec as a separable unit, and punt the discussion on whether to keep or remove? 17:47:09 jeffh: that's how it is today 17:47:57 ... in agreement that this is not the most burning issue 17:48:42 tony: credential mgmt issue. we heard mkwst's view but not yet any follow up on the list 17:48:56 jeffh: have some thoughts 17:49:03 (Assuming I understand his suggestion correctly) - agree with alexei-goog, re: extensions 17:49:12 jyasskin: believe there is a design proposal in progress 17:49:34 jeffh: mkwst was hoping to get out a proposal before the call, so should be imminent 17:49:46 ... he sent a note to the webappsec list 17:50:04 weiler has joined #webauthn 17:50:12 domenic: have written a draft but should be able to share by end of week 17:50:19 I'll use IRC 17:50:28 we have a draft that Mike wants to take another look tomorrow 17:50:47 should have something to share tomorrow or on Friday 17:50:54 17:51:08 Sounds good 17:51:22 Re; credman - never received an answer to my question on the mailing list, https://lists.w3.org/Archives/Public/public-webauthn/2017Mar/0157.html 17:51:33 tony: will put it on the agenda for next week, hope mkwst can attend 17:51:35 I don't know. I hope so 17:51:57 rrsagent, draft minutes 17:51:57 I have made the request to generate http://www.w3.org/2017/03/15-webauthn-minutes.html weiler 17:53:27 On the topic of strange things outside Google offices: http://boingboing.net/2014/07/25/on-google-campus-a-dinosaur-i.html 17:54:06 present- 18:02:36 weiler has joined #webauthn 18:03:45 trackbot, end meeting 18:03:45 Zakim, list attendees 18:03:45 As of this point the attendees have been rbarnes, nadalin, weiler, rolf, wseltzer, battre, gmandyam, jcj_moz, JeffH, vgb, apowers, jyasskin, christiaan, alexei, alexei-goog, 18:03:48 ... kpaulh, jfontana, selfissued, Ketan 18:03:53 RRSAgent, please draft minutes 18:03:53 I have made the request to generate http://www.w3.org/2017/03/15-webauthn-minutes.html trackbot 18:03:54 RRSAgent, bye 18:03:54 I see no action items